Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 4 Jan 2013 21:33:36 +0530
From: Dhiru Kholia <>
Subject: Re: Cracking Mountain Lion hashes (WIP)

On Fri, Jan 4, 2013 at 8:57 PM, magnum <> wrote:
> On 4 Jan, 2013, at 4:29 , Dhiru Kholia <> wrote:
>> Can you post a sample .plist file for a dummy user on your OS X 10.8.2 system?
> I uploaded it to the sample-hashes wiki page. That file produce the following format with our current
> ../../luser.plist:(hash)
> As discussed earlier in this thread, it should ideally be more like this, and possibly more:
> luser:(hash):505:20:J Random Luser,crackable4us:/Users/luser:/bin/bash:../../luser.plist
> The former format would never be cracked at this speed, but the latter format would, immediately, by Single mode because "crackable4us" is the password hint given for this user (and a very good one, lol). Also, the full path of the input file is placed last, in a field that Single mode does NOT read.

How does the following output look?

✗ python2 ../run/ luser.plist
luser.plist:$pbkdf2-hmac-sha512$(hash):505:20:J Random

✗ time ../run/john mlhash
Loaded 1 password hash (GRUB2 / OS X 10.8 pbkdf2-hmac-sha512
crackable4us     (luser.plist)
guesses: 1  time: 0:00:00:03 DONE (Fri Jan  4 21:33:02 2013)  c/s:
12.98  trying: crackable4us

If it looks okay, I will commit it.

> Anyway, this does not explain the longer hash from the Hashcat forum. This hash loads and cracks.

I wouldn't worry too much about it.


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.