SecureMac, Inc.

Computer security news. Just for Macs.

Get the latest computer security news for Macs and be the first to be informed about critical updates. Industry news, security events and all you need right at your fingertips. Malware threats change daily, so keep up to date on the latest developments to help ensure your privacy and protection. You can never be too safe.

Macintosh Hackers Workshop for Macintosh and Mac OS X

Posted on December 11, 2001

PRODUCT: Macintosh Hacker’s Workshop (MHW) v1.1
Review by: James M. Buehring
RATING: 4.5 / 5

THE PRODUCT & DEVELOPER:

MWH, or “Macintosh Hackers Workshop” is the first of (hopefully) a long line of products from a security expert team from France named CODE511. The author, grungie, offers up the only graphical UNIX password cracker for OS X to date.

This is not a program for your novice user who is unfamiliar with password files or DES encryption. If “DES” and “passwd” draw a blank for you, skip over this product.

For those of you who could write a 10 page report on the meaning of shadowing passwd files, welcome to the most comprehensive UNIX password cracker for Mac OS X. Inside you find 4 features that are most beneficial in testing the strength of your DES-encrypted password files in OS X server and workstation.

Through a few simple GUI windows, all possible functions can be carried out in a fraction of the time you’d expect, for example:

“It will create a 81mo dictionary(85655680 characters) in less than 27 sec.” And has been tested to crack 27221 passwords/second on powerbook G4 using Mac OS X, and 66415 passwords/second on a dual G4 800mhz using OS 9.2.

As stated from the MWH FAQ in regards to similar products, “I tried to beat them all and succeeded to a large extend, I think. And on MacOS X, MHW is the only graphical Unix password cracker to date. Bear also in mind that MHW is a suite, not simply a cracker. It generates wordlists, extracts passwd file info like gecos fields, cleans wordlists, and cracks passwords, either with a wordlist or in brute-force mode.”

FROM AN ADMINISTRATORS’ PERSPECTIVE:

Any system administrator can tell you that it’s better to hack your own system before someone with malicious intent does. This is where MHW becomes a powerful adversary as well as a powerful ally. Would you rather have some punk kid running a brute-force attack on your passwd files, seeking root access? Or would you rather get a better night’s rest knowing that you’re far ahead of everyone else? The line between this “hack or be hacked” cyber-society is microscopic in the year 2001 and beyond.

PERSONAL EXPERIENCES:

I tested this program on OS X 10.1.1 and OS 9.1, with mostly positive results. The only trouble I had was in OS X where the application would hang up while doing basic tasks such as exporting a gecos list or choosing a menu item. This may be attributed to the fact that I’m running a clean install of 10.1.1, which is not listed as a tested OS.

However, with those problems aside, MWH is certainly a top-notch product from people who have been in the security auditing and defense business for over 10 years. MHW is fast and lightweight, performing at various user-specified CPU levels. All in all, this product sets the bar for its competitors.

REVIEWER RATING:

The program glitches are minimal, but still should be addressed in future releases.
Out of a possible 5, I rate this program a 4.5.

SYSTEM REQUIREMENTS

MHW 1.1 is a self-contained application, capable of running on both Mac OS 9.x and Mac OS X 10.0.x and 10.1. Using MHW on OS 9 requires the latest version of CarbonLib, available from Apple.

MHW 1.1 also includes a few command-line utilities in the “Goodies” folder for those averse in utilizing the *nix terminal. They are:

  •  SetFile: A utility to set the filetype/creator codes of a file.
  •  passwdgrabber: Based on “Malevolence”, basic password file recovery exploit for OS X.
  •  m2u & u2m: Utility to convert between Mac and UNIX text file formatting.

 

Join our mailing list for the latest security news and deals