All Your Mac Are Belong to Us: How to Easily Reset an OSX Password
This post was published 2 years 3 months 25 days ago and its content may not be valid anymore.Forget about setting a password on your Mac as a way to protect your data. It seems MacOS X passwords are extremely easily hacked simply by booting a Mac into single user mode.
When starting the Mac, after the chime, hold the Apple and S keys – This will enter the OS into single user mode.
To crack a the machines password you will need to know the username of main account. If you don’t know the username, while in single user mode, type:
niutil -list . /users
After the username is obtained then type in:
#sh /etc/rc
#passwd username
#reboot
Be sure to replace username with the username of the machine. Even though this hack will grant you entry to the Mac, all the keychain passwords on the compromised machine will be erased.
Thanks for the tip Adam! (Also, Couldn’t resist the reference in the title)
holy crap ! thats more crap than with windows! where you need a special boot disc to reset the friggin password!!! damn, thats messed up!
It’s seriously messed up, and I was appauled by target mode, at least that requires a FireWire cable.
I was wondering if FileVault or setting an Open FirmWare password will protect you?
It’s not crap. It’s the normal Unix-y way of resetting a password when in single-user mode…
This would be why security experts tell that if anyone’s got physical access to your machine you are owned, regardless of OS or anything else.
If they have physical access, they win.
Now, if they were able to do this sort of thing remotely, then, yes, it would be cause for alarm.
Wow! I didn’t know a superuser / root had this much power!
Now they just need to know my root password and they’re in?
:-P
This is a documented feature of Single User mode. Take 5 minutes to search the discussion forums at apple would give you the same result. This isn’t anything unsecure. physical access is required and it isn’t something that can be done remotely.
The OSX boot discs have a reset password utility. Even if this option wasn’t available, just use a standard OSX boot disc.
This is a non-issue. Anyone with physical access already pwns you. Your best bet is to encrypt your data.
I think it’s an issue, because this is not WIDELY known by “commoners”.
My simple(?) question was: Are you protected if you’re using FileVault? My assumption, and expectation is YES!
My recommendation, since I discovered TargetMode, has been to enable things like FileVault if you store ANY private information on your computer (my estimate is that that would cover 99.9 % of ALL computer users).
:(
http://www.petri.co.il/forgot_administrator_password.htm
yeah ofcourse its a non issue…
Note that this will *not* reset your FileVault password, or master password, if you have it enabled.
Plus this is definitely a “feature”… The other day at work I decided to change my machines password. To be safe I saved it remotely on my encrypted disc image at home. But when I came back from lunch and had forgotten the password, I realized that was pretty useless since I require all ssh access to use private keys. Luckily I suffer from the “save more often than you type” syndrome and knew I could reboot the machine without losing anything. So rebooted into single user mode and less than 5mins later I was back to work. On a side note, I’m not a big fan of FileVault, I find it a little slow. But I always keep the most private stuff on an encrypted iso…
Non-issue for the reasons cited above… physical access to the machine and the machine is owned.
This is also why firmware passwords exist. If you are worried about people being able to boot into single user mode and reset passwords then at the very least you should set your firmware password.
The firmware password requires the user to type in a password before the machine will start booting off any drive. The downside to using a firmware is that it slightly complicates troubleshooting when/if things go wrong with OS X.
Instructions for setting up a firmware password are here:
http://docs.info.apple.com/article.html?artnum=106482
so how can I protect my intel based mac with a firmware passwd if it doesn’t support open firmware?
You can still set a firmware password on an Intel by using the Firmware Password utility found on your Restore DVD
Damn another Windows vulner… oh wait, it’s Apple. I thought they were perfect.
R031E5: The instructions I linked to clearly give the instructions for setting up a firmware password on an Intel based mac. (Under the heading “How to enable the Open Firmware Password”.)
damn, sounds like jerry may be a little jealo … oh wait, it’s apple-envy.
hi, i tried to reset the computer with that little bit of info given on the sight, but none of that worked. Even with the correct user name. it just keeps repeating localhost:/root# Also when i type that first part in a bunch of stuff pops up and i have no idea what it is suppose to tell me. Can you help.