User Tools

Site Tools


ldif2passwd.pl

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
ldif2passwd.pl [2006/11/13 13:35]
205.252.23.14
ldif2passwd.pl [2006/11/13 14:50] (current)
andi old revision restored
Line 1: Line 1:
 +====== ldif2passwd.pl ======
  
 +This Perl-Script helps you to build a passwd file from your LDAP data. This is useful to feed it into a password cracker (like [[http://​www.openwall.com/​john/​|john]]) to test for weak passwords.
 +
 +It's just a quick hack. Only passwords are Base64 decoded to decode other fields as well hacke the source.
 +
 +<code perl>
 +#​!/​usr/​bin/​perl
 +use MIME::​Base64;​
 +
 +my %user;
 +while (<>){
 +  $line = $_;
 +
 +  #skip comments
 +  next if($line =~ m/^#/);
 +
 +  #trim whitespaces
 +  $line =~ s/\s*$//;
 +  $line =~ s/^\s*//;
 +
 +  if($line eq ''​){
 +    # print old user
 +    if($user{'​login'​} ne ''​){
 +      print join(':',​$user{'​login'​},​
 +                     ​$user{'​pass'​},​
 +                     ​$user{'​uid'​},​
 +                     ​$user{'​gid'​},​
 +                     ​$user{'​gecos'​},​
 +                     ​$user{'​home'​},​
 +                     ​$user{'​shell'​});​
 +      print "​\n";​
 +    }
 +    # initialize new user
 +    %user = ();
 +    next
 +  }
 +
 +  if($line =~ m/​^uidNumber(::?​) (.*)/i){
 +    $user{'​uid'​} ​  = $2;
 +  }if($line =~ m/​^userPassword(::?​) (.*)/i){
 +    if($1 eq '::'​){
 +      $user{'​pass'​}= ​ decode_base64($2);​
 +      $user{'​pass'​}=~ s/{.*}//;
 +    }else{
 +      $user{'​pass'​}= $2;
 +    }
 +  }elsif($line =~ m/^uid(::?) (.*)/i){
 +    $user{'​login'​} = $2;
 +  }elsif($line =~ m/​^gidNumber(::?​) (.*)/i){
 +    $user{'​gid'​} ​  = $2
 +  }elsif($line =~ m/​^gecos(::?​) (.*)/i){
 +    $user{'​gecos'​} = $2
 +  }elsif($line =~ m/​^loginShell(::?​) (.*)/i){
 +    $user{'​home'​} ​ = $2
 +  }elsif($line =~ m/​^homeDirectory(::?​) (.*)/i){
 +    $user{'​shell'​} = $2
 +  }
 +}
 +</​code>​
 +
 +**Usage:**
 +
 +  $> ldapsearch -L -D '​cn=admin,​dc=foo,​dc=bar'​ -w pass -x -b '​ou=people,​dc=foo,​dc=bar'​ '​objectclass=posixAccount'​ |\
 +     perl ldif2passwd.pl > passwd.1
ldif2passwd.pl.txt ยท Last modified: 2006/11/13 14:50 by andi