Penetration Testing: Re: Netscape Ldap ldif file SHA password cracking

[noconflic <nocon () texas-shooters com>]

  I did some googling around and found this 

   http://tinyurl.com/6vyw8

   From that page 

  [...]

   SOFTWARE 
   'pwdhash' is a command-line program to generate or check userPasswordvalues. This program is 
   included with Netscape Directory Server; you'll find it in NSHOME/bin/slapd/server. For example, 
    to digest passwords: 

% cd $NSHOME/bin/slapd/server
% ./pwdhash -s SHA abc abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq
{SHA}qZk+NkcGgWq6PiVxeFDCbJzQ2J0=
{SHA}hJg+RBw70m66rkqh+VEp5eVGcPE=

Or, to check passwords: 

% ./pwdhash -c '{SHA}qZk+NkcGgWq6PiVxeFDCbJzQ2J0=' abc
./pwdhash: password ok.
% echo $status
0
% ./pwdhash -c '{SHA}QZk+NkcGgWq6PiVxeFDCbJzQ2J0=' abc
./pwdhash: password does not match.
% echo $status
1

  [...]

   Thou i haven't tested this, I think it would be easy enough to write a small BF script in conjuction with 
   'pwdhash -c' and a wordlist. It may not be a totaly practical solution to your problem
   but, may get you to where you need to go.  ;) 

  
Just my 2 cents. 

- nocon
    

 
    
[aznxy () yahoo com] Tue, Nov 30, 2004 at 03:37:21AM -0000 wrote:
> I am trying to crack passwords in an ldif file downloaded using ldapminer. The server seems to be Netscape ldap based 
> on this ldif section:
>
>     server type is : netscape
>     Netscape Checks enabled
>
> I firstly tried using Lumberjack (http://www.phenoelit.de/lj/docu.html)
>
>     lj -w wordlist.txt -f myldap.ldif -V
>
> This is what I got as a result...
>
>     (c) 1999 by Phenoelit (http://www.phenoelit.de/)
>     Version 0.2.7b
>     100.00 %
>     making list unique ...done
>     Cleaning ... done
>     Collecting ldif user informations ...
>     0 users with password found ...
>     Entering wordlist mode ...
>
> These are some entries in the ldif file:
>
>       attribute: authpassword
>               value[0]: {seeGpA7K}
>
>       attribute: authpassword
>               value[0]: {om7b8U3NJ2E}
>
>       attribute: userpassword
>               value[0]: {SHA}hEqt9R50vHZ+EheHW+JOJKvNWpw=
>
>       attribute: userpassword
>               value[0]: {SHA}+A0MoQHpZ7ULcw3fjorKDehejfY=
>
> So it seems that it is SHA based encryption at least in the latter entries. I don't have a clue what the differect 
> between authpassword and userpassword is...
> I tried John the Ripper (http://www.openwall.com//john/) patching with the Netscape diff files and recompiling. I 
> basically put a SHA hash like the above in a txt file and fed into john 
>
>      john -format:SHA hash.txt
>
> John still however does not support SHA after the patching so I am not sure what to put in as format.
>
> Any ideas would be appreciated as I am really stuck at this point.
>
> Thanks in advance.