Solved

How to HTACESS ...

Posted on 2006-07-17
9
203 Views
Last Modified: 2010-08-05
Hello Guys,

this question is for my CEH course,
in my research i must to find how to open HTACESS from another hosts ?!
and how to protect it ?

thanks :)
0
Comment
Question by:tourajam
  • 4
  • 4
9 Comments
 
LVL 39

Expert Comment

by:noci
ID: 17126294
To open use a browser..... (what else..?)
Prevent access ... (what else?)

Homework... http://www.experts-exchange.com/Security/Linux_Security/help.jsp#hi130  (what else?)

Readup on apache webserver. maybe lookup the chapter about authorisation etc. using htaccess?
0
 
LVL 16

Expert Comment

by:xDamox
ID: 17128964
Hi,

The only way you can read .htaccess is if you SSH into the host and open it with a text editor. By default apache version 2
disables access to the .htaccess and .htpasswd by the following:

#
# The following lines prevent .htaccess and .htpasswd files from being
# viewed by Web clients.
#
<Files ~ "^\.ht">
    Order allow,deny
    Deny from all
</Files>

0
 

Author Comment

by:tourajam
ID: 17134683
how to bypass to read HTACESS ?
0
 
LVL 16

Expert Comment

by:xDamox
ID: 17137181
Hi,

The only way to read the .htaccess is if you have SSH access to the webserver there is no way to bypass the
above rule which, denys access to the .htaccess and .htpasswd
0
6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

 

Author Comment

by:tourajam
ID: 17137819
what about brute force ?
0
 
LVL 16

Expert Comment

by:xDamox
ID: 17137831
Hi,

No matter what you try you will always be denied access to the .htaccess and .htpasswd files via the web browser, the ONLY
method to access these two files is if your logged into the web server.
0
 

Author Comment

by:tourajam
ID: 17140452
i dont think so, not agree with you

http://www.team-e1.ch/admin

something like it, what i need to bypass, only EXPLOITS or Brute force or other materials !!!!
0
 
LVL 16

Accepted Solution

by:
xDamox earned 500 total points
ID: 17140629
>in my research i must to find how to open HTACESS from another hosts ?!
The apache configuration does not lie you CANNOT access the .htpasswd and .htaccess file!

>something like it, what i need to bypass, only EXPLOITS or Brute force or other materials !!!!
Bruteforce will just try guess the username/password it does not actually get the .htpasswd file!!

Conclusion
You cannot access the .htaccess and .htpasswd files via the web browser the ONLY way is to have access to the
machine via SSH or Telnet.
0
 

Author Comment

by:tourajam
ID: 17142612
ok ... Thank you
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Hello EE, Today we will learn how to send all your network traffic through Tor which is useful to get around censorship and being tracked all together to a certain degree. This article assumes you will be using Linux, have a minimal knowledge of …
BIND is the most widely used Name Server. A Name Server is the one that translates a site name to it's IP address. There is a new bug in BIND (https://kb.isc.org/article/AA-01272), affecting all versions of BIND 9 from BIND 9.1.0 (inclusive) thro…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now