+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Support (https://hashcat.net/forum/forum-3.html)
+--- Forum: hashcat (https://hashcat.net/forum/forum-45.html)
+--- Thread: openLDAP Hashes (/thread-5764.html)
openLDAP Hashes - msf004 - 08-17-2016
I was attempting to use hashcat on an openldap file that I have. The hashes all begin with the same 8 characters (e1NTSEF9), here is an example:
e1NTSEF9b0pvQTdrMDVhMVRSazgxR2pzQ2tONUEybW9kNVNsQkI=
I noticed hashcat has an attack-mode for LDAP (1711); however, when I try using that I get a line-length error.
WARNING: Hashfile 'hashes.txt' on line 3 (e1NTSEF9b0pvQTdrMDVhMVRSazgxR2pzQ2tONUEybW9kNVNsQkI=): Line-length exception
The hash came from openldap 2.4.23-34.
I ran slapcat to extract the data from ldap and parsed out the "userPassword" lines:
userPassword:: e1NTSEF9b0pvQTdrMDVhMVRSazgxR2pzQ2tONUEybW9kNVNsQkI=
Could anyone shed some light on what I am doing wrong?
Thanks!
RE: openLDAP Hashes - msf004 - 08-17-2016
I believe have figured out the answer. I am sharing in the event anyone finds this post in the future.
In reading, I learned that slapcat extracts into LDIF format (LDAP Data Interchange Format).
The above, original example is no more than a SSHA password (a SHA-1 that includes a salt in the computation) that has been base64 encoded. Thus if you base64 decode it you are left with the original SSHA string:
Code:
# echo "$(echo e1NTSEF9b0pvQTdrMDVhMVRSazgxR2pzQ2tONUEybW9kNVNsQkI= | base64 --decode )"
{SSHA}oJoA7k05a1TRk81GjsCkN5A2mod5SlBBI wrapped the echo'ing of the LDIF string into another echo "$( )" just to include a line return at the end.
...or if I put it all together:
Code:
slapcat | grep "userPassword" | sed -e 's/userPassword:: //g' | while read ldifs; do echo "$( echo "$ldifs" | base64 --decode )"; done...as an update: this worked once I used the 111 hash mode (-m 111).
RE: openLDAP Hashes - atom - 08-17-2016
very nice, answering own questions are the best, gz