Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Mon, 23 Apr 2018 14:03:46 +0200
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: Re: loading OS X hashes from Davegrohl

On Mon, Apr 23, 2018 at 04:09:34AM -0700, Eric Oyen wrote:
> also, the SSE2 version of john in the site you provided failed with an illegal instruction 4. so, I will try the V3 version.

If the "SSE2" version fails like that, then it's not actually SSE2 -
it's probably more like SSE4.  Your Core 2 Duo supports up through SSSE3
inclusive, but not SSE4.  These are recent user-contributed builds, so
it's likely that the contributor didn't consider recent macOS'
assumption that SSE4 has to be available for that OS anyway.

"V3" certainly won't work on your computer - it needs even newer (AVX).

I went ahead and renamed the files as follows:

mv john-1.8.0.9-jumbo-macosx_v3.zip john-1.8.0.9-jumbo-macosx_avx.zip
mv john-1.8.0.9-jumbo-macosx_sse2.zip john-1.8.0.9-jumbo-macosx_sse4.zip

based on user reports so far.  Maybe this will help reduce further
confusion, although few users appear to know what AVX and SSE4 are.

> If that fails, then I will go into the historical folder and find a version consistent with my current OS.

Right.

Please try to post fewer messages - try multiple things at a time, then
post.  We're bothering a lot of people with this discussion right now.
That's what this list is for, so the "bothering" is OK, but grouping the
information in fewer messages is preferable.

On Mon, Apr 23, 2018 at 04:53:11AM -0700, Eric Oyen wrote:
> according to the website (that incidentally references open wall as well) the dscl command as issued should dump the salt and hash in a file in that order. it also seems to get a lot of other stuff (like hint, etc).

Yes, it did dump a lot of stuff, but not what we needed.

> btw, I do know that the salt  is SHA512.

You mean the hash.  Yes, it should be, but we haven't seen it yet, nor
its corresponding salt.

> so, I am not sure what is going on. everything I try here seems to work,

None of this has dumped the hash yet, as far as I can tell.

> but the results don't conform to what john expects.

They were not supposed to be directly usable with John, except for
xpwdump's output, but that one failed for unknown reasons.  Possibly
something is corrupted on the system.

Do you have anything under /private/var/db/shadow/hash at all?  For
example, try this command:

ls -R /private/var/db/shadow/hash

On Mon, Apr 23, 2018 at 04:53:58AM -0700, Eric Oyen wrote:
> btw, did I mention that being totally blind and trying this really sucks ass!

You didn't mention how you felt about that.  Sorry to hear it's this way.

Back to one of my previous questions: why are you doing this?  Aren't
you able to access the system anyway?  What's your ultimate goal?

Alexander

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.