|
Message-ID: <C6950ABE-0706-4929-A126-32FAA4F065F9@llnl.gov> Date: Mon, 26 Sep 2011 15:07:10 -0700 From: "Link, Peter R." <link1@...l.gov> To: "john-users@...ts.openwall.com" <john-users@...ts.openwall.com> Subject: Re: Mac OS X 10.7 Lion password hashes (salted SHA-512) Jean-Michel, Where did you get the Data::plist module? Running on a 10.7 Mac with Xcode, it gives me an error on line 14. Running your script gives an error message saying it's looking in all the normal perl locations. Is this command limited to the Darwin port and not included in the normal OSX distribution? On Sep 26, 2011, at 2:38 PM, Jean-Michel PICOD wrote: Here is another version of a perl script to convert plist files into shadow files. This one is relying on Data::plist module to fully parse the file. It's output should be the same as Jim & Solar script. I wasn't sure of where to upload it on the wiki so this thread was still the best option I think. I will soon improve it to also handle xml output generated with plist util (with autodetection of course). Then, I will try to add a light pure-perl plist parser that will be used as a fail-back option if Data::plist is not installed. It seems that plist files can also contain other hashes that salted sha512 (SMB, server and server with SMB). I can add those format too if I am provided plist samples. There may be bugs, so don't hesitate to report them. Jean-Michel Le dimanche 25 septembre 2011, Link, Peter R. a écrit : I bought all.lst so I probably don't have john.conf configured properly to use it. On Sep 25, 2011, at 11:01 AM, Solar Designer wrote: > On Fri, Sep 23, 2011 at 08:16:39AM -0700, Link, Peter R. wrote: >> It tool 17min 50 sec to crack the new password on a 2.4GHz MacBook Pro (circa 2007). I created the password file by hand. > > Apparently, you didn't have "tomorrow" in your wordlist. Indeed, > password.lst supplied with JtR doesn't have it (not in top 3000 or so). > Using all.lst (from the Openwall wordlists collection), JtR cracks this > password in under a second. > >> robert1new.plist is the one that doesn't work. > > Here's a corrected version. This one works on both files for me. > (Replaced "." with "[\x00-\xff]" to match linefeed characters as well.) > > --- > #!/usr/bin/perl > > read(STDIN, $_, 1000000) || die; > > ($hash) = /bplist00\xd1\x01\x02\x5dSALTED-SHA512\x4f\x10\x44([\x00-\xff]{68})/; > if (!$hash) { > print "Could not find a Mac OS X 10.7 Lion salted SHA-512 hash\n"; > exit 1; > } > > print unpack('H*', $hash), "\n"; > --- > > Thanks, > > Alexander Peter Link Cyber Security Analyst Cyber Security Program Lawrence Livermore National Laboratory PO Box 808, L-315 Livermore, CA 94550 link1@...l.gov<javascript:;> <OS_X_Lion2john.pl> Peter Link Cyber Security Analyst Cyber Security Program Lawrence Livermore National Laboratory PO Box 808, L-315 Livermore, CA 94550 link1@...l.gov<mailto:link1@...l.gov>
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.