Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CABob6iqCe7=c7gnT7JbEpyK7PQ9Qwjzy5XTuMFnhunpJjgQS1Q@mail.gmail.com>
Date: Fri, 7 Sep 2012 20:28:47 +0200
From: Lukas Odzioba <lukas.odzioba@...il.com>
To: john-dev@...ts.openwall.com
Subject: Re: Cracking Mountain Lion hashes (WIP)

2012/9/7 Dhiru Kholia <dhiru.kholia@...il.com>:
> On Fri, Sep 7, 2012 at 11:42 PM, Lukas Odzioba <lukas.odzioba@...il.com> wrote:
>> 2012/9/7 Dhiru Kholia <dhiru.kholia@...il.com>:
>>> On Fri, Sep 7, 2012 at 10:59 PM, Alexander Cherepanov <cherepan@...me.ru> wrote:
>>>> On 07.09.2012 20:28, Dhiru Kholia wrote:
>>>>> Now we need to parse the output of ml2john.py program and figure out
>>>>> what the output means i.e. what is the iteration count, what is salt
>>>>> etc.
>>>>
>>>> Well, ShadowHashData field is also plist. Convert it with the same
>>>> script and you get 'salt', 'entropy' and 'iterations'.
>>>
>>> Thanks!, that worked.
>>>
>>> Next question, where is the actual pbkdf2 hash? I don't see it.
>> Can you post it?
>
> See attached code and earlier archive (use lulu.plist from it)
>
> $ml$23923*32*c3fa2e153466f7619286024fe7d812d0a8ae836295f84b9133ccc65456519fc3*128*ccb903ee691ade6d5dee9b3c6931ebed6ddbb1348f1b26c21add8ba0d45f27e61e97c0b80d9a18020944bb78f1ebda6fdd79c5cf08a12c80522caf987c287b6da10095bb8fd82fcc03803e86675d84744139b694da7cead3c0133033a6257335cb6be0ad68c14f20321315f0ea71670a8b78bc2759ad9751430f0c9c5040617a
>
>> If it is pure sha512pbkdf2 it should be consistent with this:
>>
>> from passlib.hash import grub_pbkdf2_sha512
>> hash = grub_pbkdf2_sha512.encrypt("password", rounds=10964, salt="salt")
>> print hash
>
> Great. This works!
>
> grub.pbkdf2.sha512.23923.C3FA2E153466F7619286024FE7D812D0A8AE836295F84B9133CCC65456519FC3.CCB903EE691ADE6D5DEE9B3C6931EBED6DDBB1348F1B26C21ADD8BA0D45F27E61E97C0B80D9A18020944BB78F1EBDA6FDD79C5CF08A12C80522CAF987C287B6D
>
> This output implies that the actual hash is contained in the first
> part of 'entropy' field. We now have full information to write a
> cracker for Mountain Lion hashes.

Great!

> Lukas,
>
> Can you commit your code for cracking GRUB / Mountain Lion hashes. I
> will clean-up ml2john.py program and commit it to magnum-jumbo.

Now we have test vector so making patch for it will be easy.
I'll send it within an hour. Hopefully JtR will be first 10.8 password cracker:)

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.