MacOS – Cracking hashes for MacOS passwords

macospassword

I've followed practically all the tutorials on cracking hashes for a macOS password, but I've come up empty handed.

I've ultimately come up with this hash:

Admin:$ml$28169$d144a9af9619163e3a77170cb41e3f6e554b22f9683f3c3c8a05676a87b41056$8c6f600a6f3d73a3edd45e6010669da4ed68ba1291489b31dd744af96b12f39d07abe5fbeac0db3cf377e2531d66a2d6d4eb1e281be21b10dea21b6cf13c432c1cb7299c827b891d72c98f5df375b0947f6eb5b2b42e33b1a16212671b71f2671dbd108314335674cad1dee8f281b6221600920abba7a2512bf3493b4cebfd69

I have tried both hashcat -m 7100 and john the ripper, but still nothing.

Any help would be immensely appreciated. I am trying to crack a Yosemite password.

Best Answer

You may find that just like with most unix like systems OS X uses a salt and a hash.

I would review some of the answers on AskDifferent such as:

What type of hash are a Mac's password stored in?

Your password and the salt is grilled by sha512 many times, then the result is base64'ed and reverse xxd'ed. Together with the salt and the iterations it's xxd'ed and base64'ed again.

Related Solutions

How to setup 1Password on a second machine to use a shared Agile Keychain file in Dropbox

I had this exact problem over and over, with some help from Agile I found the answer here: http://help.agile.ws/1Password3/configure_dropbox_on_mac.html

Here is the important part:

To configure 1Password on your other Macs, first setup Dropbox, then make sure you have the latest version of 1Password installed and running.

Locate your 1Password.agilekeychain file in your Dropbox folder. If it has a green check mark badge indicating that the sync is complete, double click it,

and 1Password will confirm that you want to use this new location. Important If it shows the blue syncing badge rather than the green check mark badge, wait until the badge is a green check mark before opening the file. Failure to do so could result in data corruption.

How to Make Gmail Remember the User ID and Passwords with Safari

There are three solutions I've found. The first two are the easiest and least intrusive, the third one should be tried last as it will remove all saved passwords for other websites too (but the third seems to have worked the most times for other people)

a. Safari Preferences

Locate and delete the entry for Gmail that is set to 'Passwords Never Saved':

b. Remove Keychain Entry

open Keychain Access (in Utilities), then look in the login keychain and find the site you tried to visit. Somewhere in the list, you'll see an entry like this:
www.somesite.com (Passwords not saved)
Simply delete that item from the login keychain, restart Safari, and Safari will prompt you to save usernames and passwords when logging in to that site. The easiest way to find it in Keychain Access is to search for it using part of the website's URL as your search term.

c. Reset Safari

Open Safari

Click Safari > Reset safari

Tick Remove saved names & passwords

Click Reset Safari

Quit, Repoen and load Gmail