Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 13 Oct 2008 13:45:57 +0200
From: Simon Marechal <simon@...quise.net>
To: john-users@...ts.openwall.com
Subject: Re: OpenLDAP MD5/SMD5 format challenges

mikes@...arget.dissimulo.com a écrit :
> Kind greetings.
> 
> I am auditing an OpenLDAP installation, and using
> 
>      John the Ripper password cracker, version 1.7.3.1-all-4
> 
> 
> The environment has allowed password updates from many flavors of system,
> so the passwords stored are in a variety of formats.
> 
> The approach I have taken is to use slapcat to get an ldif of the entire
> OpenLDAP directory, and then use a perl script (attached) to create a file
> in unix passwd format. I'm relying on the Net::LDAP::LDIF perl module to
> get me the correct hash out of the ldif file, but this is a simple
> conversion from BASE64 encoding.
> 
> The resulting passwd file includes the passwords prefixes {SHA}, {SSHA},
> {MD5}, {SMD5}, {crypt}, and {CRYPT}, which I grep out into individual
> files. However, the only ones which John is able to crack are the
> SHA/SSHA--it simply reports "No password hashes loaded".
> 
> Here are some example hashes from the file:
> 
> user1-name:{MD5}1sX2lBwQnaZTM/cZQjO+jg==:::User One::
> user2-name:{MD5}ulQpAH+q5PQM5jliIOe0Og==:::User Two::
> user3-name:{MD5}oKCTtakzqP+Ife1fqCNU7w==:::User Three::
> 
> user4-name:{SMD5}w69h8/CxcxDeTUUpLTIGQ4lw3WU=:::User Four::
> user5-name:{SMD5}U/Jcj9rFigQYysYUPxuPmrnHH+A=:::User Five::
> user6-name:{SMD5}ZXMtyrnt10H6xqmo4VckqV8mM6E=:::User Six::
> 
> I performed the base64 conversion of the some password strings at the
> command line, and the output matched, so I don't believe it to be a
> problem with the perl module.
> 
> 
> Can anyone provide guidance or suggestions? My reading of the
> documentation is that both MD5 types as well as crypt ought to be
> supported out of OpenLDAP...

Hello,

	I recently had a discussion about this issue. MD5 is just to be base64 
decoded and hex-encoded for it to be loaded with raw-md5. I suppose it 
should be the same for {CRYPT}. SMD5 might require code to be actually 
written.

Simon

-- 
To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply
to the automated confirmation request that will be sent to you.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.