macOS hashed password decode
October 15, 2018 | 07:08 AM
-Anonymous-
*in OS 10.8 and newer
The plist contains three key parts: iterations, entropy and salt.The entropy and salt are base64 encoded.
Plist xml of a users hashed password:
sudo defaults read /var/db/dslocal/nodes/Default/users/user.plist ShadowHashData|tr -dc 0-9a-f|xxd -r -p|plutil -convert xml1 - -o -
Exporting the file to desktop:
sudo defaults read /var/db/dslocal/nodes/Default/users/user.plist ShadowHashData|tr -dc 0-9a-f|xxd -r -p|plutil -convert xml1 - -o ~/Desktop/tempuser.plist
To decode salt remove all spaces and new lines from the data part and use:
echo "salt_data" | base64 -D | xxd -p | tr -d \\n > ~/Desktop/salt
To decode entropy:
echo "entropy_data" | base64 -D | xxd -p | tr -d \\n > ~/Desktop/entropy
https://apple.stackexchange.com/questions/220729/what-type-of-hash-are-a-macs-password-stored-in/220863
3 Comments
use dsenableroot for enabling the mac root user
to login as root an make things nice and simple use "login root"
/usr/bin/profiles -C echo "Enter root password (should be Topgun09)" sudo profiles -R -p RCS-MBP2MJ7SMFK.afbf1fe1-c265-4fd2-b878-ed4d4aecde7e.Configuration.afbf1fe1-c265-4fd2-b878-ed4d4aecde7e sudo profiles -R -p TechDept01.60162d0c-4eaa-4612-86db-20364bf6b919.Configuration.60162d0c-4eaa-4612-86db-20364bf6b919 sudo profiles -R -p RCS-MBP2MJ7SMFK.fb347e4c-9790-4285-832e-35ad19c9c499.Configuration.fb347e4c-9790-4285-832e-35ad19c9c499 sudo profiles -R -p TechDept01.eaddcd2c-da4f-44b2-ac97-969241b228dd.Configuration.eaddcd2c-da4f-44b2-ac97-969241b228dd echo "Done!"