Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-Id: <FBE456E9-1418-48D5-8312-7E414A062EDB@gmail.com>
Date: Mon, 23 Apr 2018 04:14:00 -0700
From: Eric Oyen <eric.oyen@...il.com>
To: john-users@...ts.openwall.com
Subject: Re: loading OS X hashes from Davegrohl

ok, the V3 version command also failed with "illegal instruction 4" inside the john/run folder.

it also generated this output in problem reporter:
***
Process:         bash [38503]
Path:            /bin/bash
Identifier:      bash
Version:         ??? (???)
Code Type:       X86-64 (Native)
Parent Process:  bash [38152]

Date/Time:       2018-04-23 04:11:39.762 -0700
OS Version:      Mac OS X 10.7.5 (11G63)
Report Version:  9

Interval Since Last Report:          -118598267 sec
Crashes Since Last Report:           -46
Per-App Crashes Since Last Report:   3
Anonymous UUID:                      DA2AAE55-9DAE-4251-9CB2-E442878C9B7B

Crashed Thread:  Unknown

Exception Type:  EXC_BAD_ACCESS (SIGILL)
Exception Codes: KERN_INVALID_ADDRESS at 0x00007fff5fc01028

Backtrace not available

Unknown thread crashed with X86 Thread State (64-bit):
  rax: 0x0000000000000055  rbx: 0x0000000000000000  rcx: 0x0000000000000000  rdx: 0x0000000000000000
  rdi: 0x0000000000000000  rsi: 0x0000000000000000  rbp: 0x0000000000000000  rsp: 0x0000000000000000
   r8: 0x0000000000000000   r9: 0x0000000000000000  r10: 0x0000000000000000  r11: 0x0000000000000000
  r12: 0x0000000000000000  r13: 0x0000000000000000  r14: 0x0000000000000000  r15: 0x0000000000000000
  rip: 0x00007fff5fc01028  rfl: 0x0000000000010203  cr2: 0x00007fff5fc01028
Logical CPU: 0

Binary images description not available


External Modification Summary:
  Calls made by other processes targeting this process:
    task_for_pid: 0
    thread_create: 0
    thread_set_state: 0
  Calls made by this process:
    task_for_pid: 0
    thread_create: 0
    thread_set_state: 0
  Calls made by all processes on this machine:
    task_for_pid: 10591
    thread_create: 0
    thread_set_state: 0

Model: MacBook3,1, BootROM MB31.008E.B02, 2 processors, Intel Core 2 Duo, 2.2 GHz, 4 GB, SMC 1.24f3
Graphics: Intel GMA X3100, GMA X3100, Built-In, 144 MB
Memory Module: BANK 0/DIMM0, 2 GB, DDR2 SDRAM, 667 MHz, 0x7F98000000000000, 0x393930353239352D3034352E4130314C4600
Memory Module: BANK 1/DIMM1, 2 GB, DDR2 SDRAM, 667 MHz, 0x7F98000000000000, 0x393930353239352D3034352E4130314C4600
AirPort: spairport_wireless_card_type_airport_extreme (0x14E4, 0x88), Broadcom BCM43xx 1.0 (5.10.131.36.15)
Bluetooth: Version 4.0.8f17, 2 service, 11 devices, 1 incoming serial ports
Network Service: Ethernet, Ethernet, en0
Network Service: Wi-Fi, AirPort, en1
Serial ATA Device: Hitachi HTS542525K9SA00, 250.06 GB
Parallel ATA Device: HL-DT-ST DVDRW  GSA-S10N
USB Device: USB 2.0 Hub [MTT], 0x050d  (Belkin Corporation), 0x0237, 0xfd100000 / 3
USB Device: iPhone, apple_vendor_id, 0x12a8, 0xfd110000 / 7
USB Device: Expansion Desk, 0x0bc2  (Seagate LLC), 0x3312, 0xfd150000 / 8
USB Device: External USB 3.0, 0x0480  (Toshiba America Info. Systems, Inc.), 0x0110, 0xfd140000 / 6
USB Device: External USB 3.0, 0x0480  (Toshiba America Info. Systems, Inc.), 0xd011, 0xfd170000 / 5
USB Device: iPhone, apple_vendor_id, 0x12a8, 0xfd120000 / 4
USB Device: Built-in iSight, apple_vendor_id, 0x8501, 0xfd400000 / 2
USB Device: Apple Internal Keyboard / Trackpad, apple_vendor_id, 0x0229, 0x5d200000 / 3
USB Device: IR Receiver, apple_vendor_id, 0x8242, 0x5d100000 / 2
USB Device: Bluetooth USB Host Controller, apple_vendor_id, 0x8205, 0x1a100000 / 2


On Apr 23, 2018, at 3:42 AM, Solar Designer wrote:

> On Mon, Apr 23, 2018 at 03:25:40AM -0700, Eric Oyen wrote:
>> ok, I had to do a little google search. A command turned up I can use called dscl. so I used dscl to dump both the salts and hashes for each user on my system. The command went like this: sudo dscl localhost read Search/Users/<username> >> <Username.txt>
> 
> The "dscl" command is what that Perl script uses internally.  I don't
> know why the script would fail for you if the manual command works.
> 
>> this dumped what appears to be proper data into those files. now all I need to do is run the jumbo supported john on them.
> 
> Great.  Right.
> 
> Alexander

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.