G-Stress Posted December 15, 2006 Share Posted December 15, 2006 Hey guys, I got a pretty good challenge on my hands. One that I'm surprised I haven't seen here yet. OS X security seems to be pretty good. I have my friends ibook with FileVault enabled. I thought I could just be slick and boot off a live CD and gain access to the drive. Something weird, I don't really have any mac experience, but it won't accept any disc in the cd drive. It just spits them all back out I'm not sure if this is in mac security of if the drive could be bad or something I know it isn't the cd's I've used a good variety even a macintosh printer installation cd just to see if it'd read it. So I just messed around for a few tryin default log in techniques and after sometime just tried root for user and a couple bad passwords and it asked me for the master password to reset a user password. Just curious does anyone know of a way to crack an actually account or master password. Any good mac or linux type tool? Also do macs have like a bios/cmos setup? Sorry for all the n00b ?'s I been googling for about 4 hours now, my friend saw what I can do with my favorite live-cd distro and he had a mac so I decided to test it on a mac, but im just not sure now if his drive works or if it's a mac security issue why it won't accept any cd-media? Appreciate any guidance:) Quote Link to comment Share on other sites More sharing options...
Sparda Posted December 15, 2006 Share Posted December 15, 2006 If it's like any thing like Linux, the password is just stored as a md5 hash, except Linux (and BSD) also add a trailing string (some thing to do with time of root user creating or some thing strange like that). Anyway, it will be pretty hard to crack, there aren't any (known) weaknesses in the algorithms, and a time/disk space trade off thing doesn't work because each machine (except in a network environment where all machines authenticate with a server) adds a unique string (of numbers?) to the password before it hashes is. All you can attempt to do is grab the password hashes (Don't know where there stored my self, but I'll bet only root can read them) and find out what the unique string is that is added to the password before hashing occurs (and work out where and how it is added), then just get brute forcing, and wait a long time if the passwords are any good. Quote Link to comment Share on other sites More sharing options...
Darren Kitchen Posted December 15, 2006 Share Posted December 15, 2006 For those interested in what Sparda is talking about I recommend starting here: http://en.wikipedia.org/wiki/Salt_(cryptography) Cooper: Fixed the URL Quote Link to comment Share on other sites More sharing options...
maddog Posted December 15, 2006 Share Posted December 15, 2006 This is a good website I found a while ago. http://www.securemac.com/macosxsingleuser.php Note: It won't work if the hashes are stored on the network. Quote Link to comment Share on other sites More sharing options...
cooper Posted December 15, 2006 Share Posted December 15, 2006 Take out the harddisk and attach it to your own machine. Mount it. Happy hunting. Quote Link to comment Share on other sites More sharing options...
G-Stress Posted December 15, 2006 Author Share Posted December 15, 2006 Thanks for all the input guys:D could I mount the HD in a windows based system and see the the contents/file system of the drive since it's a mac? Or does it have to be a linux or mac based type system? @maddog Yea I did check that website which gave me a good understanding on how good mac security is. Thanks though. Quote Link to comment Share on other sites More sharing options...
VaKo Posted December 15, 2006 Share Posted December 15, 2006 It can be any OS you want, it just has to be able to read HFS Plus. This is more likely to happen in Linux. Quote Link to comment Share on other sites More sharing options...
cooper Posted December 15, 2006 Share Posted December 15, 2006 Another thing to consider is that you need an adapter to go from laptop drive to regular IDE. But aside from that you're good to go. Quote Link to comment Share on other sites More sharing options...
G-Stress Posted December 16, 2006 Author Share Posted December 16, 2006 Yea I figured linux would be a better way to go with reading the drive. I do have the adapter to go from lap-top HD to IDE so I guess I am good there. I guess I just have 1 more ? about the whole situation. The cd-rom, this is one where it's not a slot you slide the cd into it's more like a ibm based machine where it has the drive tray, but... is it an OS X security issue to where it will not ready any disc until sucessful log in, or is it possible there could be some type of bios preventing it? I never seen a mac or heard of one with a bios cmos feature and so far haven't found any useful info googling except I think I read the new mac's with the intel chip I think has a bios. Quote Link to comment Share on other sites More sharing options...
melodic Posted December 16, 2006 Share Posted December 16, 2006 putting the hardrive in your pc will NOT work... thats 100% what filevault protects AGAINST it encrypts ALL the files... so u ent getting ne thing with out that password mate... Quote Link to comment Share on other sites More sharing options...
Alex Posted December 18, 2006 Share Posted December 18, 2006 Filevault only encripts the users home folder so hold command (that little apple key) and S when you boot. You'll log into Darwin as root automatically with the drive set as read only, from there grabbing hashes shouldn't be too hard. Quote Link to comment Share on other sites More sharing options...
maddog Posted December 18, 2006 Share Posted December 18, 2006 This is a good website I found a while ago.http://www.securemac.com/macosxsingleuser.php Note: It won't work if the hashes are stored on the network. Please read the entire thread next time. *cough*Alex*cough* Quote Link to comment Share on other sites More sharing options...
G-Stress Posted December 18, 2006 Author Share Posted December 18, 2006 Filevault only encripts the users home folder so hold command (that little apple key) and S when you boot. You'll log into Darwin as root automatically with the drive set as read only, from there grabbing hashes shouldn't be too hard. Hey thanks man. It loaded Darwin just fine. Although I've never messed with Darwin I should be able to get the hashes and hopefully crack them. What I was thinking was dumping the hashes to a usb drive and it being a mac system, using a version of linux to crack the hashes or is a hash file just a hash file reguardless of platform? One thing I was curious about is since I am able to boot Darwin couldn't I somehow just add a user account that way to log onto the system then proceed to try to gain the highest level of priveledges? I was able to get the ibook to at least read cd's... well I found an old one I burned along time ago os x cd 1, back track and knoppix it did not spit any of those back out, but when I boot holding option to select boot device only the hard drive was listed. I'm getting closer and shall own this ibook soon. :D Quote Link to comment Share on other sites More sharing options...
ichthuz Posted December 26, 2006 Share Posted December 26, 2006 when you find the dir with the hashes post it here or PM me plox.. im working towards the Switchblade for mac so hopefully i can get a lil pwdump(mac) goin Quote Link to comment Share on other sites More sharing options...
G-Stress Posted December 30, 2006 Author Share Posted December 30, 2006 Ok will do. I did manage to get around the password, I removed the .AppleSetupDone file in Darwin and rebooted it and went through the os x setup and gave me and administrator account... too easy :) Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.