A Distributed Password Cracker for OS X
Version 3.0 is a complete rewrite of DaveGrohl. Version 2 was suffering from a severe case of code-stank and it will eventually be euthanized. The goal is to create a completely modern object-oriented codebase and make it extremely easy to use for both the developer and the end user. This code is currently in the very early stages, but will focus on a few central design goals.
Ease of Use – At first the UI will mimic V2, but the user experience is the most important design aspect. Users at any level of expertise should easily be able to figure out how to compile, install and run Dave.
Platform Independence – It should compile on Mac OS X and the most common flavors of Linux (Ubuntu, Red Hat) with no modification. Compiling on Windows is a plus but by no means a goal.
Code Independence – It should require no external libraries outside of the C++ Standard Library to compile. If better libraries are available, Dave should auto-detect and link against them with no flags required. User experience should never be a sacrifice.
Self Documenting – If anyone can’t figure out how to use Dave, it is at best a bug and at worst a fundamental design flaw. Dave should realize the user is having trouble offer help. (The current UI is not necessarily the goal UI)
Modern Codebase – Dave should be completely object-oriented and using the most modern C++11/14 standards. If dropping to raw C or even assembly would present a performance benefit, that code should be carefully implemented and encapsulated. Any Objective-C should be replaced with Swift and ideally phased out completely.
If you’re pulling Dave from Github, make sure XCode is installed then clone the repository.
MacBook-Pro:~$ git clone http://ift.tt/2v6kwae
Then run Dave. Press spacebar to see the progress of each thread. Threads running a dictionary attack will be in () while incremental attacks will be in . For dictionary attacks, Dave looks in a folder called ‘wordlists’ for plain text files and will dedicate a thread for each file it finds.
MacBook-Pro:~/davegrohl$ sudo ./dave -u someuser
— Loaded PBKDF2 (Salted SHA512) hash…
— Starting attack
0000:00:08 351 (aaru) (loveme) [x] [86n] [bpc] [2s5] [ojf] [wkea] [52la] [caha]
0000:00:14 613 (abaculus) (samantha) [9a] [38n] [t3c] [an5] [yjf] [k4ea] [dmla] [ieha]
0000:00:20 875 (abandoning) (spongebob) [pe] [n7n] [x3c] [8n5] [bvf] [25ea] [odla] [weha]
— Found password : ‘shorty’
— (dictionary attack)
Finished in 31.330 seconds / 1,318 guesses…
42 guesses per second.
The post davegrohl: Password Cracker for macOS appeared first on Penetration Testing.