-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathosxhash.rb
42 lines (35 loc) · 1000 Bytes
/
osxhash.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
#!/usr/bin/env ruby
#
# extracts an osx users uuid and hash
# *root is needed to access shadow
def banner
puts "\n\tmac osx hash extractor"
puts "\tusage: ./hash.rb <username>"
puts "\t must run as root user\n"
end
def make_output(guid, hash, user)
puts "\n\n"
puts "Username:\t#{user}"
puts "GUID:\t\t#{guid}"
puts "Hash:\t\t#{hash}"
puts "\n\n"
end
def get_guid(user_name)
puts "[~] extracting GUID for user #{user_name}..."
user_guid = `dscl localhost -read /Search/Users/#{user_name} | grep GeneratedUID | cut -c15-`.split("\n")[0]
puts "[~] retrieving SHA1 hash..."
user_hash = `cat /var/db/shadow/hash/#{user_guid} | cut -c169-216`.chomp!
if user_hash.include?("denied")
puts "[!] failed to read hash: improper permissions"
exit(1)
elsif user_hash == ""
puts "[!] failed to read hash: unknown error"
exit(1)
end
make_output(user_guid, user_hash, user_name)
end
if ARGV[0] != nil and Process.uid == 0
get_guid(ARGV[0])
else
banner
end