Monday, October 31, 2016

LDAP base64 conversion for cracking

 ldif and ldap password extraction  
   
 when you extract passwords from ldap, they're salted.  
 you need to convert them to their hashes.  
   
 why? well. because of RFC2307  
   
   userpasswordvalue = cleartext-password / prefix b64-hashandsalt  
   
   prefix    = "{" scheme "}"  
   scheme = %x30-39 / %x41-5A / %x61-7a / %x2D-2F / %x5F  
      ;0-9, A-Z, a-z, "-", ".", "/", or "_"  
   
   b64-hashandsalt = <base64 of hashandsalt>  
   
   hashandsalt = password-hash salt  
   
   password-hash = <digest of cleartext-password salt>  
   
   cleartext-password = %x00-FF  
   
   salt = %x00-FF  
   
 yes. that.  

 in a previous post i've already mentioned how to extract uids  
 and passwords into a nice long list for jtr...  
     
 you'll need python and the script below which will convert the list  
 line by line. it'll work for base64 passwords:  
 MD5, SHA, SHA1, SSHA, SHA256, SSHA256, &c.   
 
 first, do some text preparation:  
 # cut -d ":" -f1 userpassword.out > userpassword.left  
 # cut -d ":" -f2 userpassword.out > userpassword.base64  


 ..................  
   
 #!/usr/bin/python  
   
 # base64tohex.py  
   
 import binascii  
 import base64  
 import sys  
   
 f=open(sys.argv[1],"r")  
   
 #read in lines - and decode  
 for x in f.xreadlines():  
   x=x.rstrip('\n')  
   try:  
     print binascii.hexlify(base64.b64decode(x))  
   except:  
     print "Error: "+x  
   
 ..................  
   
 # ./base64tohex.py userpassword.base64 > userpassword.right  
 # paste -d : userpassword.left userpassword.right > userpassword.out  
   
 and if you can't figure out what is want in terms of hashes, use hash-identifier for singletons.
 use hashid for lists.
 
 # hashid userpassword.right -o userpassword.hashid
 
 after base64 conversion, of course.  
Post a Comment