Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <229696.31561.qm@web35306.mail.mud.yahoo.com>
Date: Sun, 7 Nov 2010 19:22:41 -0800 (PST)
From: William <phoolon_devi@...oo.com>
To: john-users@...ts.openwall.com
Subject: Re: which john & options to use for Mac OS X 10.4+ salted SHA-1 using OSX 10.6?

1.  Yes, .dmg.  And I think it was xpwdump: it was quite a while ago. 

2.  I just ran "john".  Maybe it was an old version (like I said, I bought the pro about 6 years ago.  Where can I get the latest pro, just to check?).

3. I'll try it without extracting the .zip (at work now)
 use "chmod +x john"  gets "john: no such file or directory"

4.  the pattern I remember is two letters (either upper or lower case), then two numbers (from the set 02, 03, 04, 05 or 06), then either an * or !, then two more letters (if the first were upper, the second are lower and vice versa), then two more numbers from the set above.

Thanks,
William



--- On Sat, 11/6/10, Solar Designer <solar@...nwall.com> wrote:

From: Solar Designer <solar@...nwall.com>
Subject: Re: [john-users] which john & options to use for Mac OS X 10.4+ salted SHA-1 using OSX 10.6?
To: john-users@...ts.openwall.com
Date: Saturday, November
 6, 2010, 7:36 PM

William,

On Fri, Nov 05, 2010 at 06:05:21PM -0700, William wrote:
> 1.  You're right: the .iso has the same password as the account I was using that I used the unshadow on,

You mean you used xpwdump?  unshadow does not support OS X shadow files.

> so I have the .iso, but the account has since been deleted, so it's from the account, but I need the pw for the .iso.

Just how is this .iso password protected?  This sounds weird to me.
Maybe you mean something different, like a .dmg?

> 2.  > When i loaded it onto the MacMini, I had to dl Rosetta...
> There was no error message, it just said "need to download Rosetta ok/no" so I hit "ok" and it did.

OK, thanks for the info.  We'll keep this in mind in case more people
report the problem or we manage to reproduce it ourselves.

Is it possible that you ran the
 "john_G3" program instead of or in
addition to just "john"?  If so, it's obvious that "john_G3" would
require Rosetta, but you should not be using "john_G3" on a modern Mac.

> 3.  I tried "./john" on the 1.7.6 with no luck, ...

Are you sure you were in the "run" directory when you did that?  Another
thing to check is file permissions - use "chmod +x john" to make sure the
file has executable permissions.  (It does in the ZIP archive, but maybe
that was lost when you extracted - depending on how you did that.)

> 4.  The pw was 6 or 7 characters, all lower case, with either two or four numbers and one punctuation, either a * or a !, I can't remember which.

This sounds crackable, but you may need to focus the attack (based on
the info above) to get the password cracked sooner rather than later.

Do you imply that the password started with letters, which were followed
by
 digits, and finally by a punctuation character?  Or are these
different kinds of characters possibly mixed in arbitrary order?  This
makes a lot of a difference.

If you post more specific and non-ambiguous info (and also some examples
of what the password could and could not be), I might be able to provide
instructions to have JtR focus on just the desired patterns.

> I actually created the pw to be uncrackable, so perhaps I did too good a job.

Not quite.  Perhaps you're not focusing the attack enough, or maybe
you're attacking a hash of a different password.

Alexander



      

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.