[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <1938F5A3-78EB-43AE-9972-AED590F377EB@llnl.gov>
Date: Sun, 25 Sep 2011 12:55:42 -0700
From: "Link, Peter R." <link1@...l.gov>
To: "john-users@...ts.openwall.com" <john-users@...ts.openwall.com>
Subject: Re: Mac OS X 10.7 Lion password hashes (salted SHA-512)
I bought all.lst so I probably don't have john.conf configured properly to use it.
On Sep 25, 2011, at 11:01 AM, Solar Designer wrote:
> On Fri, Sep 23, 2011 at 08:16:39AM -0700, Link, Peter R. wrote:
>> It tool 17min 50 sec to crack the new password on a 2.4GHz MacBook Pro (circa 2007). I created the password file by hand.
>
> Apparently, you didn't have "tomorrow" in your wordlist. Indeed,
> password.lst supplied with JtR doesn't have it (not in top 3000 or so).
> Using all.lst (from the Openwall wordlists collection), JtR cracks this
> password in under a second.
>
>> robert1new.plist is the one that doesn't work.
>
> Here's a corrected version. This one works on both files for me.
> (Replaced "." with "[\x00-\xff]" to match linefeed characters as well.)
>
> ---
> #!/usr/bin/perl
>
> read(STDIN, $_, 1000000) || die;
>
> ($hash) = /bplist00\xd1\x01\x02\x5dSALTED-SHA512\x4f\x10\x44([\x00-\xff]{68})/;
> if (!$hash) {
> print "Could not find a Mac OS X 10.7 Lion salted SHA-512 hash\n";
> exit 1;
> }
>
> print unpack('H*', $hash), "\n";
> ---
>
> Thanks,
>
> Alexander
Peter Link
Cyber Security Analyst
Cyber Security Program
Lawrence Livermore National Laboratory
PO Box 808, L-315
Livermore, CA 94550
link1@...l.gov
Powered by blists - more mailing lists
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
