Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 10 Sep 2012 04:11:47 +0400
From: Alexander Cherepanov <>
Subject: Re: Cracking Mountain Lion hashes (WIP)

On 2012-09-10 03:29, magnum wrote:
> On 10 Sep, 2012, at 1:20 , Alexander Cherepanov <> wrote:
>> On 2012-09-08 15:38, Dhiru Kholia wrote:
>>> Sample Output: lulu.plist:$ml$23923$c3fa2e153466f7619286024fe7d812d0a8ae836295f84b9133ccc65456519fc3$ccb903ee691ade6d5dee9b3c6931ebed6ddbb1348f1b26c21add8ba0d45f27e61e97c0b80d9a18020944bb78f1ebda6fdd79c5cf08a12c80522caf987c287b6d
>>> Format : filename:$ml$iterations$salt$hash
>> Isn't it better to print user name in the first field as usually done in
>> other formats?
> Good catch, the file name is the actual user name so you should strip '.plist' from every entry. This will help Single mode produce much less worthless candidates.

In fact I thought about an attribute 'name' in the source .plist file.
But it's even better -- there are also attributes 'uid', 'gid',
'realname', 'home', 'shell', so full gecos can be constructed.

> BTW most *2john tools that put the filename in the username field
> should strip the path for the same reason. I did that to rar2john. The
> filename might be useful for Single mode, but probably not the
> [cracker's] full path.

Full path may be good for keeping track which hash is for which file.
But I'm not sure where it's better to put it.

Alexander Cherepanov

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.