hashcat Forum
openLDAP Hashes - Printable Version

+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Support (https://hashcat.net/forum/forum-3.html)
+--- Forum: hashcat (https://hashcat.net/forum/forum-45.html)
+--- Thread: openLDAP Hashes (/thread-5764.html)

openLDAP Hashes - msf004 - 08-17-2016

I was attempting to use hashcat on an openldap file that I have.  The hashes all begin with the same 8 characters (e1NTSEF9), here is an example:


I noticed hashcat has an attack-mode for LDAP (1711); however, when I try using that I get a line-length error.

WARNING: Hashfile 'hashes.txt' on line 3 (e1NTSEF9b0pvQTdrMDVhMVRSazgxR2pzQ2tONUEybW9kNVNsQkI=): Line-length exception

The hash came from openldap 2.4.23-34. 

I ran slapcat to extract the data from ldap and parsed out the "userPassword" lines:

userPassword:: e1NTSEF9b0pvQTdrMDVhMVRSazgxR2pzQ2tONUEybW9kNVNsQkI=

Could anyone shed some light on what I am doing wrong?


RE: openLDAP Hashes - msf004 - 08-17-2016

I believe have figured out the answer.  I am sharing in the event anyone finds this post in the future.

In reading, I learned that slapcat extracts into LDIF format (LDAP Data Interchange Format).

The above, original example is no more than a SSHA password (a SHA-1 that includes a salt in the computation) that has been base64 encoded.  Thus if you base64 decode it you are left with the original SSHA string:

# echo "$(echo e1NTSEF9b0pvQTdrMDVhMVRSazgxR2pzQ2tONUEybW9kNVNsQkI= | base64 --decode )"


I wrapped the echo'ing of the LDIF string into another echo "$( )" just to include a line return at the end.

...or if I put it all together:

slapcat | grep "userPassword" | sed -e 's/userPassword:: //g' | while read ldifs; do echo "$( echo "$ldifs" | base64 --decode )"; done

...as an update: this worked once I used the 111 hash mode (-m 111).

RE: openLDAP Hashes - atom - 08-17-2016

very nice, answering own questions are the best, gz