Even if you aren't a sinister evildoer, there could be times when you need to get into a computer without the password. It's quite easy to do on a Mac, and learning how to do it can help you keep yourself better protected, too. Here's how it works.
Most methods of breaking into a Mac are variations on the same thing, so we're going to highlight the two easiest ways—one with a Mac OS X installer and one without—and show you how to avoid having them used on you. Note that while these two methods will get you into the OS without knowing the password, you can always just use our previously mentioned "lazy method" with a Mac too—just boot up the computer with a Linux Live CD and start grabbing files.
Both methods outline ways to reset the Mac OS X password. While there are cracking utilities like John the Ripper or THC-Hydra, they're either complicated to use or expensive to buy, so we won't go into them here like we did with Windows (which has the very easy-to-use Ophcrack).
Method One: Reset the Password with the OS X Installer
If you have the Mac OS X installer CD handy, it's super easy to change the administrator account's password. Just insert the CD into the target Mac and hold the "c" key as you boot up the computer. It will boot into the Mac OS X installer. If the computer in question doesn't have a CD drive, you can either hold "Option" at boot and choose the Recovery partition at startup, orput the Mountain Lion or Mavericks installer on a flash drive. Once it does, head up to Utilities in the menu bar and choose Password Reset. You'll get a window prompting you to select the drive on which OS X is installed; so choose the drive you want to get into and select the user whose password you want from the drop-down menu. If you're using the Mountain Lion installer, you won't see this menu item. Instead, choose Terminal from the menu, type in
resetpassword, and press Enter to get to the password reset menu.
Enter a new password for that user and hit the save button. That's it! When you reboot the computer, you can use your new password to log into the computer. Note that unfortunately, you still won't be able to unlock the Keychain, so if what you're trying to access has another layer of password protection, you need to do some extra legwork to view it.
Method Two: Reset the Password in Single User Mode
If you don't have an installer CD handy, you just need to do a bit of fancy command-line footwork to achieve the same end as the CD method. Boot up the computer, holding Command+S as you hear the startup chime. The Mac will boot into single user mode, giving you a command prompt after loading everything up. If the Mac is running Snow Leopard or below, type the following commands, hitting Enter after each one and waiting for the prompt to come up again before running the next one:
/sbin/fsck -fy /sbin/mount -uw / launchctl load /System/Library/LaunchDaemons/com.apple.DirectoryServices.plist dscl . -passwd /Users/whitsongordon lifehacker
If the Mac is running Lion or above, you'll instead want to use the following commands:
/sbin/fsck -fy /sbin/mount -uw / launchctl load /System/Library/LaunchDaemons/com.apple.opendirectoryd.plist dscl . -passwd /Users/whitsongordon lifehacker
whitsongordonwith the user whose account you want to access and
lifehackerwith the new password you want to assign to that user. If you get an error message about
com.apple.DirectoryServicesLocal.pliston a Lion or Mountain Lion machine, just ignore it—the password reset should still work.
If you don't know the user's username, it should be pretty easy to run
ls /Usersat any time during single user mode to list all the home folders on the Mac, which usually correspond to the usernames available on the Mac. Note that the user's password is different than the root password. If you want access to the more secured parts of their machine—like their password keychain—you can change their root password by running this commandafter loading
Once finished, you should have access to most of their system, including their saved passwords for other apps.
How to Protect Your Mac from Being Broken Into
Both of these methods are easy to pull off, but if your victim has encrypted their hard drive, you won't be able to see or reset the password. So, to protect yourself from these attacks, it's a good idea to turn on FileVault under System Preferences > Security.
However, for even more protection, you can set up a firmware password on your machine. Just boot up from the OS X Installer CD and go to Utilities > Firmware Password Utility and set a firmware password. This prevents other folks from being able to boot up your computer from another hard disk, CD, or even in single user mode. Someone with bad intentions could still bypass it, but it would require quite a bit of alone time with your hardware. So, for best results, you'll probably want to have both layers of protection: encrypt your drive with FileVault and set up a firmware password using the installer CD.
As always, these are just a few of the easiest ways to break into a Mac. Try it for yourself on your own machine—you'll be shocked at how easy it is. The takeaway? Set up FileVault and a firmware password to keep yourself protected.
This post is part of our Evil Week series at Lifehacker, where we look at the dark side of getting things done. Knowing evil means knowing how to beat it, so you can use your sinister powers for good. Want more? Check out our evil week tag page.
Post a Comment