Beruflich Dokumente
Kultur Dokumente
NEW ADMINISTRATOR
ACCOUNT
This method tricks the computer into thinking the computer its brand new and leads you through the
setup again to create a new administrator account.
This guide should take only about five or ten minutes to complete, but as there is some music and
you have to boot into single-user mode, you may want to bring headphones if youre in a public
place.
If you want to recover the password of any current user on the target computer in cleartext (that
means actually viewing the users password instead of just resetting it), check out our easy guide on
cracking Mac OS X passwords.
You might want to have your wireless network password on hand, which isnt required, but certainly
helpful if you want to have access to the internet on a secured network right away.
We do not recommend this procedure on machines running 10.4.x due to crash reports.
PROCEDURE
1. BOOT INTO SINGLE-USER MODE
Turn on the computer. Upon hearing the startup chime, hold the key combination CMD+S. This boots
the computer into single-user mode, which in turn gives you access via the root user. It is important
to note, however, that this can be blocked by a firmware password. If thats the case, head on over to
one of our other guides on getting into single-user mode while locked.
This command deletes the file .applesetupdone in the /var/db/ directory, which the computer checks
for on startup to ensure that the computer has already been set up.
4. REBOOT
Pretty self explanatory. We need the system to reboot so it can check for the file and then notice its
missing. Type in:
reboot
6. CONTINUE SETUP
Go through the rest of the setup process.
Dont worry, all of your old files will still be on the computer.
At one point during setup you will have to configure your internet connection, this is when you need
your wireless password. Its fine if you dont have the password, you can enter it later if you need to.
You can name the account anything that you want, except for the name of the old administrator
account. If the new account is given the same name as the old one it will overwrite the old account,
causing all the old accounts files to be deleted.
It is not hidden in any way, and it does not have any special privileges.
With this account you will be able to change the password on the old administrator
account, and access the files of any account stored locally on the computer (unless the old
user has enabled FileVault on their account.
Again, if youd prefer to recover the password of any current user on the computer, follow our other
guide on cracking Mac passwords.
PROCEDURE
1. LOG IN AND OPEN TERMINAL.
Log into any account on the computer and open up the Terminal application. This application can be
found at /Applications/Utilities/Terminal.app
In both cases replace <username> with the shortname of the account you want to find the password
for. (i.e. admin or root) You should get a value that looks like A66BCB30-2413-422A-A574DE03108F8AF2. This is the GUID. Write it down, well need it later on.
After running the command, it should spit back out a hash thats formatted like this:
33BA7C74C318F5D3EF40EB25E1C42F312ACF905E20540226.
John will use brute force to determine what the password is in cleartext. That means that the
application will systematically generate passwords, encrypt them into the salted SHA1 hash, and
check them against the hash you found to see if the password matches.
You can download John the Ripper for Mac OS X here, and for Windows here.
Open up the zip file and drag the John the Ripper folder into your base directory. Now it gets a little
tricky so be sure to follow the instructions correctly.
If John is successful in decrypting the hash, youll get a message in the form of:
Depending on the complexity of the password this process could take anywhere from a second to a
day, so be patient. When John is succesful at cracking the hash, it will display something along the
lines of:
password (crackMe) guesses: 1 time: 0:00:00:00 100% (2) c/s: 153000 trying:
password