How to get root on a mac without the password | The Coffeehouse

DoomBringer
Doom!

http://www.hackmac.org/?q=node/4

Hey check it out who needs to make fun of UAC with a snarky dumbass advert when you can get root without knowing the password.

Of course, I wonder if a similar attack is available for other systems. Making the OS think it is in a preconfiguration state might be possible for other OSes.

ManipUni
Proving QQ for 5 years!

If you have unrestricted physical access to the machine you already have root access. This is reproducible with different steps using just about every operating system in existence, except those designed to be completely unmaintained (e.g. The X-Box).

W3bbo
The Master of Baiters

ManipUni wrote:
If you have unrestricted physical access to the machine you already have root access. This is reproducible with different steps using just about every operating system in existence, except those designed to be completely unmaintained (e.g. The X-Box).

Yes, but the majority of those often require booting from alternative sources, which you can't do unless the BIOS allows it, but often the BIOS has a password, so you need to open the case to seat the password_reset jumper on the motherboard.

The point is that this is something you can do in a very clandestine manner.

TimP

It still requires console access to the machine. You can login as root on Linux systems without a password (and change it) if you have physical access to the machine and GRUB isn't password protected. (I've had to do it on abandoned boxes)

Not that I'm defending the practice, but most server-inspired operating systems focus more on protecting from common attack fronts (remote users, regular user accounts) than people with console access on the machine since they're typically in a secure location. If you can't trust someone to not do this to your Mac, you probably shouldn't let them use it.

ManipUni
Proving QQ for 5 years!

W3bbo wrote:
Yes, but the majority of those often require booting from alternative sources

It is difficult to create a new admin account from within Windows's safe mode but far from impossible. But considering you basically have admin and can install any drivers you wish I'll leave it to your imagination how one might go about that.

edit: There is a simple work-around for system admins on this Mac thingy ... Simply edit the .profile for the root account to restart the machine when sh is accessed.

In reply to {0}

Download:[Pending]

In reply to {0}

Download:[Pending]

In reply to {0}

Download:[Pending]

In reply to {0}

Download:[Pending]

In reply to {0}

Download:[Pending]

In reply to {0}

Download:[Pending]

In reply to {0}

Download:[Pending]

In reply to {0}

Download:[Pending]

In reply to {0}

Download:[Pending]

In reply to {0}

Download:[Pending]

In reply to {0}

Download:[Pending]

In reply to {0}

Download:[Pending]

In reply to {0}

Download:[Pending]

In reply to {0}

Download:[Pending]

In reply to {0}

Download:[Pending]

In reply to {0}

Download:[Pending]

In reply to {0}

Download:[Pending]

In reply to {0}

Download:[Pending]

In reply to {0}

Download:[Pending]

In reply to {0}

Download:[Pending]