# help recovering a http-login

## eminenz

Hi everybody,

i need help on recovering the login password for the admin interface of my external verbatim hard drive.

The Problem:

Web-login using a html form, the user name is "admin" and i forgot the login password. I can reduce the number of possible charakters and numbers i used to generate the password i used, but that's about it.

I tried to reset the complete NAS device as described in the manual, but the password isn't reset to factory default and the hotline couldn't help me either. (They told me to format it connected via usb using a windows xp machine, which however doesn't change the admin password.

Now there's my question: As i can reduce the number of possible characters by knowing which one i possibly used for that password and knowing the approximate length, is there a way to brute-force that password? I googled for some brute-force software, however most of them are for M$ Windows and not made for sending passwords in a html form, and the one i found for that purpose is only able to launch dictionary attacks.

So do you know a brute-force program that is able to be configured to use only certain characters or do you have an idea how to create a dictionary file with all possible combinations?

Do you have a suggestion for me how to get in again?

That'd be nice  :Very Happy: 

regards

----------

## tatotato

Rainbow tables would be the way, if you could build a script to brute-force the interface with them.

They take ages to generate, but cover every single pattern you can make with the options given to generate, usually ending up at about a couple of gigs in size.

----------

## eminenz

afaik i need the hashed password to work with a rainbow table, don't I?

If I don't need them - do you know an existing program for that specific task (web-form brute-forcing (with or without rainbow-tables))?

----------

## SeaTiger

Try connect the drive(physically take the HD out of the verbatim case) with a usb connector, change the /etc/passwd and /etc/shadow(I am not sure if they use shadow).

PS: I never work with that drive, so I am not 100% sure if it works.

----------

## eminenz

nice idea!

I found 3 partitions on it, one being the system one. I have been able to find smbpasswd and the ftp-client password files, however not the admin interface password file. I also found the website being made up with cgi and javascript, but no file yet where the password could be stored.

i grepped for 'admin', however found nothing suitable.  :Sad: 

Sadly, as most of the site seems to be programmed in some kind of encapsuled javascript I'm not able to actually tell how that login works...

I'll continue trying, more / other hints are still apreciated, though  :Smile: 

----------

## SeaTiger

Is there a /etc/passwd file? check that out, from what I read from other site, the web interface may be using the root password for admin login.

One thing you may want to do for last resort is to copy all your data out and return the drive for a new one ... ok ... I am a bad guy  :Twisted Evil: 

----------

## eminenz

well i also looked for an etc/passwd file and found none.

I guess I'll continue trying up to next week and if i still find no way I'll bring it to the shop and tell them that the login function is "broken"  :Smile: 

----------

## tutaepaki

If it's an html interface, it might be using a .htpasswd file for the authentication?

----------

## eminenz

i guess it's not - i found none and the authentication is done using a javascript-cgi-html-something-form. Sadly i don't understand the strange structure of that combination, else I'd look for the password file in it.

Anyways, it looks like a regular form, not like .htpasswd

----------

