Grabbing and cracking macOS password hashes (with dscl and hashcat)
Вставка
- Опубліковано 26 січ 2023
- Let's look at the dscl utility on macOS that allows hackers to query directory services information, including extracting sensitive fields such as the password hash. An admin can extract the ShadowHashData and then attempt to crack the hash with a tool such as hashcat.
This is a post-exploitation technique to be aware of as Red and Blue Teamers and build tests and detections for.
As always: Pentesting requires authorization from proper stakeholders. Do not engage in testing/targeting any accounts that you do not own. - Наука та технологія
So, you're already elevated. That's most definitely worth mentioning at the beginning of this video and in the description.
Thanks for watching! Sorry for not being clear enough, description mentions both the need to be admin and that it’s a post-exploitation scenario. Hope the video was still useful though.
lmao, facepalm
Great video, Red. You deserve WAY more subs!
Thanks for the comment, really appreciate it! 😀
How could I contact you ? I got a problem with my school computer
How do you use Hashcat on Apple scullion
Hi, I'm having an issue with the 'wordlist' section at the end.. I don't have a wordlist file.. how to create one or where to find?
Here are some good examples: github.com/danielmiessler/SecLists
It keeps saying signature unmatched No hashes loaded. I tried putting in the example hash from the website too and it has the same issue. Do you know what the problem is or how to fix it?
Interesting, sorry not sure if I can help much. Maybe there is a copy/paste error or typo when putting the strings together in the hashcat line? I got it to work many times.
So I have a friend wanting me to crack the password on their macbook, I am only familiar with windows personally but know hashcat well enough, basically am I able to run this DSCL even if you can't get into the computer? like I said i'm not familiar with macbook all I know is they can't get into the computer.
Try booting the mac into single user mode by holding command+S on boot? dscl might require some dependancies that single user does not load so I'm not sure? If that fails you can always try KonBoot to gain access first, then open terminal and go from there to actually get the password hash.
@@FleaMarketSocialist Yeah thats what i'm going to try, what about doing the root trick i know it's 5 years old but this may be an older laptop since it was his late dads. the trick is from the video ua-cam.com/video/IPsUM48H4MY/v-deo.html which crazy allows you to log into a root account or something.
What wordlist file do you use?
Depends, a common source to get started is: github.com/danielmiessler/SecLists. Also, quite significant are the mutations and rulesets that are being used by the way.
@@embracethered thank you!!