Even if you aren’t the most evil of folk, there could be times when you need to get into a computer without the password. It’s quite easy on a Mac, and learning how to do it can help you keep yourself better protected, too. Here’s how it works.
Most methods of breaking into a Mac are variations on the same thing, so we’re going to highlight the two easiest ways — one with a Mac OS X installer CD and one without — and show you how to avoid having them used on you. Note that while these two methods will get you into the OS without knowing the password, you can always just use our previously mentioned “lazy method” with a Mac too — just boot up the computer with a Linux Live CD and start grabbing files.
Both methods outline ways to reset the Mac OS X password. While there are cracking utilities like John the Ripper or THC-Hydra, they’re either complicated to use or expensive to buy, so we won’t go into them here like we did with Windows (which has the very easy-to-use Ophcrack).
Method One: Use the Mac OS X Installer CD
Method Two: Boot into Single-User Mode
[image url=”https://cache.gawkerassets.com/assets/images/17/2011/10/dsc_0013.jpg” size=”legacy” align=”right” If you don’t have an installer CD handy, you just need to do a bit of fancy command-line footwork to achieve the same end as the CD method. Boot up the computer, holding Command+S as you hear the startup chime. The Mac will boot into single user mode, giving you a command prompt after loading everything up. Type the following commands, hitting Enter after each one and waiting for the prompt to come up again before running the next one:
/sbin/mount -uw /
launchctl load /System/Library/LaunchDaemons/com.apple.DirectoryServices.plist
dscl . -passwd /Users/whitsongordon lifehacker
whitsongordon with the user whose account you want to access and
lifehacker with the new password you want to assign to that user.
If you don’t know the user’s username, it should be pretty easy to run
ls /Users at any time during single user mode to list all the home folders on the Mac, which usually correspond to the usernames available on the Mac. Note that, once again, this doesn’t give you access to the OS X Keychain, so anything protected with another layer of passwords will be off-limits.
How to Protect Your Mac from Being Broken Into
Both of these methods are easy to pull off, but if your victim has encrypted their hard drive, you won’t be able to see or reset the password. So, to protect yourself, it’s a good idea to turn on FileVault under System Preferences > Security.
However, for even more protection, you can set up a firmware password on your machine. Just boot up from the OS X Installer CD and go to Utilities > Firmware Password Utility and set a firmware password. This prevents other folks from being able to boot up your computer from another hard disk, CD or even in single user mode. Someone with bad intentions could still bypass it, but it would require quite a bit of alone time with your hardware. So, for best results, you’ll probably want to have both layers of protection: encrypt your drive with FileVault and set up a firmware password using the installer CD.
As always, these are just a few of the easiest ways to break into a Mac. Do you know of any others? Share them with us in the comments (don’t forget to share their weaknesses, too, so we know how to protect ourselves from them).
Lifehacker’s Evil Week is all about topics such as password cracking, social hacking and other questionable tricks to make sure you’re in the know. Knowledge is power, and whether you use that power for good or evil is in your hands.