Forums
New posts
Articles
Product Reviews
Policies
FAQ
Log in
Register
What's new
Search
Search
Search titles only
By:
New posts
Menu
Log in
Register
Install the app
Install
Forums
Apple Computing Products:
macOS - Operating System
Can you recover a lost Admin user account?
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Reply to thread
Message
<blockquote data-quote="savers" data-source="post: 55182"><p>or would this work?</p><p></p><p>----------------</p><p></p><p>Exploit</p><p></p><p>Step 1) Restart the computer (or turn it on if it's already off) while holding down the command and s keys at the same time. (If the computer is running Mac OS Public Beta, just press the s key.) They have root privileges at this moment, but now it's time to take advantage of these privileges.</p><p></p><p>Step 1.5) Type "/sbin/fsck -y". (Type this without the quotes, of course.) (This step really isn't necessary at all, but it just takes a second, and they might as well just do a quick check of the hard disk before mounting it.)</p><p></p><p>Step 2) Type "/sbin/mount -wu /" (This mounts the volume "/" with read/write access.)</p><p></p><p>Step 3) Type "/sbin/SystemStarter" (This starts the network services, which is necessary to gain access to NetInfo.)</p><p></p><p>Step 4) Here, one could now just type "passwd root" and override the existing root password with one of their own, or worse yet, someone could just get the current root password (and/or the administrative user account password) so the administrators of that computer don't know that their security has been compromised. One of the easiest ways to do this is to just type "nidump passwd ." and write down the root account's password hash. (The hash will be the text that looks like just a garbled mess of alphanumeric characters between two colons.)</p><p></p><p></p><p>Step 5) Now one can type up what they wrote down into a plain text file like the following example: "root:rQkFQ37SYveHw:0:0::0:0:System Administrator:/var/root:/bin/tcsh".</p><p></p><p>Step 6) Finally, they'll use a cracking program like John the Ripper for the PC, or the Meltino, a Classic Macintosh application, to crack the password hash.</p><p></p><p>And when it's finally cracked it, they've got the password</p><p></p><p></p><p>3) Capitalization Matters! "/sbin/SystemStarter" </p><p></p><p>Posted: February 27, 2004, 5:21 pm Post subject</p></blockquote><p></p>
[QUOTE="savers, post: 55182"] or would this work? ---------------- Exploit Step 1) Restart the computer (or turn it on if it's already off) while holding down the command and s keys at the same time. (If the computer is running Mac OS Public Beta, just press the s key.) They have root privileges at this moment, but now it's time to take advantage of these privileges. Step 1.5) Type "/sbin/fsck -y". (Type this without the quotes, of course.) (This step really isn't necessary at all, but it just takes a second, and they might as well just do a quick check of the hard disk before mounting it.) Step 2) Type "/sbin/mount -wu /" (This mounts the volume "/" with read/write access.) Step 3) Type "/sbin/SystemStarter" (This starts the network services, which is necessary to gain access to NetInfo.) Step 4) Here, one could now just type "passwd root" and override the existing root password with one of their own, or worse yet, someone could just get the current root password (and/or the administrative user account password) so the administrators of that computer don't know that their security has been compromised. One of the easiest ways to do this is to just type "nidump passwd ." and write down the root account's password hash. (The hash will be the text that looks like just a garbled mess of alphanumeric characters between two colons.) Step 5) Now one can type up what they wrote down into a plain text file like the following example: "root:rQkFQ37SYveHw:0:0::0:0:System Administrator:/var/root:/bin/tcsh". Step 6) Finally, they'll use a cracking program like John the Ripper for the PC, or the Meltino, a Classic Macintosh application, to crack the password hash. And when it's finally cracked it, they've got the password 3) Capitalization Matters! "/sbin/SystemStarter" Posted: February 27, 2004, 5:21 pm Post subject [/QUOTE]
Verification
Name this item. 🍎
Post reply
Forums
Apple Computing Products:
macOS - Operating System
Can you recover a lost Admin user account?
Top
