Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 23 Apr 2018 12:40:18 +0200
From: Solar Designer <>
Subject: Re: loading OS X hashes from Davegrohl

On Sun, Apr 22, 2018 at 09:22:41PM -0700, Eric Oyen wrote:
> well, I tried to run that perl script you sent me and here is the output:

I don't know why it failed, and especially these messages are weird,
possibly indicating the system itself is in an inconsistent state:

> Cannot open /private/var/db/shadow/hash/333223CF-BE81-44BC-95C9-6A3C4BA13D37: No such file or directory
> There is no hashes available for the user proudhawk
> Cannot open /private/var/db/shadow/hash/F7D3F545-5DD8-4D89-9132-E16AF0BE8639: No such file or directory
> There is no hashes available for the user eric

However, have you tried using a different version/build of John as I
suggested in another message?  The version you said you had tried first
doesn't support OS X hashes at all.

Also, what is the input file you provide to John (with the hash(es)
obtained from Davegrohl) like?  It should be something like:


That is, username followed by a colon followed by some hex digits.
Is this the case?  How many hex digits are there in your case?

For the above example, you crack it with the "--format=xsha" option
provided to a version of John supporting OS X hashes, such as one of
those you download from:

For your older OS X, you'll need to take a version from the "historical"

BTW, why are you doing this?  Is it just for fun and learning, or do you
need this password recovered (and why)?  Since you seem to be able to
use the system and even access the root account with sudo, you probably
do know the password(s) anyway?  I am asking just so that we might help
you achieve your ultimate goal, rather than an intermediate one.


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.