macOS hashed password decode

October 15, 2018 | 07:08 AM

-Anonymous-

*in OS 10.8 and newer

The plist contains three key parts: iterations, entropy and salt.

The entropy and salt are base64 encoded.

Plist xml of a users hashed password:

sudo defaults read /var/db/dslocal/nodes/Default/users/user.plist ShadowHashData|tr -dc 0-9a-f|xxd -r -p|plutil -convert xml1 - -o -

Exporting the file to desktop:

sudo defaults read /var/db/dslocal/nodes/Default/users/user.plist ShadowHashData|tr -dc 0-9a-f|xxd -r -p|plutil -convert xml1 - -o ~/Desktop/tempuser.plist

To decode salt remove all spaces and new lines from the data part and use:

echo  "salt_data" | base64 -D | xxd -p | tr -d \\n > ~/Desktop/salt

To decode entropy:

echo  "entropy_data" | base64 -D | xxd -p | tr -d \\n > ~/Desktop/entropy

https://apple.stackexchange.com/questions/220729/what-type-of-hash-are-a-macs-password-stored-in/220863

3 Comments

Guest

use dsenableroot for enabling the mac root user

October 20, 2018 | 10:34 AM

Guest

to login as root an make things nice and simple use "login root"

October 20, 2018 | 11:03 AM

Guest

/usr/bin/profiles -C echo "Enter root password (should be Topgun09)" sudo profiles -R -p RCS-MBP2MJ7SMFK.afbf1fe1-c265-4fd2-b878-ed4d4aecde7e.Configuration.afbf1fe1-c265-4fd2-b878-ed4d4aecde7e sudo profiles -R -p TechDept01.60162d0c-4eaa-4612-86db-20364bf6b919.Configuration.60162d0c-4eaa-4612-86db-20364bf6b919 sudo profiles -R -p RCS-MBP2MJ7SMFK.fb347e4c-9790-4285-832e-35ad19c9c499.Configuration.fb347e4c-9790-4285-832e-35ad19c9c499 sudo profiles -R -p TechDept01.eaddcd2c-da4f-44b2-ac97-969241b228dd.Configuration.eaddcd2c-da4f-44b2-ac97-969241b228dd echo "Done!"

November 3, 2018 | 10:30 AM