openLDAP Hashes
I believe have figured out the answer.  I am sharing in the event anyone finds this post in the future.

In reading, I learned that slapcat extracts into LDIF format (LDAP Data Interchange Format).

The above, original example is no more than a SSHA password (a SHA-1 that includes a salt in the computation) that has been base64 encoded.  Thus if you base64 decode it you are left with the original SSHA string:

# echo "$(echo e1NTSEF9b0pvQTdrMDVhMVRSazgxR2pzQ2tONUEybW9kNVNsQkI= | base64 --decode )"


I wrapped the echo'ing of the LDIF string into another echo "$( )" just to include a line return at the end.

...or if I put it all together:

slapcat | grep "userPassword" | sed -e 's/userPassword:: //g' | while read ldifs; do echo "$( echo "$ldifs" | base64 --decode )"; done an update: this worked once I used the 111 hash mode (-m 111).

Messages In This Thread
openLDAP Hashes - by msf004 - 08-17-2016, 03:23 AM
RE: openLDAP Hashes - by msf004 - 08-17-2016, 01:14 PM
RE: openLDAP Hashes - by atom - 08-17-2016, 05:03 PM