Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Mon, 23 Apr 2018 12:40:18 +0200
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: Re: loading OS X hashes from Davegrohl

On Sun, Apr 22, 2018 at 09:22:41PM -0700, Eric Oyen wrote:
> well, I tried to run that perl script you sent me and here is the output:

I don't know why it failed, and especially these messages are weird,
possibly indicating the system itself is in an inconsistent state:

> Cannot open /private/var/db/shadow/hash/333223CF-BE81-44BC-95C9-6A3C4BA13D37: No such file or directory
> There is no hashes available for the user proudhawk
> Cannot open /private/var/db/shadow/hash/F7D3F545-5DD8-4D89-9132-E16AF0BE8639: No such file or directory
> There is no hashes available for the user eric

However, have you tried using a different version/build of John as I
suggested in another message?  The version you said you had tried first
doesn't support OS X hashes at all.

Also, what is the input file you provide to John (with the hash(es)
obtained from Davegrohl) like?  It should be something like:

user:12345678F9083C7F66F46A0A102E4CC17EC08C8AF120571B

That is, username followed by a colon followed by some hex digits.
Is this the case?  How many hex digits are there in your case?

For the above example, you crack it with the "--format=xsha" option
provided to a version of John supporting OS X hashes, such as one of
those you download from:

http://download.openwall.net/pub/projects/john/contrib/macosx/

For your older OS X, you'll need to take a version from the "historical"
subdirectory.

BTW, why are you doing this?  Is it just for fun and learning, or do you
need this password recovered (and why)?  Since you seem to be able to
use the system and even access the root account with sudo, you probably
do know the password(s) anyway?  I am asking just so that we might help
you achieve your ultimate goal, rather than an intermediate one.

Alexander

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.