[prev in list] [next in list] [prev in thread] [next in thread]
List: john-users
Subject: Re: [john-users] OpenLDAP MD5/SMD5 format challenges
From: Simon Marechal <simon () banquise ! net>
Date: 2008-10-13 11:45:57
Message-ID: 48F334F5.8030202 () banquise ! net
[Download RAW message or body]
mikes@imtarget.dissimulo.com a écrit :
> Kind greetings.
>
> I am auditing an OpenLDAP installation, and using
>
> John the Ripper password cracker, version 1.7.3.1-all-4
>
>
> The environment has allowed password updates from many flavors of system,
> so the passwords stored are in a variety of formats.
>
> The approach I have taken is to use slapcat to get an ldif of the entire
> OpenLDAP directory, and then use a perl script (attached) to create a file
> in unix passwd format. I'm relying on the Net::LDAP::LDIF perl module to
> get me the correct hash out of the ldif file, but this is a simple
> conversion from BASE64 encoding.
>
> The resulting passwd file includes the passwords prefixes {SHA}, {SSHA},
> {MD5}, {SMD5}, {crypt}, and {CRYPT}, which I grep out into individual
> files. However, the only ones which John is able to crack are the
> SHA/SSHA--it simply reports "No password hashes loaded".
>
> Here are some example hashes from the file:
>
> user1-name:{MD5}1sX2lBwQnaZTM/cZQjO+jg==:::User One::
> user2-name:{MD5}ulQpAH+q5PQM5jliIOe0Og==:::User Two::
> user3-name:{MD5}oKCTtakzqP+Ife1fqCNU7w==:::User Three::
>
> user4-name:{SMD5}w69h8/CxcxDeTUUpLTIGQ4lw3WU=:::User Four::
> user5-name:{SMD5}U/Jcj9rFigQYysYUPxuPmrnHH+A=:::User Five::
> user6-name:{SMD5}ZXMtyrnt10H6xqmo4VckqV8mM6E=:::User Six::
>
> I performed the base64 conversion of the some password strings at the
> command line, and the output matched, so I don't believe it to be a
> problem with the perl module.
>
>
> Can anyone provide guidance or suggestions? My reading of the
> documentation is that both MD5 types as well as crypt ought to be
> supported out of OpenLDAP...
Hello,
I recently had a discussion about this issue. MD5 is just to be base64
decoded and hex-encoded for it to be loaded with raw-md5. I suppose it
should be the same for {CRYPT}. SMD5 might require code to be actually
written.
Simon
--
To unsubscribe, e-mail john-users-unsubscribe@lists.openwall.com and reply
to the automated confirmation request that will be sent to you.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic