|
Message-ID: <1313499321.97529.YahooMailClassic@web120719.mail.ne1.yahoo.com> Date: Tue, 16 Aug 2011 05:55:21 -0700 (PDT) From: firstname lastname <psykosonik_frequenz@...oo.com> To: john-users@...ts.openwall.com Subject: Re: SSHA Format Hashes for JTR Thanks for the script Samuele. It's interesting. So, the input to this script is going to be a text file of plain text passwords. It will parse it and format into {SSHA}hash the output. Please let me know if I am correct. Regards, NeonFlash --- On Tue, 8/16/11, Samuele Giovanni Tonon <samu@...uxasylum.net> wrote: > From: Samuele Giovanni Tonon <samu@...uxasylum.net> > Subject: Re: [john-users] SSHA Format Hashes for JTR > To: john-users@...ts.openwall.com > Date: Tuesday, August 16, 2011, 5:50 PM > On 08/16/11 13:26, firstname lastname > wrote: > > I would like to know, how to format a given hash into > a suitable form which can be understood by JTR to crack > SSHA1 hash type? > > > > The format which JTR accepts for Netscape LDAP hashes > is: > > > > {SSHA}hash > > > > the hash here seems to be base64 encoded. > > > > The perl scripts included in the JTR package can be > used to extract the passwords from LDAP. But I am interested > in learning how to convert a hash into this format. > > > > Where can I find more details about how exactly this > algorithm is used to hash a given plaintext? > > this script should help you understand how ssha works > > #!/usr/bin/python > > import sys > import hashlib > import base64 > import os > > def makeSecret(password): > salt = os.urandom(4) > h = hashlib.sha1(password) > h.update(salt) > return base64.encodestring(h.digest() + > salt) > > def checkPassword(challenge_password, password): > challenge_bytes = > decode(challenge_password[6:]) > digest = challenge_bytes[:20] > salt = challenge_bytes[20:] > hr = hashlib.sha1(password) > hr.update(salt) > return digest == hr.digest() > > > fp = file(sys.argv[1],'r') > fw = file(sys.argv[2],'w') > for line in fp.readlines(): > mypwd = > makeSecret(line.strip('\n')) > print > "{SSHA}%s:%s"%(mypwd.strip(),line.strip('\n')) > fp.close() > fw.close() > > > regards > Samuele >
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.