openLDAP Hashes

[msf004]

I was attempting to use hashcat on an openldap file that I have.  The hashes all begin with the same 8 characters (e1NTSEF9), here is an example:

e1NTSEF9b0pvQTdrMDVhMVRSazgxR2pzQ2tONUEybW9kNVNsQkI=

I noticed hashcat has an attack-mode for LDAP (1711); however, when I try using that I get a line-length error.

WARNING: Hashfile 'hashes.txt' on line 3 (e1NTSEF9b0pvQTdrMDVhMVRSazgxR2pzQ2tONUEybW9kNVNsQkI=): Line-length exception

The hash came from openldap 2.4.23-34. 

I ran slapcat to extract the data from ldap and parsed out the "userPassword" lines:

userPassword:: e1NTSEF9b0pvQTdrMDVhMVRSazgxR2pzQ2tONUEybW9kNVNsQkI=


Could anyone shed some light on what I am doing wrong?

Thanks!

[msf004]

I believe have figured out the answer.  I am sharing in the event anyone finds this post in the future.

In reading, I learned that slapcat extracts into LDIF format (LDAP Data Interchange Format).

The above, original example is no more than a SSHA password (a SHA-1 that includes a salt in the computation) that has been base64 encoded.  Thus if you base64 decode it you are left with the original SSHA string:

Code:

# echo "$(echo e1NTSEF9b0pvQTdrMDVhMVRSazgxR2pzQ2tONUEybW9kNVNsQkI= | base64 --decode )"

{SSHA}oJoA7k05a1TRk81GjsCkN5A2mod5SlBB

I wrapped the echo'ing of the LDIF string into another echo "$( )" just to include a line return at the end.

...or if I put it all together:

Code:

slapcat | grep "userPassword" | sed -e 's/userPassword:: //g' | while read ldifs; do echo "$( echo "$ldifs" | base64 --decode )"; done

...as an update: this worked once I used the 111 hash mode (-m 111).

[atom]

very nice, answering own questions are the best, gz