RE: Netscape Ldap ldif file SHA password cracking

From: Bénoni MARTIN (Benoni.MARTIN@libertis.ga)
Date: Thu Dec 09 2004 - 10:42:37 EST


Hi !

In that case, you have also such a tool coming with Apache distrib, tool called htpass or htaccess (think it's the first proposal). It allows you to encrypt with MD 5 or SHA.

-----Message d'origine-----
De : noconflic [mailto:nocon@texas-shooters.com]
Envoyé : mercredi 8 décembre 2004 04:48
À : m a
Cc : pen-test@securityfocus.com
Objet : Re: Netscape Ldap ldif file SHA password cracking

  I did some googling around and found this

   http://tinyurl.com/6vyw8

   From that page

  [...]

   SOFTWARE
   'pwdhash' is a command-line program to generate or check userPasswordvalues. This program is
   included with Netscape Directory Server; you'll find it in NSHOME/bin/slapd/server. For example,
    to digest passwords:

% cd $NSHOME/bin/slapd/server
% ./pwdhash -s SHA abc abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq
{SHA}qZk+NkcGgWq6PiVxeFDCbJzQ2J0=
{SHA}hJg+RBw70m66rkqh+VEp5eVGcPE=

Or, to check passwords:

% ./pwdhash -c '{SHA}qZk+NkcGgWq6PiVxeFDCbJzQ2J0=' abc
./pwdhash: password ok.
% echo $status
0
% ./pwdhash -c '{SHA}QZk+NkcGgWq6PiVxeFDCbJzQ2J0=' abc
./pwdhash: password does not match.
% echo $status
1

  [...]

   Thou i haven't tested this, I think it would be easy enough to write a small BF script in conjuction with
   'pwdhash -c' and a wordlist. It may not be a totaly practical solution to your problem
   but, may get you to where you need to go. ;)

  
Just my 2 cents.

- nocon
    

 
    
[aznxy@yahoo.com] Tue, Nov 30, 2004 at 03:37:21AM -0000 wrote:
>
>
> I am trying to crack passwords in an ldif file downloaded using ldapminer. The server seems to be Netscape ldap based on this ldif section:
>
> server type is : netscape
> Netscape Checks enabled
>
> I firstly tried using Lumberjack
> (http://www.phenoelit.de/lj/docu.html)
>
> lj -w wordlist.txt -f myldap.ldif -V
>
> This is what I got as a result...
>
> (c) 1999 by Phenoelit (http://www.phenoelit.de/)
> Version 0.2.7b
> 100.00 %
> making list unique ...done
> Cleaning ... done
> Collecting ldif user informations ...
> 0 users with password found ...
> Entering wordlist mode ...
>
> These are some entries in the ldif file:
>
> attribute: authpassword
> value[0]: {seeGpA7K}
>
> attribute: authpassword
> value[0]: {om7b8U3NJ2E}
>
> attribute: userpassword
> value[0]: {SHA}hEqt9R50vHZ+EheHW+JOJKvNWpw=
>
> attribute: userpassword
> value[0]: {SHA}+A0MoQHpZ7ULcw3fjorKDehejfY=
>
> So it seems that it is SHA based encryption at least in the latter entries. I don't have a clue what the differect between authpassword and userpassword is...
> I tried John the Ripper (http://www.openwall.com//john/) patching with
> the Netscape diff files and recompiling. I basically put a SHA hash
> like the above in a txt file and fed into john
>
> john -format:SHA hash.txt
>
> John still however does not support SHA after the patching so I am not sure what to put in as format.
>
> Any ideas would be appreciated as I am really stuck at this point.
>
> Thanks in advance.



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:10 EDT