Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 25 Sep 2011 12:55:42 -0700
From: "Link, Peter R." <link1@...l.gov>
To: "john-users@...ts.openwall.com" <john-users@...ts.openwall.com>
Subject: Re: Mac OS X 10.7 Lion password hashes (salted SHA-512)

I bought all.lst so I probably don't have john.conf configured properly to use it.


On Sep 25, 2011, at 11:01 AM, Solar Designer wrote:

> On Fri, Sep 23, 2011 at 08:16:39AM -0700, Link, Peter R. wrote:
>> It tool 17min 50 sec to crack the new password on a 2.4GHz MacBook Pro (circa 2007). I created the password file by hand.
> 
> Apparently, you didn't have "tomorrow" in your wordlist.  Indeed,
> password.lst supplied with JtR doesn't have it (not in top 3000 or so).
> Using all.lst (from the Openwall wordlists collection), JtR cracks this
> password in under a second.
> 
>> robert1new.plist is the one that doesn't work.
> 
> Here's a corrected version.  This one works on both files for me.
> (Replaced "." with "[\x00-\xff]" to match linefeed characters as well.)
> 
> ---
> #!/usr/bin/perl
> 
> read(STDIN, $_, 1000000) || die;
> 
> ($hash) = /bplist00\xd1\x01\x02\x5dSALTED-SHA512\x4f\x10\x44([\x00-\xff]{68})/;
> if (!$hash) {
> 	print "Could not find a Mac OS X 10.7 Lion salted SHA-512 hash\n";
> 	exit 1;
> }
> 
> print unpack('H*', $hash), "\n";
> ---
> 
> Thanks,
> 
> Alexander

Peter Link
Cyber Security Analyst
Cyber Security Program
Lawrence Livermore National Laboratory
PO Box 808, L-315
Livermore, CA 94550
link1@...l.gov



Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.