Hash
De Linuxmemo.
(→LDAP) |
(→LDAP) |
||
| Ligne 72 : | Ligne 72 : | ||
| - | echo "e3NzaGF9NTIyZXI0Y2FoRitvWVIzS1JtYUpFYUhUWXFYZzJKZEV3SUN5VlE9PQ"| base64 -d | + | echo "e3NzaGF9NTIyZXI0Y2FoRitvWVIzS1JtYUpFYUhUWXFYZzJKZEV3SUN5VlE9PQ="| base64 -d |
{ssha}522er4cahF+oYR3KRmaJEaHTYqXg2JdEwICyVQ== | {ssha}522er4cahF+oYR3KRmaJEaHTYqXg2JdEwICyVQ== | ||
echo "522er4cahF+oYR3KRmaJEaHTYqXg2JdEwICyVQ" | cut -b1-20 | echo "522er4cahF+oYR3KRmaJEaHTYqXg2JdEwICyVQ" | cut -b1-20 | ||
Version du 16 février 2018 à 16:13
Sommaire |
Ubuntu password storage
$1 = MD5 hashing algorithm. $2 =Blowfish Algorithm is in use. $2a=eksblowfish Algorithm $5 =SHA-256 Algorithm $6 =SHA-512 Algorithm
https://en.wikipedia.org/wiki/Crypt_(C)
$5$salt$encrypted is an SHA-256 encoded password. $6$salt$encrypted is an SHA-512 encoded one.
How to generate a shadow style password hash?
[root@localhost ~]# openssl passwd -1 redhat123 $1$jp5rCMS4$mhvf4utonDubW5M00z0Ow0
sha1pass - Create a SHA1 password hash sha1pass [PASSWORD] [SALT]
Format
http://openwall.info/wiki/john/hash-formats
<hash> When only the hash is present, JtR will output ”?” as the username when showing and or cracking. <username>:<hash> (This is a basic/generic format) <useruame>:<hash>:<uid>:<gid>:<GECOS>:<directory>:<shell> (This is a typical *nix “unshadowed” format) <username>:<uid>:<LM-hash>:<NTLM-hash>:<comment>:<homedir>: (This is a PWDump Format)
???
MD5 hashed password using the MD5 hash algorithm SMD5 MD5 with salt SHA hashed password using the SHA-1 hash algorithm SSHA SHA-1 with salt
Outils
- online
http://www.lorem-ipsum.co.uk/hasher.php
- commande pour générer des mots de passe Unix like (Shadow)
mkpasswd --method=help Méthodes disponibles : des standard 56 bit DES-based crypt(3) md5 MD5 sha-256 SHA-256 sha-512 SHA-512 mkpasswd --method=sha-512 --salt=ilgneZZz MotDePass $6$ilgneZZz$3F0CFqdnusWgqidMGk0.7n7nGjjSyDLUXnY3/qYWKYlOhygJx05JuxmK6xTrCgeBP/CLZYOZ3F2Jc5TZ9w.XJ/
If you don't provide mkpasswd with a salt it will automatically generate a random salt.
Astuces
- comparer 2 hash
if [ "$hash1" = "$hash2" ]; then echo same; fi
Voir hashid
LDAP
Base64Encode(SHA1(salt+password)+salt)
So inside that Base64 value you have both the hash and salt.
With SSHA, normally the salt is appended to the SHA1 hash and then the whole thing is Base64 encoded (I've never seen an LDAP that didn't do SSHA this way). You should be able to tell this by looking at the userPassword attribute. If it's 28 character long with a = at the end, it's only the hash.
If the Base64 value is 32 character long or greater, it contains both the hash and the salt. Base64 decode the value and strip off the first 20 bytes, this is the SHA1 hash. The remaining bytes are the salt.
Example: Base64 encoded hash with salt
userPassword: {SSHA}MTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0
Base64 decoded value
SHA1 Hash Salt
--------------------++++
123456789012345678901234
echo "e3NzaGF9NTIyZXI0Y2FoRitvWVIzS1JtYUpFYUhUWXFYZzJKZEV3SUN5VlE9PQ="| base64 -d
{ssha}522er4cahF+oYR3KRmaJEaHTYqXg2JdEwICyVQ==
echo "522er4cahF+oYR3KRmaJEaHTYqXg2JdEwICyVQ" | cut -b1-20
522er4cahF+oYR3K
echo "522er4cahF+oYR3KRmaJEaHTYqXg2JdEwICyVQ" | cut -b21-
EaHTYqXg2JdEwICyVQ
