Penetration Testing mailing list archives
Re: Netscape Ldap ldif file SHA password cracking
From: noconflic <nocon () texas-shooters com>
Date: Tue, 7 Dec 2004 21:47:55 -0600
I did some googling around and found this http://tinyurl.com/6vyw8 From that page [...] SOFTWARE 'pwdhash' is a command-line program to generate or check userPasswordvalues. This program is included with Netscape Directory Server; you'll find it in NSHOME/bin/slapd/server. For example, to digest passwords: % cd $NSHOME/bin/slapd/server % ./pwdhash -s SHA abc abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq {SHA}qZk+NkcGgWq6PiVxeFDCbJzQ2J0= {SHA}hJg+RBw70m66rkqh+VEp5eVGcPE= Or, to check passwords: % ./pwdhash -c '{SHA}qZk+NkcGgWq6PiVxeFDCbJzQ2J0=' abc ./pwdhash: password ok. % echo $status 0 % ./pwdhash -c '{SHA}QZk+NkcGgWq6PiVxeFDCbJzQ2J0=' abc ./pwdhash: password does not match. % echo $status 1 [...] Thou i haven't tested this, I think it would be easy enough to write a small BF script in conjuction with 'pwdhash -c' and a wordlist. It may not be a totaly practical solution to your problem but, may get you to where you need to go. ;) Just my 2 cents. - nocon [aznxy () yahoo com] Tue, Nov 30, 2004 at 03:37:21AM -0000 wrote:
I am trying to crack passwords in an ldif file downloaded using ldapminer. The server seems to be Netscape ldap based on this ldif section: server type is : netscape Netscape Checks enabled I firstly tried using Lumberjack (http://www.phenoelit.de/lj/docu.html) lj -w wordlist.txt -f myldap.ldif -V This is what I got as a result... (c) 1999 by Phenoelit (http://www.phenoelit.de/) Version 0.2.7b 100.00 % making list unique ...done Cleaning ... done Collecting ldif user informations ... 0 users with password found ... Entering wordlist mode ... These are some entries in the ldif file: attribute: authpassword value[0]: {seeGpA7K} attribute: authpassword value[0]: {om7b8U3NJ2E} attribute: userpassword value[0]: {SHA}hEqt9R50vHZ+EheHW+JOJKvNWpw= attribute: userpassword value[0]: {SHA}+A0MoQHpZ7ULcw3fjorKDehejfY= So it seems that it is SHA based encryption at least in the latter entries. I don't have a clue what the differect between authpassword and userpassword is... I tried John the Ripper (http://www.openwall.com//john/) patching with the Netscape diff files and recompiling. I basically put a SHA hash like the above in a txt file and fed into john john -format:SHA hash.txt John still however does not support SHA after the patching so I am not sure what to put in as format. Any ideas would be appreciated as I am really stuck at this point. Thanks in advance.
Current thread:
- Re: Netscape Ldap ldif file SHA password cracking Anders Thulin (Dec 01)
- <Possible follow-ups>
- Re: Netscape Ldap ldif file SHA password cracking miguel . dilaj (Dec 01)
- Re: Netscape Ldap ldif file SHA password cracking Rafał Kupka (Dec 01)
- Re: Netscape Ldap ldif file SHA password cracking m a (Dec 06)
- RE: Netscape Ldap ldif file SHA password cracking David Cross (Dec 09)
- Re: Netscape Ldap ldif file SHA password cracking noconflic (Dec 09)
- RE: Netscape Ldap ldif file SHA password cracking Bénoni MARTIN (Dec 09)