I'm a complete novice, just learning about this world of hashes in the last few weeks, but I managed to extract (what I believe to be) the following hash info from a target device (mac os x 10.11 El Capitan) and I'm trying to crack it on a PC Windows 7 using Hashcat GUI v1.00rc3, but I'm not sure what it all means or exactly how to use the GUI:
<key>SALTED-SHA512-PBKDF2</key>
<dict>
<key>entropy</key>
<data>
S9/o22DHhf9mLyj58HpT21u1iTnpMKNF1RMp0Lyq6X0NxyoUH1+flsodCKrG
p5I9ULhGaNt4n/uzlS2tj2lhRHaG18AjNuBBP/3m6CxnuOuV2HQNP4yF1F9w
BT2dGqUvKXyd/tskh0WlFEBOPEDyJOP+6fNdyYpiHrn4qSBzxAQ=
</data>
<key>iterations</key>
<integer>32894</integer>
<key>salt</key>
<data>
91rVY1obrRmwriLv2A8XZaXRMiVK7q37CwH2Nnuk+gc=
</data>
</dict>
<key>SRP-RFC5054-4096-SHA512-PBKDF2</key>
<dict>
<key>iterations</key>
<integer>32258</integer>
<key>salt</key>
<data>
gKcG7YXg0ph5KPUscnO12IyEVQMsO31+yIECwb1opVg=
</data>
<key>verifier</key>
<data>
ZMKeHFJobDs9lxR0HvhuX0yg1tmvm4UuYW8CdBi8A8qOFn8qYcu5cUNXHOOF
iddyVRu0qHIxg3rp/U/WgpGGSkMDw5Q9abcfLCDCptyvjlLFzPlw3jykMQ5d
LJvYU4G726Jzwyi+UXmCqma1X3TQMh2bzHO/K6lPs0JU48zQDQuGhDLOHKvM
ILLCiakC/UUu0CJlb4JayLm/bVS64BXQEW9233grgWLN5DFnFUB/uELKIfXj
3wkXnIUKFOgoSwk/7gB/kbnmS85Eo1pUpwbS2YhJIjHVHq0CvjevLbstyC6F
rxn2ul1pvRQHrPKdAjwLUdtvAxlebtjERuUmR18X9o/wpxdd/FX7r8gymlBU
xWcmN//8hZAsKjriEacpsFUwks2EZ6agb5ATw1rUjQXJ0U7psEw5rtkcU7ve
MuqFq9kuspOTxQ3AZorHMiq95l0gcvlPaegdXl6gwjBh0SBlsi8wHPuir/yC
57sx3tcPlUnMXsUROuch73rK6JyGfljUGe6twWcduMnfGiQi0GzN29BnIT2T
nXAJwrqdOiBj7W9nSBfCYYncIirm1FG4d02cWaEBiMSipgo0Y68H9KiK6ybU
kODOFc0563OCgFjmiZpK017ya9BDlEoYNTviopaQFhb6PU9EzPtOsbcmpnAg
B3QK7htgXUxPiW8wVzfPzqE=
</data>
</dict>
I've been reading through the wiki stuff and a bunch of other sites about how to extract, copy, convert, decrypt stuff, but a lot of it is going over my head because (mostly I'm not a hacker) I can't seem to find a step by step walkthrough of how to extract a hash from Mac OS X 10.11 El Capitan that seemed to work (unless the above info is what I was looking for). Most of the info out there points to older versions of MAC OS whose commands don't seem to work with El Capitan.
However, if the above info is what I'm looking for, then I don't know exactly what to do with it. From what I've read the above info is the binary (base64?) format for each element (entropy, salt, integer, verifier?[I have no idea what these mean]), and they all need to be converted to hex (which I tried on this site: https://cryptii.com/pipes/base64-to-hex), then all of the converted hex values copied and smashed together into a .txt file with no other characters, spaces, or line breaks and saved. Then this file is used as the hash file that Hashcat works with? All of which I tried, but it didn't seem to work as when I clicked the "I'm a HashKiller" button in the bottom right corner of the GUI a new command prompt window popped open and stayed blank followed by a new window with Hashcat GUI popped open (so now there are 2 Hashcat GUI windows open on my screen...weird).
So in summary, if anybody has the time or wherewithal to walk me through things, or if you don't and can link me to a useful step by step tutorial that takes me from Extraction (specifically how to find AND copy the necessary .plist file or data to a flash/thumb drive from the target device while in Single User Mode or Recovery Mode), to Conversion (which type of hash I'm dealing with because I saw 5 or 6 different SHA512 hash-types) and exactly how to make a proper .txt file that Hashcat can digest.
Also if anybody has any better wordlists (I also saw "charset" uploads under the "brute-force" tabs in Hashcat GUI
and it wouldn't let me upload any wordlist including realuniq.lst. So I assume this is a different set of files
If doing any or all of this via the command line interface on window command prompt is easier/simpler I'd probably prefer to do it that way.
Sorry in advance about the long nOOb post, just wanted to try to provide as much info as possible to waste as little of anybody's time possible with back and forth.
Thx for your thoughts/suggestions.
-m
<key>SALTED-SHA512-PBKDF2</key>
<dict>
<key>entropy</key>
<data>
S9/o22DHhf9mLyj58HpT21u1iTnpMKNF1RMp0Lyq6X0NxyoUH1+flsodCKrG
p5I9ULhGaNt4n/uzlS2tj2lhRHaG18AjNuBBP/3m6CxnuOuV2HQNP4yF1F9w
BT2dGqUvKXyd/tskh0WlFEBOPEDyJOP+6fNdyYpiHrn4qSBzxAQ=
</data>
<key>iterations</key>
<integer>32894</integer>
<key>salt</key>
<data>
91rVY1obrRmwriLv2A8XZaXRMiVK7q37CwH2Nnuk+gc=
</data>
</dict>
<key>SRP-RFC5054-4096-SHA512-PBKDF2</key>
<dict>
<key>iterations</key>
<integer>32258</integer>
<key>salt</key>
<data>
gKcG7YXg0ph5KPUscnO12IyEVQMsO31+yIECwb1opVg=
</data>
<key>verifier</key>
<data>
ZMKeHFJobDs9lxR0HvhuX0yg1tmvm4UuYW8CdBi8A8qOFn8qYcu5cUNXHOOF
iddyVRu0qHIxg3rp/U/WgpGGSkMDw5Q9abcfLCDCptyvjlLFzPlw3jykMQ5d
LJvYU4G726Jzwyi+UXmCqma1X3TQMh2bzHO/K6lPs0JU48zQDQuGhDLOHKvM
ILLCiakC/UUu0CJlb4JayLm/bVS64BXQEW9233grgWLN5DFnFUB/uELKIfXj
3wkXnIUKFOgoSwk/7gB/kbnmS85Eo1pUpwbS2YhJIjHVHq0CvjevLbstyC6F
rxn2ul1pvRQHrPKdAjwLUdtvAxlebtjERuUmR18X9o/wpxdd/FX7r8gymlBU
xWcmN//8hZAsKjriEacpsFUwks2EZ6agb5ATw1rUjQXJ0U7psEw5rtkcU7ve
MuqFq9kuspOTxQ3AZorHMiq95l0gcvlPaegdXl6gwjBh0SBlsi8wHPuir/yC
57sx3tcPlUnMXsUROuch73rK6JyGfljUGe6twWcduMnfGiQi0GzN29BnIT2T
nXAJwrqdOiBj7W9nSBfCYYncIirm1FG4d02cWaEBiMSipgo0Y68H9KiK6ybU
kODOFc0563OCgFjmiZpK017ya9BDlEoYNTviopaQFhb6PU9EzPtOsbcmpnAg
B3QK7htgXUxPiW8wVzfPzqE=
</data>
</dict>
I've been reading through the wiki stuff and a bunch of other sites about how to extract, copy, convert, decrypt stuff, but a lot of it is going over my head because (mostly I'm not a hacker) I can't seem to find a step by step walkthrough of how to extract a hash from Mac OS X 10.11 El Capitan that seemed to work (unless the above info is what I was looking for). Most of the info out there points to older versions of MAC OS whose commands don't seem to work with El Capitan.
However, if the above info is what I'm looking for, then I don't know exactly what to do with it. From what I've read the above info is the binary (base64?) format for each element (entropy, salt, integer, verifier?[I have no idea what these mean]), and they all need to be converted to hex (which I tried on this site: https://cryptii.com/pipes/base64-to-hex), then all of the converted hex values copied and smashed together into a .txt file with no other characters, spaces, or line breaks and saved. Then this file is used as the hash file that Hashcat works with? All of which I tried, but it didn't seem to work as when I clicked the "I'm a HashKiller" button in the bottom right corner of the GUI a new command prompt window popped open and stayed blank followed by a new window with Hashcat GUI popped open (so now there are 2 Hashcat GUI windows open on my screen...weird).
So in summary, if anybody has the time or wherewithal to walk me through things, or if you don't and can link me to a useful step by step tutorial that takes me from Extraction (specifically how to find AND copy the necessary .plist file or data to a flash/thumb drive from the target device while in Single User Mode or Recovery Mode), to Conversion (which type of hash I'm dealing with because I saw 5 or 6 different SHA512 hash-types) and exactly how to make a proper .txt file that Hashcat can digest.
Also if anybody has any better wordlists (I also saw "charset" uploads under the "brute-force" tabs in Hashcat GUI
and it wouldn't let me upload any wordlist including realuniq.lst. So I assume this is a different set of files
If doing any or all of this via the command line interface on window command prompt is easier/simpler I'd probably prefer to do it that way.
Sorry in advance about the long nOOb post, just wanted to try to provide as much info as possible to waste as little of anybody's time possible with back and forth.
Thx for your thoughts/suggestions.
-m