Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 16 Aug 2011 05:55:21 -0700 (PDT)
From: firstname lastname <psykosonik_frequenz@...oo.com>
To: john-users@...ts.openwall.com
Subject: Re: SSHA Format Hashes for JTR

Thanks for the script Samuele. It's interesting. So, the input to this script is going to be a text file of plain text passwords. It will parse it and format into {SSHA}hash the output.

Please let me know if I am correct.

Regards,
NeonFlash

--- On Tue, 8/16/11, Samuele Giovanni Tonon <samu@...uxasylum.net> wrote:

> From: Samuele Giovanni Tonon <samu@...uxasylum.net>
> Subject: Re: [john-users] SSHA Format Hashes for JTR
> To: john-users@...ts.openwall.com
> Date: Tuesday, August 16, 2011, 5:50 PM
> On 08/16/11 13:26, firstname lastname
> wrote:
> > I would like to know, how to format a given hash into
> a suitable form which can be understood by JTR to crack
> SSHA1 hash type?
> > 
> > The format which JTR accepts for Netscape LDAP hashes
> is:
> > 
> > {SSHA}hash
> > 
> > the hash here seems to be base64 encoded.
> > 
> > The perl scripts included in the JTR package can be
> used to extract the passwords from LDAP. But I am interested
> in learning how to convert a hash into this format.
> > 
> > Where can I find more details about how exactly this
> algorithm is used to hash a given plaintext?
> 
> this script should help you understand how ssha works
> 
> #!/usr/bin/python
> 
> import sys
> import hashlib
> import base64
> import os
> 
> def makeSecret(password):
>     salt = os.urandom(4)
>     h = hashlib.sha1(password)
>     h.update(salt)
>     return base64.encodestring(h.digest() +
> salt)
> 
> def checkPassword(challenge_password, password):
>     challenge_bytes =
> decode(challenge_password[6:])
>     digest = challenge_bytes[:20]
>     salt = challenge_bytes[20:]
>     hr = hashlib.sha1(password)
>     hr.update(salt)
>     return digest == hr.digest()
> 
> 
> fp = file(sys.argv[1],'r')
> fw = file(sys.argv[2],'w')
> for line in fp.readlines():
>         mypwd =
> makeSecret(line.strip('\n'))
>         print
> "{SSHA}%s:%s"%(mypwd.strip(),line.strip('\n'))
> fp.close()
> fw.close()
> 
> 
> regards
> Samuele
> 

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.