the other night, gary tweeted about a puppet/os x 10.7 password bug i started looking at awhile back.
it’s good practice. i’ve been less focused on ruby lately than i’d like, and as @lusis says: “always be hacking.”
here’s some notes from gary on the problem:
Password Hash Accessing:
* Grab plist file from /var/db/dslocal/nodes/Default/users/username.plist
* Convert to xml
plutil -convert xml1 username.plist
* Grab the ShadowHashData key and base64 decode it (install base64 with port install base64)
echo "Data from ShadowHashData Key" | base64 -d > ShadowHashData
* Convert the resultant binary plist file into xml
plutil -convert xml1 ShadowHashData
* Grab the SALTED-SHA512 Key and base64 decode it
echo "Data from SALTED-SHA512 Key" | base64 -d > hashfile
*Reveal hash:
xxd -p -c 256 hashfile | cut -c 9-
## Opening a user plist from 10.7 and getting the binary-encoded bit
require 'rexml/document'
xml = File.read('file.plist')
doc = REXML::Document.new(xml)
puts String(doc.root.elements[1][7][1][0]).gsub("\n","").gsub("\t","")
## Using CFPropertyList
require 'cfpropertylist'
require 'base64'
newplist = CFPropertyList::List.new(:file => 'demouser_edit.plist')
newdata = CFPropertyList.native_types(newplist.value)
bplist = CFPropertyList::List.new
bplist.load_binary_str(newdata['ShadowHashData'][0])
bplistdata = CFPropertyList.native_types(bplist.value)
password_hash = bplistdata['SALTED-SHA512'].unpack("H*")[0][8..-1]
Nate's Gist --> https://gist.github.com/1445697
and here’s a bit of what i worked out so far:
#!/usr/bin/env ruby
## parse os x 10.7 shado hash data
#
require "rexml/document"
include REXML
require "base64"
def parse_plist(plist)
parsed = []
doc = Document.new File.new(plist)
doc.elements.each("plist/data") {|e| parsed << e}
end
def base64_shadow(hash)
encoded = Base64.encode64(hash)
decoded = Base64.decode64(Base64.encode64(hash))
#puts "encoded: #{encoded}"
#puts "decoded: #{decoded}"
end
puts parse_plist("/tmp/password.plist")
base64_shadow("password")
i always enjoy collaborating with people across the ‘tubes. there’s no real point to this post; just jotting down some thoughts while waiting for some processes to finish.