Penetration Testing: RE: Netscape Ldap ldif file SHA password cracking

[Bénoni MARTIN <Benoni.MARTIN () libertis ga>]

Hi !

In that case, you have also such a tool coming with Apache distrib, tool called htpass or htaccess (think it's the 
first proposal). It allows you to encrypt with MD 5 or SHA.

-----Message d'origine-----
De : noconflic [mailto:nocon () texas-shooters com] 
Envoyé : mercredi 8 décembre 2004 04:48
À : m a
Cc : pen-test () securityfocus com
Objet : Re: Netscape Ldap ldif file SHA password cracking


  I did some googling around and found this 

   http://tinyurl.com/6vyw8

   From that page 

  [...]

   SOFTWARE 
   'pwdhash' is a command-line program to generate or check userPasswordvalues. This program is 
   included with Netscape Directory Server; you'll find it in NSHOME/bin/slapd/server. For example, 
    to digest passwords: 

% cd $NSHOME/bin/slapd/server
% ./pwdhash -s SHA abc abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq
{SHA}qZk+NkcGgWq6PiVxeFDCbJzQ2J0=
{SHA}hJg+RBw70m66rkqh+VEp5eVGcPE=

Or, to check passwords: 

% ./pwdhash -c '{SHA}qZk+NkcGgWq6PiVxeFDCbJzQ2J0=' abc
./pwdhash: password ok.
% echo $status
0
% ./pwdhash -c '{SHA}QZk+NkcGgWq6PiVxeFDCbJzQ2J0=' abc
./pwdhash: password does not match.
% echo $status
1

  [...]

   Thou i haven't tested this, I think it would be easy enough to write a small BF script in conjuction with 
   'pwdhash -c' and a wordlist. It may not be a totaly practical solution to your problem
   but, may get you to where you need to go.  ;) 

  
Just my 2 cents. 

- nocon
    

 
    
[aznxy () yahoo com] Tue, Nov 30, 2004 at 03:37:21AM -0000 wrote:
> I am trying to crack passwords in an ldif file downloaded using ldapminer. The server seems to be Netscape ldap based 
> on this ldif section:
>
>     server type is : netscape
>     Netscape Checks enabled
>
> I firstly tried using Lumberjack 
> (http://www.phenoelit.de/lj/docu.html)
>
>     lj -w wordlist.txt -f myldap.ldif -V
>
> This is what I got as a result...
>
>     (c) 1999 by Phenoelit (http://www.phenoelit.de/)
>     Version 0.2.7b
>     100.00 %
>     making list unique ...done
>     Cleaning ... done
>     Collecting ldif user informations ...
>     0 users with password found ...
>     Entering wordlist mode ...
>
> These are some entries in the ldif file:
>
>       attribute: authpassword
>               value[0]: {seeGpA7K}
>
>       attribute: authpassword
>               value[0]: {om7b8U3NJ2E}
>
>       attribute: userpassword
>               value[0]: {SHA}hEqt9R50vHZ+EheHW+JOJKvNWpw=
>
>       attribute: userpassword
>               value[0]: {SHA}+A0MoQHpZ7ULcw3fjorKDehejfY=
>
> So it seems that it is SHA based encryption at least in the latter entries. I don't have a clue what the differect 
> between authpassword and userpassword is...
> I tried John the Ripper (http://www.openwall.com//john/) patching with 
> the Netscape diff files and recompiling. I basically put a SHA hash 
> like the above in a txt file and fed into john
>
>      john -format:SHA hash.txt
>
> John still however does not support SHA after the patching so I am not sure what to put in as format.
>
> Any ideas would be appreciated as I am really stuck at this point.
>
> Thanks in advance.