/etc/shadow on Mac
Solution 1
Starting with Lion, there is a shadow file per user. All of those are stored in /var/db/dslocal/nodes/Default/users
directory and are accessible by root only. For example:
$ ls -lah /var/db/dslocal/nodes/Default/users/
total 296
drwx------ 77 root wheel 2.6K Jul 27 20:30 .
drw------- 12 root wheel 408B Jul 27 20:30 ..
-rw------- 1 root wheel 4.0K Jul 27 20:30 Guest.plist
-rw------- 1 root wheel 260B Jul 27 20:17 _amavisd.plist
-rw------- 1 root wheel 254B Jul 27 20:17 _appleevents.plist
-rw------- 1 root wheel 261B Jul 27 20:17 _appowner.plist
-rw------- 1 root wheel 276B Jul 27 20:17 _appserver.plist
Also, those are binary property list files. The easiest way of viewing them is using plist
command. For example:
$ plutil -p /var/db/dslocal/nodes/Default/users/root.plist
{
"smb_sid" => [
0 => "XXXX-XXXX"
]
"uid" => [
0 => "0"
]
"passwd" => [
0 => "XXYYXX"
]
}
Solution 2
Mac OS X doesn't use the standard /etc/passwd and /etc/shadow. Instead, it uses a database. There use to be a GUI called NetInfo, but that has been replaced with the dscl
command (Directory Services Command Line).
$ dscl
> read /Local/Default/Users/David Password
Password: ********
Unfortunately, that's about as far as I can get with the utility. It printed out asterisks instead of the password. Maybe there's a way to make it give up the hash, but I haven't found it.
Her's an article detailing using DSCL and cracking passwords on a Mac.
Related videos on Youtube
Admin
Updated on November 22, 2022Comments
-
Admin 12 months
I've been trying to run this Linux passwd-generator file on my Mac. I modified enough the script to make it to work well with directories under OSX:
#!/bin/sh # build-passwd.sh - creates a password file which contains all OS users (except root) PASSWDIR=$(cd "$(dirname "$0")"; pwd)/etc PASSWFN=$PASSWDIR/passwd if [ ! -d "$PASSWDIR" ]; then mkdir $PASSWDIR echo "$PASSWDIR created" fi sudo awk -F":" ' BEGIN {OFS=":"} {if ($1 != "root" && $2 != "!" && $2 != "*") print $1,$2} ' /etc/shadow > $PASSWFN **<===here's my problem** if [ $? = 0 ]; then echo "Password file saved to $PASSWFN" fi
But didn't succeed because there is no "/etc/shadow" on Mac.
So do you know if there is some alternative to this? (I also tried to copy/paste the file from my Linux installation using the same password)
-
Admin about 5 yearsFor more, see apple.stackexchange.com/questions/220729 .
-
Admin almost 5 yearsI am not sure this this has changed since Lion but I just tried to access this
/var/db/dslocal/nodes/...
and only got up to/nodes/
before I couldn't go any further. Also, aftercd
ing into it and trying to do als -l
I was returnedOperation not permitted
. Any reason as to why?