Just like on Windows, there are quite a few ways to break into a Mac, but many of them are variations on the same thing, so we’re going to highlight the two easiest ways — one with a Mac OS X installer CD and one without — and show you how to keep yourself protected. Note that while these two methods will get you into the OS without knowing the password, you can always just use our previously mentioned “lazy method” with a Mac too — just boot up the computer with a Linux Live CD and start grabbing files.
How to Reset the Mac OS X Password
Both of the methods outlined below are ways to reset the Mac OS X password. While there are cracking utilities like John the Ripper or THC-Hydra, they’re either complicated to use or expensive to buy, so we won’t go into them here like we did with Windows (which has the very easy-to-use Ophcrack). Both of these methods assume the target computer is running Snow Leopard.
Method One: Use the Mac OS X Installer CD
If you have the Mac OS X installer CD handy, it’s super easy to change the administrator account’s password. Just insert the CD into the target Mac and hold the “c” key as you boot up the computer. It will boot into the Mac OS X installer.
Enter a new password for that user and hit the save button. That’s it! When you reboot the computer, you can use your new password to log into the computer. Note that unfortunately, you still won’t be able to unlock the Keychain, so if what you’re trying to access has another layer of password protection, you won’t be able to access it.
Method Two: Boot into Single-User Mode
If you don’t have an installer CD handy, you just need to do a bit of fancy command-line footwork to achieve the same end as the CD method. Boot up the computer, holding Command+S as you hear the startup chime. The Mac will boot into single user mode, giving you a command prompt after loading everything up. Type the following commands, hitting Enter after each one and waiting for the prompt to come up again before running the next one:
/sbin/mount -uw /
launchctl load /System/Library/LaunchDaemons/com.apple.DirectoryServices.plist
dscl . -passwd /Users/whitsongordon lifehacker
whitsongordon with the user who’s account you want to access and
lifehacker with the new password you want to assign to that user.
If you don’t know the users username, it should be pretty easy to run
ls /Users at any time during single user mode to list all the home folders on the Mac, which usually correspond to the usernames available on the Mac. Note that, once again, this doesn’t give you access to the OS X Keychain, so anything protected with another layer of password s will be off-limits.
How to Protect Your Mac from Being Broken Into
Luckily, while it’s pretty easy to break into a Mac, it’s also just as easy to protect yourself. Just like last time, our main recommendation is encrypting your entire OS. Note that this does not mean use OS X’s built-in FileVault tool. We weren’t impressed with FileVault the last time we looked at it, and it turns out it’s pretty easy to get past FileVault’s so-called protection.
Instead, we recommend you use our favourite free, open-source encryption tool TrueCrypt. It came out with a Mac version back in 2008, and it still works wonderfully at encrypting entire partitions and drives on your computer. And, since anyone wanting to boot the computer needs to know your TrueCrypt password, they’ll never even get to the password reset stage — so all your files will be safe.
As always, these are just a few of the easiest ways to break into a Mac. Do you know of any others? Share them with us in the comments (don’t forget to share their weaknesses, too, so we know how to protect ourselves from them).