+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Developer (https://hashcat.net/forum/forum-39.html)
+--- Forum: hashcat (https://hashcat.net/forum/forum-40.html)
+--- Thread: Help needed cracking a Mac password (/thread-8056.html)
Help needed cracking a Mac password - ry2019 - 01-06-2019
Hi, I'm new to this and trying to crack the password on my old laptop running MacOS El Capitan
I've followed guides and believe I have the hash which I extracted from the username.plist, but I can't figure out how to get Hashcat to decrypt it
Can anyone help?
The code I'm trying to feed into Hashcat is:
$ml$27855$0f00d525e3c304eb2f7364b649e644c5b52d7ec9436c05e98bc71662601da9c9$43da1a97b943dd7cca9a5702d11e3a8befc0e3803428a9d05f7d01aff774c91e6f7d97fdb67dd2191554a00dcd03b2c1fd7898ddcf77f33714f058a7bd1c4cc15523dd707cb76c9ba37c57399f1721dfe5d209c5128b9549a46ae804f1cbcf929a429664fe6e8e1c931eb59899b3038ae722d9d4ea66b6da2f550b6bc5ba5558
The main hash I extracted is 256 characters and the salt is 64 Characters.
I've downloaded plist2hashcat incase I made a mistake extracting the info from the username.plist, but have no idea how to use it and can't find any instructions. Do I need to compile it into an app somehow?
Also wondering how rules work, as I know the password is probably less than 8 lowercase letters and definitely ends with 321
Thanks!
RE: Help needed cracking a Mac password - Banaanhangwagen - 01-07-2019
The exact same problem and solution are explained here.
https://hashcat.net/forum/thread-7792.html
The plist2hashcat is a script, so you need to run it. Do some research how. You'll learn a lot.
In order to understand rules, begin here.
https://hashcat.net/wiki/doku.php?id=rule_based_attack
Lowercase and appending 321 will be:
Code:
l $3 $2 $1RE: Help needed cracking a Mac password - ry2019 - 01-07-2019
(01-07-2019, 12:18 PM)Karamba Wrote: The exact same problem and solution are explained here.
https://hashcat.net/forum/thread-7792.html
The plist2hashcat is a script, so you need to run it. Do some research how. You'll learn a lot.
In order to understand rules, begin here.
https://hashcat.net/wiki/doku.php?id=rule_based_attack
Lowercase and appending 321 will be:Code:l $3 $2 $1
Thanks, yes I spent all weekend researching and got to the point where I seem to have correctly extracted and edited all the has data from the plist. What I'm feeding hash cat though says it will take '73 days' to complete so I'm trying to get some rules in place and don't have access to maskprocessor since it seems there's no Mac build. I realise I'm using attack type 3 (Brute Force).
What I'm feeing into Hashcat is:
./hashcat -a 3 -m 7100 /Users/username/hashcat/hash.txt ?l?l?l?l?l?l?l321 /Users/username/hashcat/dic/lower.txt --potfile-path /tmp/cracked_hash.pot
Hashcat runs and displays:
Session..........: hashcat
Status...........: Running
Hash.Type........: macOS v10.8+ (PBKDF2-SHA512)
Hash.Target......: $ml$27855$0f00d525e3c304eb2f7364b649e644c5b52d7ec94...1c4cc1
Time.Started.....: Mon Jan 7 16:08:16 2019 (12 secs)
Time.Estimated...: Wed Mar 20 14:10:50 2019 (71 days, 22 hours)
Guess.Mask.......: ?l?l?l?l?l?l?l321 [10]
Guess.Queue......: 1/1 (100.00%)
Speed.#2.........: 646 H/s (8.73ms) @ Accel:8 Loops:4 Thr:256 Vec:1
Speed.#3.........: 646 H/s (8.72ms) @ Accel:8 Loops:4 Thr:256 Vec:1
Speed.#*.........: 1293 H/s
Recovered........: 0/1 (0.00%) Digests, 0/1 (0.00%) Salts
Progress.........: 0/8031810176 (0.00%)
Rejected.........: 0/0 (0.00%)
Restore.Point....: 0/308915776 (0.00%)
Restore.Sub.#2...: Salt:0 Amplifier:0-1 Iteration:5268-5272
Restore.Sub.#3...: Salt:0 Amplifier:0-1 Iteration:5268-5272
What I'm trying to do is tell Hashcat to do a dictionary attack, and tell it that the password is formed of between 6 and 9 lower case letters followed by 321 but when I choose different attack modes, it gives me ?l?l?l?l?l?l?l321: No such file or directory.
RE: Help needed cracking a Mac password - undeath - 01-07-2019
Don't create multiple threads for basically the same issue
https://hashcat.net/forum/thread-8057-post-43265.html