HTExploit Bypassing Htaccess Restrictions

Presented at Black Hat USA 2012, July 25, 2012, 2:35 p.m. (20 minutes)

HTExploit is an open-source tool written in Python that exploits a weakness in the way that htaccess files can be configured to protect a web directory with an authentication process. By using this tool anyone would be able to list the contents of a directory protected this way, bypassing the authentication process.

Presenters:

• Matias Katz
• Maximiliano Soler

Links:

• https://www.blackhat.com/html/bh-us-12/bh-us-12-archives.html#Soler
• https://media.blackhat.com/bh-us-12/Turbo/Soler/BH_US_12_Katz_Soler_HTExploit_Slides.pdf
• https://media.blackhat.com/bh-us-12/Turbo/Soler/BH_US_12_Katz_Soler_HTExploit_WP.pdf
• https://media.blackhat.com/bh-us-12/Turbo/Soler/HTExploit_v0.7b.zip

Similar Presentations:

• TROOPERS17 (2017) / Active Directory Security Best Practices. Top 11 Security Mistakes in Active Directory and How to Avoid Them
• NolaCon 2018 / Active Directory Security: The Journey
• Black Hat USA 2017 / The Active Directory Botnet