Date: Fri, 7 Sep 2012 23:52:01 +0530 From: Dhiru Kholia <dhiru.kholia@...il.com> To: john-dev@...ts.openwall.com Subject: Re: Cracking Mountain Lion hashes (WIP) On Fri, Sep 7, 2012 at 11:42 PM, Lukas Odzioba <lukas.odzioba@...il.com> wrote: > 2012/9/7 Dhiru Kholia <dhiru.kholia@...il.com>: >> On Fri, Sep 7, 2012 at 10:59 PM, Alexander Cherepanov <cherepan@...me.ru> wrote: >>> On 07.09.2012 20:28, Dhiru Kholia wrote: >>>> Now we need to parse the output of ml2john.py program and figure out >>>> what the output means i.e. what is the iteration count, what is salt >>>> etc. >>> >>> Well, ShadowHashData field is also plist. Convert it with the same >>> script and you get 'salt', 'entropy' and 'iterations'. >> >> Thanks!, that worked. >> >> Next question, where is the actual pbkdf2 hash? I don't see it. > Can you post it? See attached code and earlier archive (use lulu.plist from it) $ml$23923*32*c3fa2e153466f7619286024fe7d812d0a8ae836295f84b9133ccc65456519fc3*128*ccb903ee691ade6d5dee9b3c6931ebed6ddbb1348f1b26c21add8ba0d45f27e61e97c0b80d9a18020944bb78f1ebda6fdd79c5cf08a12c80522caf987c287b6da10095bb8fd82fcc03803e86675d84744139b694da7cead3c0133033a6257335cb6be0ad68c14f20321315f0ea71670a8b78bc2759ad9751430f0c9c5040617a > If it is pure sha512pbkdf2 it should be consistent with this: > > from passlib.hash import grub_pbkdf2_sha512 > hash = grub_pbkdf2_sha512.encrypt("password", rounds=10964, salt="salt") > print hash Great. This works! grub.pbkdf2.sha512.23923.C3FA2E153466F7619286024FE7D812D0A8AE836295F84B9133CCC65456519FC3.CCB903EE691ADE6D5DEE9B3C6931EBED6DDBB1348F1B26C21ADD8BA0D45F27E61E97C0B80D9A18020944BB78F1EBDA6FDD79C5CF08A12C80522CAF987C287B6D This output implies that the actual hash is contained in the first part of 'entropy' field. We now have full information to write a cracker for Mountain Lion hashes. Lukas, Can you commit your code for cracking GRUB / Mountain Lion hashes. I will clean-up ml2john.py program and commit it to magnum-jumbo. -- Cheers, Dhiru Download attachment "ml2john.py" of type "application/octet-stream" (37942 bytes)
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.