01-10-2018, 12:31 PM
Hi all
I need some help regarding choosing the right decoding option.
The hash looks like this:
{SSHA}_HAAAAEGXXXXXXXXXXXXXXXXXXXXh+b6BtQtOkonrbeI=
I have several users on this system, interestingly, the password hash for all users starts with _HAAAA, but then is different for the rest.
In the product documentation I found this nice little information:
The password is an LDAP-v3 level password (RFC2307). The encryption method is hashed. For more details on the Secure Hash Algorithm 1 (SHA1), see RFC3174.
In addition to hashing, the password encryption is “salted” with a base64 (64-bit) scheme. See RFC3112, section 3.2 for more details
From the IETF document https://www.ietf.org/rfc/rfc3112.txt I found this part:
Given a user "joe" who's password is "mary" and a salt of "salt",
the authInfo field would be the base64 encoding of "salt" and the
authValue field would be the base64 encoding of the SHA1 digest of
"marysalt".
So, based on what I read, I should be able to extract the salt with a reverse of the base64?
Would that even speed up the cracking process or doesn't it matter at all?
Which hashmode would I need to select? As there are many variants for ssha inside hashcat.
Thanks for help
pato
I need some help regarding choosing the right decoding option.
The hash looks like this:
{SSHA}_HAAAAEGXXXXXXXXXXXXXXXXXXXXh+b6BtQtOkonrbeI=
I have several users on this system, interestingly, the password hash for all users starts with _HAAAA, but then is different for the rest.
In the product documentation I found this nice little information:
The password is an LDAP-v3 level password (RFC2307). The encryption method is hashed. For more details on the Secure Hash Algorithm 1 (SHA1), see RFC3174.
In addition to hashing, the password encryption is “salted” with a base64 (64-bit) scheme. See RFC3112, section 3.2 for more details
From the IETF document https://www.ietf.org/rfc/rfc3112.txt I found this part:
Given a user "joe" who's password is "mary" and a salt of "salt",
the authInfo field would be the base64 encoding of "salt" and the
authValue field would be the base64 encoding of the SHA1 digest of
"marysalt".
So, based on what I read, I should be able to extract the salt with a reverse of the base64?
Would that even speed up the cracking process or doesn't it matter at all?
Which hashmode would I need to select? As there are many variants for ssha inside hashcat.
Thanks for help
pato