Coffeehouse Thread

5 posts

Forum Read Only

This forum has been made read only by the site admins. No new threads or comments can be added.

How to get root on a mac without the password

Back to Forum: Coffeehouse
  • User profile image
    DoomBringer

    http://www.hackmac.org/?q=node/4

    Hey check it out who needs to make fun of UAC with a snarky dumbass advert when you can get root without knowing the password.

    Of course, I wonder if a similar attack is available for other systems.  Making the OS think it is in a preconfiguration state might be possible for other OSes.

  • User profile image
    ManipUni

    If you have unrestricted physical access to the machine you already have root access. This is reproducible with different steps using just about every operating system in existence, except those designed to be completely unmaintained (e.g. The X-Box).

  • User profile image
    W3bbo

    ManipUni wrote:
    If you have unrestricted physical access to the machine you already have root access. This is reproducible with different steps using just about every operating system in existence, except those designed to be completely unmaintained (e.g. The X-Box).


    Yes, but the majority of those often require booting from alternative sources, which you can't do unless the BIOS allows it, but often the BIOS has a password, so you need to open the case to seat the password_reset jumper on the motherboard.

    The point is that this is something you can do in a very clandestine manner.

  • User profile image
    TimP

    It still requires console access to the machine. You can login as root on Linux systems without a password (and change it) if you have physical access to the machine and GRUB isn't password protected. (I've had to do it on abandoned boxes)

    Not that I'm defending the practice, but most server-inspired operating systems focus more on protecting from common attack fronts (remote users, regular user accounts) than people with console access on the machine since they're typically in a secure location. If you can't trust someone to not do this to your Mac, you probably shouldn't let them use it.

  • User profile image
    ManipUni

    W3bbo wrote:
    Yes, but the majority of those often require booting from alternative sources


    It is difficult to create a new admin account from within Windows's safe mode but far from impossible. But considering you basically have admin and can install any drivers you wish I'll leave it to your imagination how one might go about that.

    edit: There is a simple work-around for system admins on this Mac thingy ... Simply edit the .profile for the root account to restart the machine when sh is accessed.

Conversation locked

This conversation has been locked by the site admins. No new comments can be made.