Penetration Testing mailing list archives
RE: Netscape Ldap ldif file SHA password cracking
From: "David Cross" <davidcross () post-n-track com>
Date: Tue, 7 Dec 2004 16:32:01 -0700
Your decode will be 4 bytes to 3. By my count you should have a value 21 characters in length (the standard size of a Sha1 hash value). The value decoded will likely be unprintable characters. Cheers! David Cross, CISSP www.TrustSecurityConsulting.com -----Original Message----- From: m a [mailto:aznxy () yahoo com] Sent: Saturday, December 04, 2004 2:46 PM To: pen-test () securityfocus com Subject: Re: Netscape Ldap ldif file SHA password cracking In-Reply-To: <1101926493.2987.8.camel () kupson fdns net> So for instance I have: Ufg2qpbbabSRrOGhVLsvpZHshTc= (Base-64) The decode would be: Q6iT/7 Does that look right? Thanks Ufg2qpbbabSRrOGhVLsvpZHshTc=
Received: (qmail 5416 invoked from network); 1 Dec 2004 22:47:31 -0000 Received: from outgoing.securityfocus.com (HELO
outgoing2.securityfocus.com) (205.206.231.26)
by mail.securityfocus.com with SMTP; 1 Dec 2004 22:47:31 -0000 Received: from lists.securityfocus.com (lists.securityfocus.com
[205.206.231.19])
by outgoing2.securityfocus.com (Postfix) with QMQP id 603E01436F3; Wed, 1 Dec 2004 15:37:11 -0700 (MST) Mailing-List: contact pen-test-help () securityfocus com; run by ezmlm Precedence: bulk List-Id: <pen-test.list-id.securityfocus.com> List-Post: <mailto:pen-test () securityfocus com> List-Help: <mailto:pen-test-help () securityfocus com> List-Unsubscribe: <mailto:pen-test-unsubscribe () securityfocus com> List-Subscribe: <mailto:pen-test-subscribe () securityfocus com> Delivered-To: mailing list pen-test () securityfocus com Delivered-To: moderator for pen-test () securityfocus com Received: (qmail 14333 invoked from network); 1 Dec 2004 18:40:39 -0000 Subject: Re: Netscape Ldap ldif file SHA password cracking From: =?iso-8859-2?Q?Rafa=B3?= Kupka <rkupka () wdg pl> To: pen-test () securityfocus com In-Reply-To:
<OFFACE3FD4.DFF865D5-ON80256F5D.0058AC4E-80256F5D.0059B474 () EU novartis net>
References:
<OFFACE3FD4.DFF865D5-ON80256F5D.0058AC4E-80256F5D.0059B474 () EU novartis net>
Content-Type: text/plain Date: Wed, 01 Dec 2004 19:41:33 +0100 Message-Id: <1101926493.2987.8.camel () kupson fdns net> Mime-Version: 1.0 X-Mailer: Evolution 2.0.2 Content-Transfer-Encoding: 7bit Miguel.dilaj () pharma novartis com wrote: Hello, [cut]My first guess is some kind of Base64 encoding (or similar) of the string
without the '{SHA}'. Example: plaintext: password SHA-1: 5BAA61E4C9B93F3F0682250B6CF8331B7EE68FD8 Base64 encoding of the above: NUJBQTYxRTRDOUI5M0YzRjA2ODIyNTBCNkNGODMzMUI3RUU2OEZEOA== So you see the similarities, but still no cigar!It's {SHA1}<base64 encoded binary form of sha1 hash>. for eg., $perl -e 'use Digest::SHA1 qw(sha1); print sha1(@ARGV[0]);' password | base64-encode W6ph5Mm5Pz8GgiULbPgzG37mj9g= Plaintext: password SHA-1: <binary data> Base64 of above data: W6ph5Mm5Pz8GgiULbPgzG37mj9g= Cheers, -- Rafal Kupka <rkupka () wdg pl>
Current thread:
- Re: Netscape Ldap ldif file SHA password cracking Anders Thulin (Dec 01)
- <Possible follow-ups>
- Re: Netscape Ldap ldif file SHA password cracking miguel . dilaj (Dec 01)
- Re: Netscape Ldap ldif file SHA password cracking Rafał Kupka (Dec 01)
- Re: Netscape Ldap ldif file SHA password cracking m a (Dec 06)
- RE: Netscape Ldap ldif file SHA password cracking David Cross (Dec 09)
- Re: Netscape Ldap ldif file SHA password cracking noconflic (Dec 09)
- RE: Netscape Ldap ldif file SHA password cracking Bénoni MARTIN (Dec 09)