Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 10 Feb 2008 16:20:22 +1300
From: Russell Fulton <r.fulton@...kland.ac.nz>
To: john-users@...ts.openwall.com
Subject: Re: extracting hashes from openldap for cracking

One last bit of information:  I'm now using the

1.7.0.1 + jumbo patch build for Mac OS X on PowerPC (959 KB), by Erik  
Winkler
version of JtR with --format=nsldap

Russell


On 10/02/2008, at 3:32 PM, Russell Fulton wrote:

> I now have extracted the hashed from ldap and have written a perl  
> script to turn them into a pseudo password file:
>
> xxxxx:e2NyeXB0fSQxJEZCOThZSnRXJC9jNUIxVXY1UTZuRlVvcnRpNVo0ZTE 
> =:::Lorna Johnstone
> yyyyy:e2NyeXB0fSQxJDd0bE91enJWJHFKaGZ1QlpjQjl3OFozOGdnMFlsMy4 
> =:::Aruna  Shandil
> zzzzzz:e2NyeXB0fSQxJG5PYmE2RGF0JFpHSTFYS2FYRWZEWmFkVFJyblh4QjA 
> =:::Judy Wilford
> ssssssss:e2NyeXB0fSQxJHR4dG9maHNVJGh1VjdFRW9PdHZqZGg5d0xFS3V6Ny4 
> =:::Heather Goodey
>
> I am guessing that these hashes are SSHA as this is the default for  
> openldap.
>
> When I feed this to john I get "no password hashes loaded".
>
> On 10/02/2008, at 8:28 AM, Russell Fulton wrote:
>
>> Hi Folks
>>
>> Bloody spammers have found out webmail system and have managed to  
>> guess a few passwords :( Running JtR over this has been on my todo  
>> list for a long time but never made it to the top :(  Now it is  
>> rather urgent, I'm getting sick of playing whack a mole!
>>
>> The IMAP server which all the cracked accounts are on uses openldap  
>> for authentication.  The conf files says that the passwords are  
>> stored in crypt hashes and the database is ldbm.
>>
>> Given time I am sure I can cook up some perl to pull the hashes out  
>> into something that I can feed to JtR but I'm hoping that someone  
>> has already done this and can point me to a script.
>>
>> Thanks, Russell
>>
>>
>> -- 
>> To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com  
>> and reply
>> to the automated confirmation request that will be sent to you.
>>
>
>
> -- 
> To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and  
> reply
> to the automated confirmation request that will be sent to you.
>


-- 
To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply
to the automated confirmation request that will be sent to you.

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.