Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Fri, 16 Sep 2005 17:32:47 -0300
From: Egon Hilgenstieler <egon@....ufpr.br>
To: john-users@...ts.openwall.com
Subject: Using john to crack {md5} LDAP passwords

Hi All,

I'm using john to crack my user's LDAP accounts. I can successfully run
john with entries like this:

(...)
userPassword: {crypt}YS7pDyBiCFK/A:1004:1005:Marcos
(...)

I just construct a passwd entry like this:

user1:YS7pDyBiCFK/A:1004:1005:User 1:/home/user1:/bin/bash

John recognize it as 'Standard DES'. However, a have users with entries
like this:

(...)
userPassword: {md5}06o0nI2TLqcfEaoJa6KfYQ==
(...)

John does not recognize this entry as MD5:

user2:06o0nI2TLqcfEaoJa6KfYQ==:2054:1020::/home/user2:/bin/bash

I thought that '06o0nI2TLqcfEaoJa6KfYQ==' should be 'FreeBSD's
MD5-based'. (It's not raw-MD5 either). Shouldn't it work? Or LDAP use a
unsupported type o MD5?

Thanks in advance.

Egon



Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ