Solved

please help to fix this base64 decoding script

Posted on 2004-08-23
7
611 Views
Last Modified: 2010-08-05
I have a ldap liff file which I experted from our mail servers database and I wish to run this against a password cracker called Lumberjack to make sure everyone is using secure passwords. I need to enter the system admin password to export this file anyway so I am not bypassing security in any way.

My ldif file has the passwords base64 encoded and the author made the following perl script available via their website at http://www.phenoelit.de/lj/

#!/usr/bin/perl -w

use MIME::Base64;

die "supply file name\n" unless ($file=shift);

die "could not open file\n" unless (open(FD_IN,$file));
while () {
      if ((/^\r/)||(/^\r\n/)) { print "---\n"; }
      if (/dn:+\s+(.+)$/) { print "DN: ".$1."\n"; }
      if (/cn:+\s+(.+)$/) {
            $cnu=decode_base64($1);
            print "CN: ".$cnu."\n";
      }
      if (/userpassword:+\s+(.+)$/i) {
            $pwu=decode_base64($1);
            print "Password: ".$pwu."\n";
      }
}
close FD_IN;

The problem is that whenever I run it against the file I get loads of these errors and the program just appears to go round in an endless loop.

Use of uninitialized value in pattern match (m//) at ./decodeldif line 9.
Use of uninitialized value in pattern match (m//) at ./decodeldif line 9.
Use of uninitialized value in pattern match (m//) at ./decodeldif line 10.
Use of uninitialized value in pattern match (m//) at ./decodeldif line 11.
Use of uninitialized value in pattern match (m//) at ./decodeldif line 15.
Use of uninitialized value in pattern match (m//) at ./decodeldif line 9.
Use of uninitialized value in pattern match (m//) at ./decodeldif line 9.
Use of uninitialized value in pattern match (m//) at ./decodeldif line 10.
Use of uninitialized value in pattern match (m//) at ./decodeldif line 11.
Use of uninitialized value in pattern match (m//) at ./decodeldif line 15.
Use of uninitialized value in pattern match (m//) at ./decodeldif line 9.
Use of uninitialized value in pattern match (m//) at ./decodeldif line 9.

Thanks
0
Comment
Question by:grblades
  • 4
  • 3
7 Comments
 
LVL 18

Expert Comment

by:kandura
ID: 11871586
that's because you have an empty while condition!

It looks like you intended to write

    while(<FD_IN>) {

0
 
LVL 18

Expert Comment

by:kandura
ID: 11871612
If you want to avoid the warnings, then at least turn on strict as well.

    use strict;
    use warnings;   # you already have this through the -w switch on the first line

That will probably tell you that there are a number of variables which are not defined: $file, $cnu, $pwu.

0
 
LVL 36

Author Comment

by:grblades
ID: 11871746
Thanks. I now get the following errors :-

Global symbol "$file" requires explicit package name at ./decodeldif line 4.
Global symbol "$file" requires explicit package name at ./decodeldif line 5.
Global symbol "$cnu" requires explicit package name at ./decodeldif line 10.
Global symbol "$cnu" requires explicit package name at ./decodeldif line 11.
Global symbol "$pwu" requires explicit package name at ./decodeldif line 14.
Global symbol "$pwu" requires explicit package name at ./decodeldif line 15.
Execution of ./decodeldif aborted due to compilation errors.

New source :-

use MIME::Base64;
use strict;
die "supply file name\n" unless ($file=shift);
die "could not open file\n" unless (open(FD_IN,$file));
while (<FD_IN>) {
        if ((/^\r/)||(/^\r\n/)) { print "---\n"; }
        if (/dn:+\s+(.+)$/) { print "DN: ".$1."\n"; }
        if (/cn:+\s+(.+)$/) {
                $cnu=decode_base64($1);
                print "CN: ".$cnu."\n";
        }
        if (/userpassword:+\s+(.+)$/i) {
                $pwu=decode_base64($1);
                print "Password: ".$pwu."\n";
        }
}
close FD_IN;
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 18

Accepted Solution

by:
kandura earned 250 total points
ID: 11871795
exactly :-)

Add a line below the "use strict" to declare your variables:

    my ($file, $cnu, $pwu);
0
 
LVL 36

Author Comment

by:grblades
ID: 11872293
Thanks it is working now. I had to comment out a bit as the usernames did not need decoding and and to do a bit of fiddling with grep and sed afterwards but it is now working great.
0
 
LVL 18

Expert Comment

by:kandura
ID: 11872386
I just checked that website, and they forgot to html encode their perl source code. The <FD_IN> was in there, but our browsers interpret that as an html tag ;)
0
 
LVL 36

Author Comment

by:grblades
ID: 11872437
:)
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

On Microsoft Windows, if  when you click or type the name of a .pl file, you get an error "is not recognized as an internal or external command, operable program or batch file", then this means you do not have the .pl file extension associated with …
There are many situations when we need to display the data in sorted order. For example: Student details by name or by rank or by total marks etc. If you are working on data driven based projects then you will use sorting techniques very frequently.…
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
Concerto provides fully managed cloud services and the expertise to provide an easy and reliable route to the cloud. Our best-in-class solutions help you address the toughest IT challenges, find new efficiencies and deliver the best application expe…

932 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now