GitXplorerGitXplorer
v

xso-ahs

public
7 stars
4 forks
0 issues

Commits

List of commits on branch master.
Unverified
eab3f81f2969d65decfa30e09c783899cd85723f

Update README.md

vvattay committed 8 years ago
Unverified
2ae1519bd67b3efa243de320abd733b7beaaefcc

Merge pull request #1 from kkirsche/patch-1

vvattay committed 8 years ago
Unverified
4b056ab231e200fbc1fae8231790676876f8c309

Create extract_and_transform.py

kkkirsche committed 8 years ago
Unverified
1ff1a7239bdb8a93f8d8ddf7dd111b4ef2c27254

Update README.md

vvattay committed 9 years ago
Unverified
2132f6203d1001c37ad01fa0a8b93fc317adc436

Improves separation of concecerns.

committed 9 years ago
Unverified
21a655b6a6153c7ba6ebc398ce7aa723a2aaf431

Create README.md

vvattay committed 9 years ago

README

The README file for this repository.

xso-ahs

Extract OSX 10.7 password hashes (SHA512, salted, PBKDF2) as XML, one line hashes.

Info

As of OSX 10.7 password hashes are stored in separate plist files per user. This script combines some known bash shortcuts to get at these hashes, if you have root access.

The extract_plists.sh just pulls out the hash data in xml format.

The transform.py script transforms this into a one line hash, which includes the iterations and salt.

It also has a dictonary cracker, crack.py, mainly as an example of how to extend the password cracker example from Violent Python to modern OSX.

The cracker IS a toy, it is very slow. Use a real cracker or fork this and improve it if you actually want it to finish before the sun runs out with a large dictionary.

How to use

Run the whole pipeline with

sudo ./crack.sh dictionary.txt

You can also just extract the plist xml like this:

sudo ./extract_plists

Or get them as one line hashes:

sudo ./extract_plists.sh | ./transform.py

Or run the whole thing without the top level script:

sudo ./extract_plists.sh | ./transform.py | ./crack.py dictionary.txt

Or if you have python3 you can just do this to get the hashes:

sudo python3 extract_and_transform.py