Date: Sun, 10 Feb 2008 16:20:22 +1300 From: Russell Fulton <r.fulton@...kland.ac.nz> To: john-users@...ts.openwall.com Subject: Re: extracting hashes from openldap for cracking One last bit of information: I'm now using the 220.127.116.11 + jumbo patch build for Mac OS X on PowerPC (959 KB), by Erik Winkler version of JtR with --format=nsldap Russell On 10/02/2008, at 3:32 PM, Russell Fulton wrote: > I now have extracted the hashed from ldap and have written a perl > script to turn them into a pseudo password file: > > xxxxx:e2NyeXB0fSQxJEZCOThZSnRXJC9jNUIxVXY1UTZuRlVvcnRpNVo0ZTE > =:::Lorna Johnstone > yyyyy:e2NyeXB0fSQxJDd0bE91enJWJHFKaGZ1QlpjQjl3OFozOGdnMFlsMy4 > =:::Aruna Shandil > zzzzzz:e2NyeXB0fSQxJG5PYmE2RGF0JFpHSTFYS2FYRWZEWmFkVFJyblh4QjA > =:::Judy Wilford > ssssssss:e2NyeXB0fSQxJHR4dG9maHNVJGh1VjdFRW9PdHZqZGg5d0xFS3V6Ny4 > =:::Heather Goodey > > I am guessing that these hashes are SSHA as this is the default for > openldap. > > When I feed this to john I get "no password hashes loaded". > > On 10/02/2008, at 8:28 AM, Russell Fulton wrote: > >> Hi Folks >> >> Bloody spammers have found out webmail system and have managed to >> guess a few passwords :( Running JtR over this has been on my todo >> list for a long time but never made it to the top :( Now it is >> rather urgent, I'm getting sick of playing whack a mole! >> >> The IMAP server which all the cracked accounts are on uses openldap >> for authentication. The conf files says that the passwords are >> stored in crypt hashes and the database is ldbm. >> >> Given time I am sure I can cook up some perl to pull the hashes out >> into something that I can feed to JtR but I'm hoping that someone >> has already done this and can point me to a script. >> >> Thanks, Russell >> >> >> -- >> To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com >> and reply >> to the automated confirmation request that will be sent to you. >> > > > -- > To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and > reply > to the automated confirmation request that will be sent to you. > -- To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply to the automated confirmation request that will be sent to you.
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.