How to HTACESS ...

Hello Guys,

this question is for my CEH course,
in my research i must to find how to open HTACESS from another hosts ?!
and how to protect it ?

thanks :)
tourajamAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
xDamoxConnect With a Mentor Commented:
>in my research i must to find how to open HTACESS from another hosts ?!
The apache configuration does not lie you CANNOT access the .htpasswd and .htaccess file!

>something like it, what i need to bypass, only EXPLOITS or Brute force or other materials !!!!
Bruteforce will just try guess the username/password it does not actually get the .htpasswd file!!

Conclusion
You cannot access the .htaccess and .htpasswd files via the web browser the ONLY way is to have access to the
machine via SSH or Telnet.
0
 
nociSoftware EngineerCommented:
To open use a browser..... (what else..?)
Prevent access ... (what else?)

Homework... http://www.experts-exchange.com/Security/Linux_Security/help.jsp#hi130  (what else?)

Readup on apache webserver. maybe lookup the chapter about authorisation etc. using htaccess?
0
 
xDamoxCommented:
Hi,

The only way you can read .htaccess is if you SSH into the host and open it with a text editor. By default apache version 2
disables access to the .htaccess and .htpasswd by the following:

#
# The following lines prevent .htaccess and .htpasswd files from being
# viewed by Web clients.
#
<Files ~ "^\.ht">
    Order allow,deny
    Deny from all
</Files>

0
Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

 
tourajamAuthor Commented:
how to bypass to read HTACESS ?
0
 
xDamoxCommented:
Hi,

The only way to read the .htaccess is if you have SSH access to the webserver there is no way to bypass the
above rule which, denys access to the .htaccess and .htpasswd
0
 
tourajamAuthor Commented:
what about brute force ?
0
 
xDamoxCommented:
Hi,

No matter what you try you will always be denied access to the .htaccess and .htpasswd files via the web browser, the ONLY
method to access these two files is if your logged into the web server.
0
 
tourajamAuthor Commented:
i dont think so, not agree with you

http://www.team-e1.ch/admin

something like it, what i need to bypass, only EXPLOITS or Brute force or other materials !!!!
0
 
tourajamAuthor Commented:
ok ... Thank you
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.