Penetration Testing mailing list archives
Re: Netscape Ldap ldif file SHA password cracking
From: Rafał Kupka <rkupka () wdg pl>
Date: Wed, 01 Dec 2004 19:41:33 +0100
Miguel.dilaj () pharma novartis com wrote: Hello, [cut]
My first guess is some kind of Base64 encoding (or similar) of the string without the '{SHA}'. Example: plaintext: password SHA-1: 5BAA61E4C9B93F3F0682250B6CF8331B7EE68FD8 Base64 encoding of the above: NUJBQTYxRTRDOUI5M0YzRjA2ODIyNTBCNkNGODMzMUI3RUU2OEZEOA== So you see the similarities, but still no cigar!
It's {SHA1}<base64 encoded binary form of sha1 hash>. for eg., $perl -e 'use Digest::SHA1 qw(sha1); print sha1(@ARGV[0]);' password | base64-encode W6ph5Mm5Pz8GgiULbPgzG37mj9g= Plaintext: password SHA-1: <binary data> Base64 of above data: W6ph5Mm5Pz8GgiULbPgzG37mj9g= Cheers, -- Rafal Kupka <rkupka () wdg pl>
Current thread:
- Re: Netscape Ldap ldif file SHA password cracking Anders Thulin (Dec 01)
- <Possible follow-ups>
- Re: Netscape Ldap ldif file SHA password cracking miguel . dilaj (Dec 01)
- Re: Netscape Ldap ldif file SHA password cracking Rafał Kupka (Dec 01)
- Re: Netscape Ldap ldif file SHA password cracking m a (Dec 06)
- RE: Netscape Ldap ldif file SHA password cracking David Cross (Dec 09)
- Re: Netscape Ldap ldif file SHA password cracking noconflic (Dec 09)
- RE: Netscape Ldap ldif file SHA password cracking Bénoni MARTIN (Dec 09)