Lumberjack

[Download |Documentation |Targets |Mail ]

Documentation

Disclaimer

The license for all Phenoelit tools can be found here.

Thanx

Thanx go to David E. Storey (http://www.tamos.net/~dave/) for it's code in the OpenLDAP project.

Introduction

Lumberjack is a program to check LDAP Data Interchange Format files (ldif files) for weak passwords. It works local and you don't need a network connection at all. For online tests of LDAP servers use k0Ld.
Lumberjack works in some different modes. It is compairable to the UNIX tools John the Ripper and crack or to the Windows tool L0phtCrack but not such advanced software.
LDAP is one of the rising technologies in these days. Many companies use central LDAP servers for the management of user accounts especialy for mail servers. Netscape Directory Server and the free OpenLDAP server are two of the best products.
To exchange informations betwen LDAP Servers which are not set up for replication or for backup proposes exist the ldif format. It is a text based file format, which stores the complete (or parts of a) tree.
In this ldif file are informations like: This is the point to start from. The passwords may be encrypted. There are ldif files without encrypted passwords, but if you can get such a file you are the lucky guy and don't need Lumberjack at all.
For the encrypted passwords: The ldif definition allows different encryption methodes. Common used are SHA, MD5 and crypt. Some servers (like Netscape) use other encryptions. If you have informations about other stuff - mail me and I add support of them to Lumberjack.
SHA and MD5 are not really encryption. They are hash keys. A hash is a kind of check sum. Therefor is one of the primary functionality to result in the same string for the same clear text (unlike crypt - where 4096 differnent results are possible).

How to use ...

The usage is simple but you have to understand the basics.
First of all: Use the ldifclean.sh first with your ldif file - for better results (or for results at all!).
./ldifclean.sh company.ldif my.ldif
Assumed you have a ldif file called a.ldif and a wordlist named wordlist.txt just enter:
./lj -w wordlist.txt -f a.ldif
and wait. The options of Lumberjack are: Some hints:

Technical details

Lumberjack supports the following hash codes: Support for SSHA and SMD5 is not tested. I guess it does not work because I had a lot of trouble with the salting. If you have a SSHA or SMD5 ldif file with known passwords: send it to me !