May 25, 2017, 07:20:21 AM
Welcome, Guest. Please login or register.

Support THS!! Buy a t-shirt at the top-hat-sec store! http://www.top-hat-sec.com/store/p23/T-Shirts.html

Author Topic: Mac admin password pfff whateva ;)  (Read 3062 times)

Offline NightDefender

  • Experienced
  • ***
  • Posts: 113
  • Internets: +0/-0
Mac admin password pfff whateva ;)
« on: December 18, 2012, 08:19:22 PM »
Hey Team,

I had to use this one this morning for a client that forgot their mac account password. This is really easy and very powerful, just so long as you have physical access. It requires no discs or "hacks" and it is built right into mac which makes it that much more reliable ;)

Enjoy.

Here's how to reset your OS X password without an OS X CD.
the Working solution for me was to create a new admin
you can create new admin like this by deleting a specific file.

You need to enter terminal and create a new admin account:

1. Reboot
2. Hold apple key + s key down after you hear the chime.
(command + s keys on newer Macs)
3. When you get text prompt enter in these terminal commands to create a brand new admin account (hitting return after each line):

mount -uw /
rm /var/db/.AppleSetupDone
shutdown -h now

4. After rebooting you should have a brand new admin account. It will take you through a new quick setup and once in you can do what ever you like to any account. Including resetting passwords.

Merry Christmas everyone  & stay safe on the roads!! :)
The only limits we have are the ones we put on ourselves | No limits

Offline Malachai

  • Top Hat Member
  • Super Elite
  • ********
  • Posts: 2800
  • Internets: +18/-7
  • #!/bin/sh Day/Night (Grey Hat)
Re: Mac admin password pfff whateva ;)
« Reply #1 on: December 18, 2012, 09:55:46 PM »
Well thanks for sharing.. We just received new mac's and I'm in charge now... I'm a windows guy so this will help if it ever happens.
** Dont' judge me! **

*//
  Hope that Firewall works because your SCREWED  
  //*

Offline corr.x86

  • Top Hat Member
  • Elite
  • ********
  • Posts: 1111
  • Internets: +10/-0
  • ^That's a lie
Re: Mac admin password pfff whateva ;)
« Reply #2 on: December 19, 2012, 04:11:55 AM »
lol, so what you deleted was a hidden file like .timemachinenotpresent? mhmmm. mac is that easy to administer eh. can i lock .AppleSetupDone? okay lemme try that later. enabling hidden files is a hassle for mac. x_x gotta logout and log back in. ugh.

btw, what is mount -uw? oh, okay, -u is to change the state to either -r(read) or -w(read-write).

cool, thanks for the share!

btw, try rm -rf /var/db

hahaha, okay, jk, DONT TRY THAT!
"I have this assignment bla bla bla, can you give me teh codez?"

"www.adoptamalware.com would be a nice website to run."

Offline n1tr0g3n

  • Super Elite
  • ******
  • Posts: 4734
  • Internets: +63/-2
  • MCSA, MCP, MCTS, DCSE, CE/H, ACSP, N+,A+, CWSP
    • n1tr0g3n Information Security Blog
Re: Mac admin password pfff whateva ;)
« Reply #3 on: December 19, 2012, 08:18:23 PM »
Nice one NightDefender I added it to my blog for future reference  8)  I even gave you full credit for the tut 8)
"It's mind over matter, If you don't have a mind then it doesn't matter

Youtube  Channnel
http://www.youtube.com/user/n1tr0g3n0x1d3
Twitter  https://twitter.com/n1tr0g3n_com
http://www.n1tr0g3n.com  
http://teamctfu.weebly.com/

Offline NightDefender

  • Experienced
  • ***
  • Posts: 113
  • Internets: +0/-0
Re: Mac admin password pfff whateva ;)
« Reply #4 on: December 20, 2012, 02:32:06 AM »
lol, so what you deleted was a hidden file like .timemachinenotpresent? mhmmm. mac is that easy to administer eh. can i lock .AppleSetupDone? okay lemme try that later. enabling hidden files is a hassle for mac. x_x gotta logout and log back in. ugh.

btw, what is mount -uw? oh, okay, -u is to change the state to either -r(read) or -w(read-write).

cool, thanks for the share!

btw, try rm -rf /var/db

hahaha, okay, jk, DONT TRY THAT!

-u is to change the state of an already mounted file system
-w is for mounting file system as read/write

So hence when rebooting you are changing the state of the file system that is already mounted, re-initiating a mount under the conditions of read/write access as admin giving you Mac overlord power to obliterate whatever you wish. Hehe just joking I really did do this for work and did not destroy a thing. Came in pretty handy as the client is a demanding client with no time to waste.
The only limits we have are the ones we put on ourselves | No limits

Offline NightDefender

  • Experienced
  • ***
  • Posts: 113
  • Internets: +0/-0
Re: Mac admin password pfff whateva ;)
« Reply #5 on: December 20, 2012, 02:40:28 AM »
Well thanks for sharing.. We just received new mac's and I'm in charge now... I'm a windows guy so this will help if it ever happens.

No probs Malachai, I can vouch for this as I have used it in a live environment. Just be really careful you don't delete the wrong thing or you will have to either go to the recovery partition or get out the install discs and be doctor mac. :) I am glad I got it right first go because I am not a mac expert by any means.

Hey Malachai another one that is very handy is clearing the PRAM. This is not for the same issue but is used if the mac mysteriously shuts down either on boot, 5 mins, 2hrs, end of the day. I made a comment about this another time.

I have mixed feelings about macs. I have owned one and they are awesome and can be annoying with some stuff.

Recommend: Sophos anti-virus for mac home (free) depending on how you feel about Sophos,also if it decides to randomly shut down on you, a real simple fix is to clear the PRAM like this...command +option + P + R at the same time at boot up until you see the little spinning wheel. This should fix the issue. http://support.apple.com/kb/HT1379 but hopefully you wont have that issue for a while.
The only limits we have are the ones we put on ourselves | No limits

Offline NightDefender

  • Experienced
  • ***
  • Posts: 113
  • Internets: +0/-0
Re: Mac admin password pfff whateva ;)
« Reply #6 on: December 20, 2012, 02:43:57 AM »
Nice one NightDefender I added it to my blog for future reference  8)  I even gave you full credit for the tut 8)

Ah cool thanks Mate. My first re-post on a website. Muchos gracias. :)
The only limits we have are the ones we put on ourselves | No limits

Offline em3rgency

  • Elite
  • *****
  • Posts: 744
  • Internets: +36/-3
  • OSWP SQLi N+
    • Security Research
Re: Mac admin password pfff whateva ;)
« Reply #7 on: December 20, 2012, 08:14:42 AM »
ya bro, I gave you credit too. Nice find
Website: http://www.em3rgency.com

My other computer is your computer.

Offline eddy315west

  • Prospect
  • *
  • Posts: 26
  • Internets: +0/-0
Re: Mac admin password pfff whateva ;)
« Reply #8 on: February 13, 2013, 12:49:29 AM »
Thanks ! This came handy about a week ago for me !
Now if someone could figure out how to bypass the pin number input or the efi password on a 2011 MBP they would be the man!