Penetration Testing mailing list archives

Re: Netscape Ldap ldif file SHA password cracking

From: miguel.dilaj () pharma novartis com
Date: Wed, 1 Dec 2004 16:19:49 +0000

Hi m a,

Be careful, things like {SHA}hEqt9R50vHZ+EheHW+JOJKvNWpw= and {SHA}+A0MoQHpZ7ULcw3fjorKDehejfY= are not a SHA hash 
straigth away.
A typical SHA (SHA-1) hash will look like:
5BAA61E4C9B93F3F0682250B6CF8331B7EE68FD8
(the above is for the word 'password').

My first guess is some kind of Base64 encoding (or similar) of the string 
without the '{SHA}'.
Example:
plaintext:     password
SHA-1:     5BAA61E4C9B93F3F0682250B6CF8331B7EE68FD8
Base64 encoding of the above: 
NUJBQTYxRTRDOUI5M0YzRjA2ODIyNTBCNkNGODMzMUI3RUU2OEZEOA==

So you see the similarities, but still no cigar!

As far as I understand (I don't use it), the patch to JtR is for SSHA 
(Secure SHA, Salted SHA, whatever you like), not for PLAIN SHA.

If you manage to decode the string and obtain a plain SHA-1 hash as shown 
above, feel free to use Lepton's Crack against it 
(http://freshmeat.net/projects/lcrack/).

Cheers,

Miguel
aka Nekromancer

Current thread:

Re: Netscape Ldap ldif file SHA password cracking Anders Thulin (Dec 01)
- <Possible follow-ups>
- Re: Netscape Ldap ldif file SHA password cracking miguel . dilaj (Dec 01)
  - Re: Netscape Ldap ldif file SHA password cracking Rafał Kupka (Dec 01)
- Re: Netscape Ldap ldif file SHA password cracking m a (Dec 06)
  - RE: Netscape Ldap ldif file SHA password cracking David Cross (Dec 09)
- Re: Netscape Ldap ldif file SHA password cracking noconflic (Dec 09)
- RE: Netscape Ldap ldif file SHA password cracking Bénoni MARTIN (Dec 09)