Mountain Lion 10.8 Hash

[bonbon18]

Im currently working on cracking a user hash on my system. I've already changed the password for it but apparently the keychain file with all the account passwords are still locked. I wanted to know if hashcat is compatible with mountain lion yet? I believe it uses a sha-512 salted hash I've tried with john the ripper and the davegrohl utility but before I let it run for hours I wanted to know if hashcat was able to do the job yet.

[budabob07]

Im currently working on cracking a user hash on my system. I've already changed the password for it but apparently the keychain file with all the account passwords are still locked. I wanted to know if hashcat is compatible with mountain lion yet? I believe it uses a sha-512 salted hash I've tried with john the ripper and the davegrohl utility but before I let it run for hours I wanted to know if hashcat was able to do the job yet.

For user passwords, Mountain Lion uses a salted sha512-PBKDF2 hash with several thousand iterations. Hashcat doesn't support this yet but there are some other threads about this topic and they say that they're working on it. If you get the shadow plist, it looks like this. Like with Lion, the text is in base 64

Code:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
        <key>SALTED-SHA512-PBKDF2</key>
        <dict>
                <key>entropy</key>
                <data>
                t5tY7HKee+vx2KnrySLMKwoxOnvmg/CCh6mRy4igqRl180StgfydWPtqoN13nZouepSo
                Bq+HMlWUkqgp630iVLQ/Lhfnrs2+NxhW5Vhf+LpXFd1Ii3dhMW5CTlE9E1bu8rN5yaAs
                ttWyU0xQYboGAhFoWpjFy346Ph46h1j346w=
                </data>
                <key>salt</key>
                <data>
                UIkFhLJAOBvLULG24t41AMMAl7oD3DLGTH3Sv2PGpVs=
                </data>
                <key>iterations</key>
                <integer>19880</integer>
        </dict>
</dict>
</plist>