Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 27 Sep 2011 00:24:35 +0200
From: Jean-Michel PICOD <jm@...izoku.org>
To: "john-users@...ts.openwall.com" <john-users@...ts.openwall.com>
Subject: Re: Mac OS X 10.7 Lion password hashes (salted SHA-512)

The Data::plist module can be found on cpan.org
Usually, perl comes with the cpan utility to make installation easier. If
you have this tool, you simply have to run the following command :
$ cpan Data::plist

It will prompt you whether to automatically install dependancies or not.
Just answer yes and everything should be fine.


Jean-Michel

Le mardi 27 septembre 2011, Link, Peter R. a écrit :

> Jean-Michel,
> Where did you get the Data::plist module? Running on a 10.7 Mac with Xcode,
> it gives me an error on line 14. Running your script gives an error message
> saying it's looking in all the normal perl locations. Is this command
> limited to the Darwin port and not included in the normal OSX distribution?
>
>
> On Sep 26, 2011, at 2:38 PM, Jean-Michel PICOD wrote:
>
>
> Here is another version of a perl script to convert plist files into shadow
> files.
> This one is relying on Data::plist module to fully parse the file.
> It's output should be the same as Jim & Solar script.
>
> I wasn't sure of where to upload it on the wiki so this thread was still
> the best option I think.
>
> I will soon improve it to also handle xml output generated with plist util
> (with autodetection of course).
> Then, I will try to add a light pure-perl plist parser that will be used as
> a fail-back option if Data::plist is not installed.
>
>
> It seems that plist files can also contain other hashes that salted sha512
> (SMB, server and server with SMB).
> I can add those format too if I am provided plist samples.
>
>
> There may be bugs, so don't hesitate to report them.
>
>
> Jean-Michel
>
>
> Le dimanche 25 septembre 2011, Link, Peter R. a écrit :
> I bought all.lst so I probably don't have john.conf configured properly to
> use it.
>
>
> On Sep 25, 2011, at 11:01 AM, Solar Designer wrote:
>
> > On Fri, Sep 23, 2011 at 08:16:39AM -0700, Link, Peter R. wrote:
> >> It tool 17min 50 sec to crack the new password on a 2.4GHz MacBook Pro
> (circa 2007). I created the password file by hand.
> >
> > Apparently, you didn't have "tomorrow" in your wordlist.  Indeed,
> > password.lst supplied with JtR doesn't have it (not in top 3000 or so).
> > Using all.lst (from the Openwall wordlists collection), JtR cracks this
> > password in under a second.
> >
> >> robert1new.plist is the one that doesn't work.
> >
> > Here's a corrected version.  This one works on both files for me.
> > (Replaced "." with "[\x00-\xff]" to match linefeed characters as well.)
> >
> > ---
> > #!/usr/bin/perl
> >
> > read(STDIN, $_, 1000000) || die;
> >
> > ($hash) =
> /bplist00\xd1\x01\x02\x5dSALTED-SHA512\x4f\x10\x44([\x00-\xff]{68})/;
> > if (!$hash) {
> >       print "Could not find a Mac OS X 10.7 Lion salted SHA-512 hash\n";
> >       exit 1;
> > }
> >
> > print unpack('H*', $hash), "\n";
> > ---
> >
> > Thanks,
> >
> > Alexander
>
> Peter Link
> Cyber Security Analyst
> Cyber Security Program
> Lawrence Livermore National Laboratory
> PO Box 808, L-315
> Livermore, CA 94550
> link1@...l.gov <javascript:;><javascript:;>
>
>
>
> <OS_X_Lion2john.pl>
>
> Peter Link
> Cyber Security Analyst
> Cyber Security Program
> Lawrence Livermore National Laboratory
> PO Box 808, L-315
> Livermore, CA 94550
> link1@...l.gov <javascript:;><mailto:link1@...l.gov <javascript:;>>
>
>
>
>

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.