A multi-threaded password cracker for Mac OS X Lion.
How do I use it?
Download it and open the Terminal app. cd into the downloaded folder.
If you like, ls to see what's in the DaveGrohl folder. There should be the actual program 'dave' and the 'wordlists' folder. DaveGrohl comes with two wordlists, but you can throw as many "plain text" wordlists in the wordlists folder and dave will run through them all. Here is an excellent wordlist collection.
Type 'sudo ./dave -u username' to do the standard brute-force attack. The username can be any user on your Mac, but the password you type must be your own admin password.
By default, on a dual-core Mac, dave will start a dictionary attack on one processor and an incremental attack on the other. The default character set for the incremental attack is the lower-case alphabet and numbers. You can specify your own custom set with the '-c' flag. If you've seen the person type their password, you can likely narrow down the characters that may be in their password and this will greatly speed up the incremental attack.
Dave Grohl can also extract a user's password hash so that it may be cracked with another popular password cracker like John the Ripper. (Your version of John may not yet support SHA512) Or maybe even your own custom made cracker that perhaps runs different incremental attacks on the CPU & GPU at once?! (if so, please send me a copy)
Why is it named 'Dave Grohl'? Isn't he the singer of Motorhead?
This is why.
Where does my Mac keep my password?
For Lion, it's in your user profile. Your user profile is located at /private/var/db/dslocal/nodes/Default/users/myuser.plist. This is a fancy binary XML file that stores info about your user including your encrypted password. Inside the profile, there is a field called 'ShadowHashData' which is just raw bytes of data that look like:
The password hash is the darker text. The first 4 bytes is the salt. The next 64 bytes is the SHA-512 encryted password. BTW, this is just for a fresh install of Lion. The ShadowHashData for Lion Server or Lion with SMB turned on looks a wee different.
You are stupid and I would like to email you to inform you how stupid you are...
Sure! I love email! youarestupid@davegrohl.org