Washington Apple Pi

A Community of Apple iPad, iPhone and Mac Users

How to crack Mac OS X passwords

by James Kelly

Washington Apple Pi Journal, reprint information

As we are all aware, Mac OS X is based on BSD. Mac OS X is an UNIX-like operating system (much like Linux and the various other BSD variants FreeBSD, OpenBSD, NetBSD).

So what does that mean?

It means that your Mac is a multi user operating system. While at the present time, only one user can use your Mac at a time sitting in front of it, many users can login via an SSH session and use your Mac simultaneously. If one of those users has an easy-to guess password, the entire system can be vulnerable to being hacked.

Why would we want to crack Mac OS X passwords? Cracking the passwords on your Mac is a way to test the passwords to be sure they are not easily guessed or cracked.

What is a bad password?

What do you mean by cracking a password? Most password crackers work on what is called a dictionary attack. It takes a list of known bad passwords and hashes them and compares them to the hashes in the target machine’s password file. It’s more like automated password guessing.

So how do I crack Mac OS X passwords?

1. Install Developer Tools on your Mac.

2. Surf to http://www.openwall.com/john/

3. Download John the Ripper 1.6 (Unix - sources, 486 KB) it should automatically decompress.

4. If the package john-1.6.tar doesn’t compress, open Terminal and cd to your desktop by

5. Do:

cd Desktop

6. Then do:

tar xvf john-1.6.tar

7. Then do:

cd john-1.6

8. Then do:

cd src
o enter the source file directory.

9. Then do:

make generic

10. After the compilation finishes you should do:

cd ../run

11. Once compilation is complete there should be a binary called “john” in the directory john-1.6/run

12. to start your cracking fun, once you are inside the run directory do:

sudo nidump passwd / > mymacs.passwd

This will create a password file for your mac. You’ll have to enter your administrative password.

13. To actually start cracking you do:

./john mymacs.passwd

14. Wait a long while, this may take some time, days or weeks even. The cracked passwords will be in a file called “john.pot.”

Since this will take a while you might want to run it in the back ground with a low priority:

nice -n 20 ./john mymacs.passwd &

15. John the ripper comes with a sample password file password.lst a list of about 2,290 really bad passwords to use in testing. You can supplement this list with others from the cdrom the site owner is selling which contains dictionaries in several languages.

If you want to keep your kids from cracking the passwords on your Mac do the following:

-r-xr-xr-x 1 root wheel 24024 24 Sep 02:50 /usr/bin/nidump

You might want to remove read and execute permissions from anyone but root.

As root do:

sudo chmod g-xr /usr/bin/nidump


sudo chmod o-rx /usr/bin/nidump

The above commands in Terminal will keep anyone but root from executing the nidump utility. You of course will have to have the root account enabled to do this. I would suggest consulting http://www.macosxhints.com for instructions on how to enable root.

To Find out more:

Mac OS X Security by Bruce Potter, Preston Norvell and Brian Wotring, New Riders Publishing 2003

Mac OS X Maximum Security, A hacker’s Guide to Protecting your Mac OS X Workstation and Server by John Ray and William C. Ray, Sams Publishing 2003

“ Using John the Ripper to Crack Unix Passwords”

“ Cracking Unix password files for beginners,” by Caboom