Rough Draft OSX Automator – Password Extraction

I have had various discussions with other forensics folks about password dictionaries and their use with my crowbar tools.  So I am doing some experimentation using Automator plus shell script and perl script.  I really think a lot of forensics folks who use Mac OSX forget or underestimate Automator.  In my case I am using it to draft some password extraction tests.

You can download the automator app with a sample text file to run it on.  You can get it from here:PasswordExtractor Automator

Of course it is easy for you to edit the automator app in Automator and see/edit my scripts.  Here is a summary of what it does.  And it becomes more clear if you run it on the included text file.

It has you select a file and runs it through strings.  It sorts it and drops out duplicate strings.  Then it runs that base dictionary file through a perl script several times each time is a slightly different variant.  It is looking for certain flag strings then grabs all the remaining text on the line after that flag text and makes it into a stack of passwords.

It looks for all case insensitive occurrences of pw, pwd, pass and password and they can be followed by any of the three symbols. = – or :

It then takes the text following those text strings and starts at the first letter and dumps that to a line as a password and increments one letter at a time till it hits the full length.

So in essence if the password you really need is embedded in say a URL with pass=supersecretpassword then you will actually get a file where ONLY supersecretpassword occurs on a line in a dictionary.  Perfect for your dictionary attack tools.