/etc/shadow on Mac

27,191

Solution 1

Starting with Lion, there is a shadow file per user. All of those are stored in /var/db/dslocal/nodes/Default/users directory and are accessible by root only. For example:

$ ls -lah /var/db/dslocal/nodes/Default/users/
total 296
drwx------  77 root  wheel   2.6K Jul 27 20:30 .
drw-------  12 root  wheel   408B Jul 27 20:30 ..
-rw-------   1 root  wheel   4.0K Jul 27 20:30 Guest.plist
-rw-------   1 root  wheel   260B Jul 27 20:17 _amavisd.plist
-rw-------   1 root  wheel   254B Jul 27 20:17 _appleevents.plist
-rw-------   1 root  wheel   261B Jul 27 20:17 _appowner.plist
-rw-------   1 root  wheel   276B Jul 27 20:17 _appserver.plist

Also, those are binary property list files. The easiest way of viewing them is using plist command. For example:

$ plutil -p /var/db/dslocal/nodes/Default/users/root.plist 
{
  "smb_sid" => [
    0 => "XXXX-XXXX"
  ]
  "uid" => [
    0 => "0"
  ]
  "passwd" => [
    0 => "XXYYXX"
  ]
}

Solution 2

Mac OS X doesn't use the standard /etc/passwd and /etc/shadow. Instead, it uses a database. There use to be a GUI called NetInfo, but that has been replaced with the dscl command (Directory Services Command Line).

$ dscl
> read /Local/Default/Users/David Password
Password: ********

Unfortunately, that's about as far as I can get with the utility. It printed out asterisks instead of the password. Maybe there's a way to make it give up the hash, but I haven't found it.

Her's an article detailing using DSCL and cracking passwords on a Mac.

Share:
27,191

Related videos on Youtube

Admin
Author by

Admin

Updated on November 22, 2022

Comments

  • Admin
    Admin 12 months

    I've been trying to run this Linux passwd-generator file on my Mac. I modified enough the script to make it to work well with directories under OSX:

    #!/bin/sh
    # build-passwd.sh - creates a password file which contains all OS users (except root)
    PASSWDIR=$(cd "$(dirname "$0")"; pwd)/etc
    PASSWFN=$PASSWDIR/passwd
    if [ ! -d "$PASSWDIR" ]; then
    mkdir $PASSWDIR
    echo "$PASSWDIR created"
    fi
    sudo awk -F":" '
    BEGIN {OFS=":"}
    {if ($1 != "root" && $2 != "!" && $2 != "*") print $1,$2}
    ' /etc/shadow > $PASSWFN **<===here's my problem**
    if [ $? = 0 ]; then
    echo "Password file saved to $PASSWFN"
    fi
    

    But didn't succeed because there is no "/etc/shadow" on Mac.

    So do you know if there is some alternative to this? (I also tried to copy/paste the file from my Linux installation using the same password)

  • Admin
    Admin about 5 years
  • Admin
    Admin almost 5 years
    I am not sure this this has changed since Lion but I just tried to access this /var/db/dslocal/nodes/... and only got up to /nodes/ before I couldn't go any further. Also, after cding into it and trying to do a ls -l I was returned Operation not permitted. Any reason as to why?