Date: Fri, 4 Jan 2013 21:33:36 +0530 From: Dhiru Kholia <dhiru.kholia@...il.com> To: john-dev@...ts.openwall.com Subject: Re: Cracking Mountain Lion hashes (WIP) On Fri, Jan 4, 2013 at 8:57 PM, magnum <john.magnum@...hmail.com> wrote: > On 4 Jan, 2013, at 4:29 , Dhiru Kholia <dhiru.kholia@...il.com> wrote: >> Can you post a sample .plist file for a dummy user on your OS X 10.8.2 system? > > I uploaded it to the sample-hashes wiki page. That file produce the following format with our current ml2john.py: > > ../../luser.plist:(hash) > > As discussed earlier in this thread, it should ideally be more like this, and possibly more: > > luser:(hash):505:20:J Random Luser,crackable4us:/Users/luser:/bin/bash:../../luser.plist > > The former format would never be cracked at this speed, but the latter format would, immediately, by Single mode because "crackable4us" is the password hint given for this user (and a very good one, lol). Also, the full path of the input file is placed last, in a field that Single mode does NOT read. How does the following output look? ✗ python2 ../run/ml2john.py luser.plist luser.plist:$pbkdf2-hmac-sha512$(hash):505:20:J Random Luser,crackable4us:/bin/bash:luser.plist ✗ time ../run/john mlhash Loaded 1 password hash (GRUB2 / OS X 10.8 pbkdf2-hmac-sha512 [PBKDF2-SHA512 CPU]) crackable4us (luser.plist) guesses: 1 time: 0:00:00:03 DONE (Fri Jan 4 21:33:02 2013) c/s: 12.98 trying: crackable4us If it looks okay, I will commit it. > Anyway, this does not explain the longer hash from the Hashcat forum. This hash loads and cracks. I wouldn't worry too much about it. -- Dhiru
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.