Lumberjack
[Download
|Documentation
|Targets
|Mail
]
Documentation
Disclaimer
This program comes as it is. Use it at your own risk. This is free software with ABSOLUTELY NO WARRANTY. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of FITNESS FOR A PARTICULAR PURPOSE. It is free software but not under the terms of GNU General Public License. Modification is not permitted. Use it as it is or let it be. Redistribution is not permitted. You can give it to others for free. Exceptions are comercials: You need to ask me! Donīt use it for comercial proposes without permissions explicit given to you. You can get such permissions only from the owner of the copyrights.
Thanx
Thanx go to David E. Storey (http://www.tamos.net/~dave/) for it's code in the OpenLDAP project.
Introduction
Lumberjack is a program to check LDAP Data Interchange Format files (ldif files) for weak passwords. It works local and you don't need a network connection at all. For online tests of LDAP servers use k0Ld.
Lumberjack works in some different modes. It is compairable to the UNIX tools John the Ripper and crack or to the Windows tool L0phtCrack but not such advanced software.
LDAP is one of the rising technologies in these days. Many companies use central LDAP servers for the management of user accounts especialy for mail servers. Netscape Directory Server and the free OpenLDAP server are two of the best products.
To exchange informations betwen LDAP Servers which are not set up for replication or for backup proposes exist the ldif format. It is a text based file format, which stores the complete (or parts of a) tree.
In this ldif file are informations like:
- Usernames
- Passwords
- Email address
- a lot of infos
This is the point to start from. The passwords may be encrypted. There are ldif files without encrypted passwords, but if you can get such a file you are the lucky guy and don't need Lumberjack at all.
For the encrypted passwords: The ldif definition allows different encryption methodes. Common used are SHA, MD5 and crypt. Some servers (like Netscape) use other encryptions. If you have informations about other stuff - mail me and I add support of them to Lumberjack.
SHA and MD5 are not really encryption. They are hash keys. A hash is a kind of check sum. Therefor is one of the primary functionality to result in the same string for the same clear text (unlike crypt - where 4096 differnent results are possible).
How to use ...
The usage is simple but you have to understand the basics.
First of all: Use the ldifclean.sh first with your ldif file - for better results (or for results at all!).
./ldifclean.sh company.ldif my.ldif
Assumed you have a ldif file called a.ldif and a wordlist named wordlist.txt just enter:
./lj -w wordlist.txt -f a.ldif
and wait.
The options of Lumberjack are:
Some hints:
Technical details
Lumberjack supports the following hash codes:
- SHA (native)
- MD5 (native)
- crypt (native since V 0.2.7)
- NS-MTA-MD5 (native since V 0.2.2)
Support for SSHA and SMD5 is not tested. I guess it does not work because I had a lot of trouble with the salting. If you have a SSHA or SMD5 ldif file with known passwords: send it to me !