Solved

How to HTACESS ...

Posted on 2006-07-17
9
204 Views
Last Modified: 2010-08-05
Hello Guys,

this question is for my CEH course,
in my research i must to find how to open HTACESS from another hosts ?!
and how to protect it ?

thanks :)
0
Comment
Question by:tourajam
  • 4
  • 4
9 Comments
 
LVL 40

Expert Comment

by:noci
ID: 17126294
To open use a browser..... (what else..?)
Prevent access ... (what else?)

Homework... http://www.experts-exchange.com/Security/Linux_Security/help.jsp#hi130  (what else?)

Readup on apache webserver. maybe lookup the chapter about authorisation etc. using htaccess?
0
 
LVL 16

Expert Comment

by:xDamox
ID: 17128964
Hi,

The only way you can read .htaccess is if you SSH into the host and open it with a text editor. By default apache version 2
disables access to the .htaccess and .htpasswd by the following:

#
# The following lines prevent .htaccess and .htpasswd files from being
# viewed by Web clients.
#
<Files ~ "^\.ht">
    Order allow,deny
    Deny from all
</Files>

0
 

Author Comment

by:tourajam
ID: 17134683
how to bypass to read HTACESS ?
0
 
LVL 16

Expert Comment

by:xDamox
ID: 17137181
Hi,

The only way to read the .htaccess is if you have SSH access to the webserver there is no way to bypass the
above rule which, denys access to the .htaccess and .htpasswd
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 

Author Comment

by:tourajam
ID: 17137819
what about brute force ?
0
 
LVL 16

Expert Comment

by:xDamox
ID: 17137831
Hi,

No matter what you try you will always be denied access to the .htaccess and .htpasswd files via the web browser, the ONLY
method to access these two files is if your logged into the web server.
0
 

Author Comment

by:tourajam
ID: 17140452
i dont think so, not agree with you

http://www.team-e1.ch/admin

something like it, what i need to bypass, only EXPLOITS or Brute force or other materials !!!!
0
 
LVL 16

Accepted Solution

by:
xDamox earned 500 total points
ID: 17140629
>in my research i must to find how to open HTACESS from another hosts ?!
The apache configuration does not lie you CANNOT access the .htpasswd and .htaccess file!

>something like it, what i need to bypass, only EXPLOITS or Brute force or other materials !!!!
Bruteforce will just try guess the username/password it does not actually get the .htpasswd file!!

Conclusion
You cannot access the .htaccess and .htpasswd files via the web browser the ONLY way is to have access to the
machine via SSH or Telnet.
0
 

Author Comment

by:tourajam
ID: 17142612
ok ... Thank you
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

​Being a Managed Services Provider (MSP) has presented you  with challenges in the past— and by meeting those challenges you’ve reaped the rewards of success.  In 2014, challenges and rewards remain; but as the Internet and business environment evol…
BIND is the most widely used Name Server. A Name Server is the one that translates a site name to it's IP address. There is a new bug in BIND (https://kb.isc.org/article/AA-01272), affecting all versions of BIND 9 from BIND 9.1.0 (inclusive) thro…
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
Many functions in Excel can make decisions. The most simple of these is the IF function: it returns a value depending on whether a condition you describe is true or false. Once you get the hang of using the IF function, you will find it easier to us…

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now