OpenLDAP SSHA's Dynamic Base64 Parser
#1
Was able to obtain some OpenLDAP SSHA's during an assessment and attempted to use oclHashcat-plus to analyze them. The hashes were disregarded as invalid SSHA's or oclHashcat-plus type "111 = nsldaps, SSHA-1(Base64), Netscape LDAP SSHA". Was able to verify the validity of the SSHA's via OpenLDAP's web site in an example used to generate OpenLDAP SSHA's via various code tid bits. The below hash came from OpenLDAP's site.

OpenLDAP SSHA Hash: {SSHA}0c0blFTXXNuAMHECS4uxrj3ZieMoWImr
OpenLDAP SSHA pass: testing123

Request: Include a Base64 parser that would allow for dynamic salt lengths in OpenLDAP SSHA's to crack using oclHashcat-plus.

Thanks!
#2
All right, will do that for oclHashcat-lite and oclHashcat-plus.
#3
Well, this is not fully correct. The solution is quite simple. Netscape LDAP SSHA has different hashes/salts than OpenLDAP. This should be a separate algorithm.

If i remember right JtR even has different modules for both, not sure if the PSA is 100% identical.
#4
I am not sure, but maybe its just the salt length that differs. With a dynamic salt length parser this problem should disappear. If I am wrong please correct me. In this case I can save some work Smile
#5
implemented in latest oclHashcat-lite v0.10 beta. please try
#6
Hi,

First of all, I want to thank you atom for all the hard work you put in.

Was just wondering when can we see this in plus Smile

Thanks,
T.I
#7
Its already done, just wait for the release
#8
Done with oclHashcat-plus v0.09: https://hashcat.net/forum/thread-1541.html

Thread closed