|
Message-ID: <48F334F5.8030202@banquise.net> Date: Mon, 13 Oct 2008 13:45:57 +0200 From: Simon Marechal <simon@...quise.net> To: john-users@...ts.openwall.com Subject: Re: OpenLDAP MD5/SMD5 format challenges mikes@...arget.dissimulo.com a écrit : > Kind greetings. > > I am auditing an OpenLDAP installation, and using > > John the Ripper password cracker, version 1.7.3.1-all-4 > > > The environment has allowed password updates from many flavors of system, > so the passwords stored are in a variety of formats. > > The approach I have taken is to use slapcat to get an ldif of the entire > OpenLDAP directory, and then use a perl script (attached) to create a file > in unix passwd format. I'm relying on the Net::LDAP::LDIF perl module to > get me the correct hash out of the ldif file, but this is a simple > conversion from BASE64 encoding. > > The resulting passwd file includes the passwords prefixes {SHA}, {SSHA}, > {MD5}, {SMD5}, {crypt}, and {CRYPT}, which I grep out into individual > files. However, the only ones which John is able to crack are the > SHA/SSHA--it simply reports "No password hashes loaded". > > Here are some example hashes from the file: > > user1-name:{MD5}1sX2lBwQnaZTM/cZQjO+jg==:::User One:: > user2-name:{MD5}ulQpAH+q5PQM5jliIOe0Og==:::User Two:: > user3-name:{MD5}oKCTtakzqP+Ife1fqCNU7w==:::User Three:: > > user4-name:{SMD5}w69h8/CxcxDeTUUpLTIGQ4lw3WU=:::User Four:: > user5-name:{SMD5}U/Jcj9rFigQYysYUPxuPmrnHH+A=:::User Five:: > user6-name:{SMD5}ZXMtyrnt10H6xqmo4VckqV8mM6E=:::User Six:: > > I performed the base64 conversion of the some password strings at the > command line, and the output matched, so I don't believe it to be a > problem with the perl module. > > > Can anyone provide guidance or suggestions? My reading of the > documentation is that both MD5 types as well as crypt ought to be > supported out of OpenLDAP... Hello, I recently had a discussion about this issue. MD5 is just to be base64 decoded and hex-encoded for it to be loaded with raw-md5. I suppose it should be the same for {CRYPT}. SMD5 might require code to be actually written. Simon -- To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply to the automated confirmation request that will be sent to you.
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.