+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Misc (https://hashcat.net/forum/forum-15.html)
+--- Forum: General Talk (https://hashcat.net/forum/forum-33.html)
+--- Thread: macOS Keychain Help (/thread-13480.html)
macOS Keychain Help - Eldudderino - 02-05-2026
I have a 2013 iMac with 2 user accounts on it. I know the password for one user account, the other I do not.
I obtain an image of the mac using CAINE.
I was able to decrypt 632GB of data from that image.
The user account that has the unknown password...can I obtain a password list from the various keychain databases? Or any useful information what so ever?
RE: macOS Keychain Help - Banaanhangwagen - 02-06-2026
Since you have a non-encrypted image of the device, you can try to crack the user password by extracting the login-hash from the correct user-plist file...or (and this one is much faster) by extracting the keychain-hash from the login.keychain of that user.
Since there is a high probability that the user used the same password for login and keychain, I would try the keychain-hash. Do not forget the --keep-guessing in order to tackle the false positives.
You can obtain the content of the keychain of your first user with some dedicated (commercial) tools, like Chainbreaker.
RE: macOS Keychain Help - Eldudderino - 02-06-2026
So, the login.keychain from the user account that I do not have the password for..I do have that file, but it is encrypted. You are saying I can get the hash of that file and perform a dictionary attack ect. of that hash with hashcat?
My question now, how do I obtain a hash for that? It is not just like the MD5 of the file correct? Can I use chainbreaker to obtain that, then use hashcat on that hash?
RE: macOS Keychain Help - Banaanhangwagen - 02-06-2026
https://github.com/openwall/john/blob/bleeding-jumbo/run/keychain2john.py
RE: macOS Keychain Help - Eldudderino - 02-07-2026
(Yesterday, 08:24 PM)Banaanhangwagen Wrote: https://github.com/openwall/john/blob/bleeding-jumbo/run/keychain2john.py
So use that to get the hash for the keychain, then use hash cat on that