The new forums will be named Coin Return (based on the most recent vote)! You can check on the status and timeline of the transition to the new forums here.
The Guiding Principles and New Rules document is now in effect.
OSX Passwords? Unix gurus, rescue me!
Karf
The PastRegistered User regular
The PastRegistered User regular
You know how I've always said "I would have a Mac if I could get one on the cheap?" Well, that time as come. I've just bought a 20" Intel Core Duo iMac for 275 bucks from a second hand store that I help out at. If only I could get into the thing. As always, there is a password on the user account in OSX. Of course, since it came second hand, it did not come with the OSX DVD, so I can't just stick in the disk and change the password. I was up to my balls in Unix yesterday, trying to nidump the password, but I can't quite figure out the context of what I need to type to get it to tell me the hash. I've also passwd 'd and got the prompt to change the root password, but it won't stick. When I try to load SystemStarter, it gives me an error saying that Printing Services couldn't start correctly.
Is there something borked with the install of OSX on this iMac, or am I completly retarded? Since this is my first foray into Unix and OSX, I'm sure I should wear the dunce hat and sit at the back of the class.
Commands that have yielded some success so far (after mounting the drive as read/write):
passwd -i file (promts to change root password, but doesn't stick when I reboot or shutdown -r now) Should I specify what user account after file? Has this, ahem, exploit been closed in the Intel OSX release?
nidump passwd(I haven't figured out what context to use with this -- the /? doesn't help out too much and random internet searches also yeild poor results) I suppose theres no way to add a user account via Unix? I just want to get into my new baby, I don't care if I can get into this current user account.
tl;dr version: Karf buys intel iMac on the cheap. Passworded. No OSX DVD. Help!
Is there something borked with the install of OSX on this iMac, or am I completly retarded? Since this is my first foray into Unix and OSX, I'm sure I should wear the dunce hat and sit at the back of the class.
Commands that have yielded some success so far (after mounting the drive as read/write):
passwd -i file (promts to change root password, but doesn't stick when I reboot or shutdown -r now) Should I specify what user account after file? Has this, ahem, exploit been closed in the Intel OSX release?
nidump passwd(I haven't figured out what context to use with this -- the /? doesn't help out too much and random internet searches also yeild poor results) I suppose theres no way to add a user account via Unix? I just want to get into my new baby, I don't care if I can get into this current user account.
tl;dr version: Karf buys intel iMac on the cheap. Passworded. No OSX DVD. Help!
Karf on
0
Posts
Yeah, that's the backup plan. I have a friend who just got a happy new intel Macbook a month ago, and he would let me use the disk. I'm at my parents house right now, and I can't get back for a week. I'm so very impatient.
I've heard rumors this works.
That's the page I've been using as a guideline.
Well, I'm going to try again-- I just had an idea.
You lucky, lucky lucky bastard.
So... You know the root password?
Easy enough to add an account from the command line:
niutil -create . "/users/username"
niutil -createprop . "/users/username" uid uidnumber
(pick a number > 501 that isn't being used)
niutil -createprop . "/users/username" gid <same number as above>
niutil -createprop . "/users/username" passwd "*"
niutil -createprop . "/users/username" name username
niutil -createprop . "/users/username" home /Users/username
niutil -createprop . "/users/username" realname "User Name"
niutil -createprop . "/users/username" shell "/bin/bash"
(or shell of your choice from /etc/shells)
niutil -create . "/groups/username"
niutil -createprop . "/groups/username" name username
niutil -createprop . "/groups/username" gid <same number as above>
niutil -createprop . "/groups/username" passwd "*"
niutil -createprop . "/groups/username" users username
if you want your new user to be an admin:
niutil -appendprop . "/groups/admin" users username
set the password:
dscl . -passwd /Users/username <the password>
Of course, if you have root access, you could probably just use dscl on the existing account to change the password and move on with your life. It doesn't prompt for the old password.
As for your other question about the hash:
niutil -read . "/users/username"
Look for "generateduid" in the output
Now, the password hash for that user is at:
/var/db/shadow/hash/<generateduid>
And, just because I'm a nice guy, here's a password hash that corresponds to the password 'password':
http://ignorant.net/hash.txt
Maybe I should mention I'm in single user mode, if that matters.
-edit- OK, control C is interupt... no luck so far. When I tried to make a new user, it sat there until I interupted it as wel.
In single user mode its entirely possible (probable) that the directory service stuff isn't running. I'd just swap out the hash and use System Preferences to add yourself a new admin account.
OSX doesn't store that password anywhere else, or keep an eye on the file, or anything vaguely security related besides keep the directory non-readable, so you are fine to simply swap the file out.
edit: oh, and if you do that, and log in, and discover that the existing account isn't an admin (because the guy that sold it to you was a dick), you just need to add the user to /etc/sudoers in single user mode:
username ALL=(ALL) ALL
then you can sudo the appendprop line from above and add the user to the admin group menially.
-edit- It still won't let me niutil -read . /users/USERNAME . I wait 10 minutes and I have to interupt it because it's just sitting there.
Man, I'm so useless at all of this.
just edit the file in /var/db/shadow/hash, it should have contents that look similar to the file I have linked, delete the single line that's in there, and paste in the line from hash.txt
If you can't get niutil to work so you can't find the generated uid for the user, then it gets a bit harder. If there's only one user defined, odds are there's only a single .state file, so the file you want to replace will be named the same as .state, just without the extension. If there's a lot of .state files.. I think those are only used for user passwords, so you could just change all of the files without danger, but you might want to copy the existing files out of the way first.
Assuming you don't know unix at all, type this;
# cd /var/db/shadow/hash
# mkdir /var/root/shadowbackup
# cp * /var/root/shadowbackup
# vi <generateduidfile>
type 'dd'
^ this will delete the existing hash line
type 'i'
^ this will put you in insert mode
type in the code from the hash I gave you, make sure you get all the 0's. File should be ~1240 bytes when you're done.
press 'esc'
^ this will leave insert mode
type ':w!'
^ this will write out the file
type ':q'
^ this will exit vi
# chmod 600 <generateduidfile>
and in theory you should be done.
edit: apparently vbulletin thinks one of my vi commands is a smily, fixed.
Thanks again.
-edit- Nope.
"If I were you" I would visit a nafarious site on a PC, download a CD iso image, burn and reset it.
Also:
"If I were you" I would never, ever, ever take it by a Apple store. If its stolen, it WILL be listed as such on Apple's SN database when they check warrenty status.
....Sorry but that's wrong...I have 30 identical iMacs and I promise you I use any old boot disk on any of em just fine.
If you and your friend have minor revisons of the same model the drivers could very well be different.
(*Apple does this quite frequently...a minor revision update but still under the same product model series)
Edit: MacOSX is very portable (easily moved from hardware to hardware) as long as the hardware existed when that version came out.
(*New models need updates/drivers to work). I currently have a MacOSX transcript that will deploy to any PPC/Intel mac supported by 10.4)
Hmm.
And this is Tiger right? 10.3 the hashes are a little different. Did the old hash you replaced have a ton of 0's in it, or was it just a short hash string?
If you aren't sure, you can run uname -a at the prompt, and you'll get something like:
Darwin <your computer name> 8.8.0 Darwin Kernel Version 8.8.0: Fri Sep 8 17:18:57 PDT 2006; root:xnu-792.12.6.obj~1/RELEASE_PPC Power Macintosh powerpc
Just for giggles I readded my test account and generated a new hash if you are feeling like you want to try a new one, but lets check the rest of the stuff first.
You are using the right username right? ;p
edit: of course its tiger, didn't notice that it was an intel box. Hrm.
Actually, yeah, I just checked, his machine is 1.5 ghz, mine is 1.67.
mount -uw / *return*
mv /var/db/netinfo/local.nidb /var/db/netinfo/local.nidb.old *return*
reboot *return*
I LOVE YOU I LOVE YOU
It's running the setup assitant right now.
Thanks to everyone who helped.
I knew I was forgetting something obvious.
Also, if you call Apple tech support and tell them you bought the Mac used and it has no install discs included they usually sell you the copies that came with the computer, not a retail boxed copy of Tiger. So it's like 20-30 bucks a disc.
I bought myself a macbook a couple of months ago and i've been immersing myself among its great eyes of candy.
However, i'm wondering apart from booting the OS X dvd to use stuff like disk utility (if something goes pear shaped) is there a mac equivalent of say BartPE?
I know my way quite thoroughly around Windows and Linux to use various utils and bootcd's but i've yet to really find the mac equivalent of knoppix (or one of the security linux livecds) and bartpe + ubcd.
I suppose if anything ever goes pear shaped I could roll my own linux cd with hfs filesystem support.
---
I've got a spare copy of Portal, if anyone wants it message me.
http://gentoo.osuosl.org/experimental/ppc/livecd/
Like I said, it isn't that major.. I can roll out my own kernel for a livecd or something with hfs support etc. Was mostly wondering if there was something already out there really.
---
I've got a spare copy of Portal, if anyone wants it message me.
Spend it wisely.
---
I've got a spare copy of Portal, if anyone wants it message me.