Penetration Testing: Re: Netscape Ldap ldif file SHA password cracking

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Penetration Testing mailing list archives

Re: Netscape Ldap ldif file SHA password cracking

From: Rafał Kupka <rkupka () wdg pl>
Date: Wed, 01 Dec 2004 19:41:33 +0100

Miguel.dilaj () pharma novartis com wrote:
Hello,

[cut]

My first guess is some kind of Base64 encoding (or similar) of the string 
without the '{SHA}'.
Example:
plaintext:     password
SHA-1:     5BAA61E4C9B93F3F0682250B6CF8331B7EE68FD8
Base64 encoding of the above: 
NUJBQTYxRTRDOUI5M0YzRjA2ODIyNTBCNkNGODMzMUI3RUU2OEZEOA==

So you see the similarities, but still no cigar!


It's {SHA1}<base64 encoded binary form of sha1 hash>.

for eg.,
$perl -e 'use Digest::SHA1 qw(sha1); print sha1(@ARGV[0]);' password |
base64-encode
W6ph5Mm5Pz8GgiULbPgzG37mj9g=

Plaintext: password
SHA-1: <binary data>
Base64 of above data: W6ph5Mm5Pz8GgiULbPgzG37mj9g=

Cheers,
-- 
Rafal Kupka <rkupka () wdg pl>

By Date By Thread

Current thread:

Re: Netscape Ldap ldif file SHA password cracking Anders Thulin (Dec 01)
- <Possible follow-ups>
- Re: Netscape Ldap ldif file SHA password cracking miguel . dilaj (Dec 01)
  - Re: Netscape Ldap ldif file SHA password cracking Rafał Kupka (Dec 01)
- Re: Netscape Ldap ldif file SHA password cracking m a (Dec 06)
  - RE: Netscape Ldap ldif file SHA password cracking David Cross (Dec 09)
- Re: Netscape Ldap ldif file SHA password cracking noconflic (Dec 09)
- RE: Netscape Ldap ldif file SHA password cracking Bénoni MARTIN (Dec 09)