ssha help
#1
Hi all

I need some help regarding choosing the right decoding option.
The hash looks like this:
{SSHA}_HAAAAEGXXXXXXXXXXXXXXXXXXXXh+b6BtQtOkonrbeI=

I have several users on this system, interestingly, the password hash for all users starts with _HAAAA, but then is different for the rest.
In the product documentation I found this nice little information:
The password is an LDAP-v3 level password (RFC2307). The encryption method is hashed. For more details on the Secure Hash Algorithm 1 (SHA1), see RFC3174.

In addition to hashing, the password encryption is “salted” with a base64 (64-bit) scheme. See RFC3112, section 3.2 for more details

From the IETF document https://www.ietf.org/rfc/rfc3112.txt I found this part:
      Given a user "joe" who's password is "mary" and a salt of "salt",
      the authInfo field would be the base64 encoding of "salt" and the
      authValue field would be the base64 encoding of the SHA1 digest of
      "marysalt".

So, based on what I read, I should be able to extract the salt with a reverse of the base64?
Would that even speed up the cracking process or doesn't it matter at all?
Which hashmode would I need to select? As there are many variants for ssha inside hashcat.
Thanks for help
pato
Reply
#2
Cracking SSHA ldap passwords is supported with hashcat. Just choose the correct hash-mode.
Reply
#3
You don't happen to know which variant this is for sure?
I assume it could be 111, but am not sure.
Reply
#4
Example hashes can be found here: https://hashcat.net/wiki/doku.php?id=example_hashes
... and yes only -m 111 = nsldaps, SSHA-1(Base64), Netscape LDAP SSHA looks similar (has the, what we call, same signature. in your case {SSHA}...)

The problem is, that since the algorithm for -m 111 is base64 (sha1 ($pass . $salt) . $salt) in theory only the last part should be the same in the final hash... assuming that the same salt was used for all users. In your case, the first part seems to be equal amongs users, this contradicts with the algorithm of -m 111 if I'm not totally wrong.

Maybe you can give more details on where and how these hashes were extracted? Is this an ldap system ? Where are these hashes stored?
In theory the hashes could also use a very different algorithm or the hashes were manipulated/obfuscated somehow. Maybe you can give more details about the extraction/setup.
Reply
#5
They are from a DNS/DHCP appliance where the backup contains an XML based database file. Honestly I don't know if it's LDAP, because the appliance is locked and I can only access it's webinterface.
By reading the RFC on which it's based:
Example:
Given a user "joe" who's password is "mary" and a salt of "salt",
the authInfo field would be the base64 encoding of "salt" and the
authValue field would be the base64 encoding of the SHA1 digest of
"marysalt".
It means the start of the string is the base64 $salt, then comes the ($password:$salt), in base64, no?
Or in other words "$salt($password:$salt)" while ($password:$salt) is in sha1 and the whole string "$salt($password:$salt)" in base64. Assuming authInfo comes before authValue.
Reply
#6
And addition. What I did try is this:
echo HAAAAEGXXXXXXXXXXXXXXXXXXXXh+b6BtQtOkonrbeI= | base64 -d | xxd -p -c 40 | sed 's/.\{40\}/&:/'
1c0000004d5546dbb12XXXXXXXXe94dcea77dacc:c0da91d0XXXXXXXXb7b81
So based on my assumptions, 1c0000004 is probably the salt, as this is the same string for all password when the base64 is reversed, converted to hex and added a : after 40 signs. Not sure if I made this correct though.
Reply