Date: Sun, 10 Feb 2008 15:32:05 +1300 From: Russell Fulton <r.fulton@...kland.ac.nz> To: john-users@...ts.openwall.com Subject: Re: extracting hashes from openldap for cracking I now have extracted the hashed from ldap and have written a perl script to turn them into a pseudo password file: xxxxx:e2NyeXB0fSQxJEZCOThZSnRXJC9jNUIxVXY1UTZuRlVvcnRpNVo0ZTE=:::Lorna Johnstone yyyyy:e2NyeXB0fSQxJDd0bE91enJWJHFKaGZ1QlpjQjl3OFozOGdnMFlsMy4 =:::Aruna Shandil zzzzzz:e2NyeXB0fSQxJG5PYmE2RGF0JFpHSTFYS2FYRWZEWmFkVFJyblh4QjA=:::Judy Wilford ssssssss:e2NyeXB0fSQxJHR4dG9maHNVJGh1VjdFRW9PdHZqZGg5d0xFS3V6Ny4 =:::Heather Goodey I am guessing that these hashes are SSHA as this is the default for openldap. When I feed this to john I get "no password hashes loaded". On 10/02/2008, at 8:28 AM, Russell Fulton wrote: > Hi Folks > > Bloody spammers have found out webmail system and have managed to > guess a few passwords :( Running JtR over this has been on my todo > list for a long time but never made it to the top :( Now it is > rather urgent, I'm getting sick of playing whack a mole! > > The IMAP server which all the cracked accounts are on uses openldap > for authentication. The conf files says that the passwords are > stored in crypt hashes and the database is ldbm. > > Given time I am sure I can cook up some perl to pull the hashes out > into something that I can feed to JtR but I'm hoping that someone > has already done this and can point me to a script. > > Thanks, Russell > > > -- > To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and > reply > to the automated confirmation request that will be sent to you. > -- To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply to the automated confirmation request that will be sent to you.
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.