Posts: 1
Threads: 1
Joined: Apr 2012
Was able to obtain some OpenLDAP SSHA's during an assessment and attempted to use oclHashcat-plus to analyze them. The hashes were disregarded as invalid SSHA's or oclHashcat-plus type "111 = nsldaps, SSHA-1(Base64), Netscape LDAP SSHA". Was able to verify the validity of the SSHA's via OpenLDAP's web site in an example used to generate OpenLDAP SSHA's via various code tid bits. The below hash came from OpenLDAP's site.
OpenLDAP SSHA Hash: {SSHA}0c0blFTXXNuAMHECS4uxrj3ZieMoWImr
OpenLDAP SSHA pass: testing123
Request: Include a Base64 parser that would allow for dynamic salt lengths in OpenLDAP SSHA's to crack using oclHashcat-plus.
Thanks!
Posts: 5,185
Threads: 230
Joined: Apr 2010
All right, will do that for oclHashcat-lite and oclHashcat-plus.
Posts: 2,301
Threads: 11
Joined: Jul 2010
04-10-2012, 06:38 PM
(This post was last modified: 04-10-2012, 06:38 PM by undeath.)
Well, this is not fully correct. The solution is quite simple. Netscape LDAP SSHA has different hashes/salts than OpenLDAP. This should be a separate algorithm.
If i remember right JtR even has different modules for both, not sure if the PSA is 100% identical.
Posts: 5,185
Threads: 230
Joined: Apr 2010
I am not sure, but maybe its just the salt length that differs. With a dynamic salt length parser this problem should disappear. If I am wrong please correct me. In this case I can save some work
Posts: 5,185
Threads: 230
Joined: Apr 2010
implemented in latest oclHashcat-lite v0.10 beta. please try
Posts: 4
Threads: 0
Joined: Jul 2012
Hi,
First of all, I want to thank you atom for all the hard work you put in.
Was just wondering when can we see this in plus
Thanks,
T.I
Posts: 5,185
Threads: 230
Joined: Apr 2010
Its already done, just wait for the release
Posts: 5,185
Threads: 230
Joined: Apr 2010
Done with oclHashcat-plus v0.09:
https://hashcat.net/forum/thread-1541.html
Thread closed
