Macintosh Hackers Workshop for Macintosh and Mac OS X
PRODUCT: Macintosh Hacker’s Workshop (MHW) v1.1
Review by: James M. Buehring
RATING: 4.5 / 5
THE PRODUCT & DEVELOPER:
MWH, or “Macintosh Hackers Workshop” is the first of (hopefully) a long line of products from a security expert team from France named CODE511. The author, grungie, offers up the only graphical UNIX password cracker for OS X to date.
This is not a program for your novice user who is unfamiliar with password files or DES encryption. If “DES” and “passwd” draw a blank for you, skip over this product.
For those of you who could write a 10 page report on the meaning of shadowing passwd files, welcome to the most comprehensive UNIX password cracker for Mac OS X. Inside you find 4 features that are most beneficial in testing the strength of your DES-encrypted password files in OS X server and workstation.
Through a few simple GUI windows, all possible functions can be carried out in a fraction of the time you’d expect, for example:
“It will create a 81mo dictionary(85655680 characters) in less than 27 sec.” And has been tested to crack 27221 passwords/second on powerbook G4 using Mac OS X, and 66415 passwords/second on a dual G4 800mhz using OS 9.2.
As stated from the MWH FAQ in regards to similar products, “I tried to beat them all and succeeded to a large extend, I think. And on MacOS X, MHW is the only graphical Unix password cracker to date. Bear also in mind that MHW is a suite, not simply a cracker. It generates wordlists, extracts passwd file info like gecos fields, cleans wordlists, and cracks passwords, either with a wordlist or in brute-force mode.”
FROM AN ADMINISTRATORS’ PERSPECTIVE:
Any system administrator can tell you that it’s better to hack your own system before someone with malicious intent does. This is where MHW becomes a powerful adversary as well as a powerful ally. Would you rather have some punk kid running a brute-force attack on your passwd files, seeking root access? Or would you rather get a better night’s rest knowing that you’re far ahead of everyone else? The line between this “hack or be hacked” cyber-society is microscopic in the year 2001 and beyond.
I tested this program on OS X 10.1.1 and OS 9.1, with mostly positive results. The only trouble I had was in OS X where the application would hang up while doing basic tasks such as exporting a gecos list or choosing a menu item. This may be attributed to the fact that I’m running a clean install of 10.1.1, which is not listed as a tested OS.
However, with those problems aside, MWH is certainly a top-notch product from people who have been in the security auditing and defense business for over 10 years. MHW is fast and lightweight, performing at various user-specified CPU levels. All in all, this product sets the bar for its competitors.
The program glitches are minimal, but still should be addressed in future releases.
Out of a possible 5, I rate this program a 4.5.
MHW 1.1 is a self-contained application, capable of running on both Mac OS 9.x and Mac OS X 10.0.x and 10.1. Using MHW on OS 9 requires the latest version of CarbonLib, available from Apple.
MHW 1.1 also includes a few command-line utilities in the “Goodies” folder for those averse in utilizing the *nix terminal. They are:
- SetFile: A utility to set the filetype/creator codes of a file.
- passwdgrabber: Based on “Malevolence”, basic password file recovery exploit for OS X.
- m2u & u2m: Utility to convert between Mac and UNIX text file formatting.