How to find root password hash without root on osx 10.13 High Sierra

Question

I'm going to be using John the Ripper to decrypt the password hash but I don't know where the hash is stored.

Stack Overflow is for programming questions. You're more likely to find an answer to this on superuser.com. — anothermh, Dec 24 '18 at 03:40

score 0 · Answer 1 · answered Dec 21 '18 at 03:55

The password hash and salt of any user are located here:

/var/db/dslocal/nodes/Default/users/<user>.plist

You will get a Permission denied if you try to access it without sudo.

The only way I know to access it without the sudo password is to reboot in Single User Mode (with command+s)

Once you get there, it's a little tricky to actually get the file and decode it. You have a detailed step by step guide here in the Michael Fairley website (original website no longer available)

How to find root password hash without root on osx 10.13 High Sierra

1 Answers1