Date: Mon, 23 Apr 2018 14:03:46 +0200 From: Solar Designer <solar@...nwall.com> To: john-users@...ts.openwall.com Subject: Re: loading OS X hashes from Davegrohl On Mon, Apr 23, 2018 at 04:09:34AM -0700, Eric Oyen wrote: > also, the SSE2 version of john in the site you provided failed with an illegal instruction 4. so, I will try the V3 version. If the "SSE2" version fails like that, then it's not actually SSE2 - it's probably more like SSE4. Your Core 2 Duo supports up through SSSE3 inclusive, but not SSE4. These are recent user-contributed builds, so it's likely that the contributor didn't consider recent macOS' assumption that SSE4 has to be available for that OS anyway. "V3" certainly won't work on your computer - it needs even newer (AVX). I went ahead and renamed the files as follows: mv john-18.104.22.168-jumbo-macosx_v3.zip john-22.214.171.124-jumbo-macosx_avx.zip mv john-126.96.36.199-jumbo-macosx_sse2.zip john-188.8.131.52-jumbo-macosx_sse4.zip based on user reports so far. Maybe this will help reduce further confusion, although few users appear to know what AVX and SSE4 are. > If that fails, then I will go into the historical folder and find a version consistent with my current OS. Right. Please try to post fewer messages - try multiple things at a time, then post. We're bothering a lot of people with this discussion right now. That's what this list is for, so the "bothering" is OK, but grouping the information in fewer messages is preferable. On Mon, Apr 23, 2018 at 04:53:11AM -0700, Eric Oyen wrote: > according to the website (that incidentally references open wall as well) the dscl command as issued should dump the salt and hash in a file in that order. it also seems to get a lot of other stuff (like hint, etc). Yes, it did dump a lot of stuff, but not what we needed. > btw, I do know that the salt is SHA512. You mean the hash. Yes, it should be, but we haven't seen it yet, nor its corresponding salt. > so, I am not sure what is going on. everything I try here seems to work, None of this has dumped the hash yet, as far as I can tell. > but the results don't conform to what john expects. They were not supposed to be directly usable with John, except for xpwdump's output, but that one failed for unknown reasons. Possibly something is corrupted on the system. Do you have anything under /private/var/db/shadow/hash at all? For example, try this command: ls -R /private/var/db/shadow/hash On Mon, Apr 23, 2018 at 04:53:58AM -0700, Eric Oyen wrote: > btw, did I mention that being totally blind and trying this really sucks ass! You didn't mention how you felt about that. Sorry to hear it's this way. Back to one of my previous questions: why are you doing this? Aren't you able to access the system anyway? What's your ultimate goal? Alexander
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.