Solved

How to HTACESS ...

Posted on 2006-07-17
9
207 Views
Last Modified: 2010-08-05
Hello Guys,

this question is for my CEH course,
in my research i must to find how to open HTACESS from another hosts ?!
and how to protect it ?

thanks :)
0
Comment
Question by:tourajam
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
9 Comments
 
LVL 40

Expert Comment

by:noci
ID: 17126294
To open use a browser..... (what else..?)
Prevent access ... (what else?)

Homework... http://www.experts-exchange.com/Security/Linux_Security/help.jsp#hi130  (what else?)

Readup on apache webserver. maybe lookup the chapter about authorisation etc. using htaccess?
0
 
LVL 16

Expert Comment

by:xDamox
ID: 17128964
Hi,

The only way you can read .htaccess is if you SSH into the host and open it with a text editor. By default apache version 2
disables access to the .htaccess and .htpasswd by the following:

#
# The following lines prevent .htaccess and .htpasswd files from being
# viewed by Web clients.
#
<Files ~ "^\.ht">
    Order allow,deny
    Deny from all
</Files>

0
 

Author Comment

by:tourajam
ID: 17134683
how to bypass to read HTACESS ?
0
Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

 
LVL 16

Expert Comment

by:xDamox
ID: 17137181
Hi,

The only way to read the .htaccess is if you have SSH access to the webserver there is no way to bypass the
above rule which, denys access to the .htaccess and .htpasswd
0
 

Author Comment

by:tourajam
ID: 17137819
what about brute force ?
0
 
LVL 16

Expert Comment

by:xDamox
ID: 17137831
Hi,

No matter what you try you will always be denied access to the .htaccess and .htpasswd files via the web browser, the ONLY
method to access these two files is if your logged into the web server.
0
 

Author Comment

by:tourajam
ID: 17140452
i dont think so, not agree with you

http://www.team-e1.ch/admin

something like it, what i need to bypass, only EXPLOITS or Brute force or other materials !!!!
0
 
LVL 16

Accepted Solution

by:
xDamox earned 500 total points
ID: 17140629
>in my research i must to find how to open HTACESS from another hosts ?!
The apache configuration does not lie you CANNOT access the .htpasswd and .htaccess file!

>something like it, what i need to bypass, only EXPLOITS or Brute force or other materials !!!!
Bruteforce will just try guess the username/password it does not actually get the .htpasswd file!!

Conclusion
You cannot access the .htaccess and .htpasswd files via the web browser the ONLY way is to have access to the
machine via SSH or Telnet.
0
 

Author Comment

by:tourajam
ID: 17142612
ok ... Thank you
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

​Being a Managed Services Provider (MSP) has presented you  with challenges in the past— and by meeting those challenges you’ve reaped the rewards of success.  In 2014, challenges and rewards remain; but as the Internet and business environment evol…
BIND is the most widely used Name Server. A Name Server is the one that translates a site name to it's IP address. There is a new bug in BIND (https://kb.isc.org/article/AA-01272), affecting all versions of BIND 9 from BIND 9.1.0 (inclusive) thro…
In an interesting question (https://www.experts-exchange.com/questions/29008360/) here at Experts Exchange, a member asked how to split a single image into multiple images. The primary usage for this is to place many photographs on a flatbed scanner…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question