Web lists-archives.com

[Samba] Encoding problem with the unicodePwd stored into sam.ldb




hello,

I use Samba 4.9.5 on Linux Debian 9.

I want to extract users' passwords. A lot of passwords are ok, some are not.

Example with a password returning an error :
# ldbsearch -H /var/lib/samba/private/sam.ldb '(primaryGroupID=513)'
userPrincipalName unicodePwd
....
# record 494
dn: CN=XXX,CN=Users,DC=YYY,DC=ZZZ,DC=fr
unicodePwd:: wXQvJaSkn0gvg1POsY9Icw==
uidNumber: 5110
userPrincipalName: XXX
...
ok. Then, I convert the password from utf-16 to hex :
$ echo 'wXQvJaSkn0gvg1POsY9Icw==' | base64 -d -w 0 | hexdump -e '/1 "%02X"'
C1742F25A4*
9F482F8353CEB18F4873

why there is a * and a new line ? base64 (and hexdump) are silent about
that.

If I run hd instead of hexdump :
00000000  c1 74 2f 25 a4 a4 9f 48  2f 83 53 ce b1 8f 48 73
|.t/%...H/.S...Hs|

the problem is with the second 0xa4 character.

Is the format of the password stored in smb.ldb correct ? If not how could
I correct it ?

thank you for your help.

-- 
Jean-Yves Boisiaud - Alcor Consulting
49, rue du Chemin Vert
49300 Cholet
mobile : +33 6 63 71 73 46
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba