Grabbing and cracking macOS password hashes (with dscl and hashcat)

Подписаться 4,4 тыс.

Просмотров 7 тыс.

50% 1

Let's look at the dscl utility on macOS that allows hackers to query directory services information, including extracting sensitive fields such as the password hash. An admin can extract the ShadowHashData and then attempt to crack the hash with a tool such as hashcat.
This is a post-exploitation technique to be aware of as Red and Blue Teamers and build tests and detections for.
As always: Pentesting requires authorization from proper stakeholders. Do not engage in testing/targeting any accounts that you do not own.

Наука

Опубликовано:

26 янв 2023

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист

Посмотреть позже

Комментарии : 17

@fpipe-hg4os 10 месяцев назад

So, you're already elevated. That's most definitely worth mentioning at the beginning of this video and in the description.

@embracethered 10 месяцев назад

Thanks for watching! Sorry for not being clear enough, description mentions both the need to be admin and that it’s a post-exploitation scenario. Hope the video was still useful though.

@ewoltin 3 месяца назад

lmao, facepalm

@FleaMarketSocialist Год назад

Great video, Red. You deserve WAY more subs!

@embracethered Год назад

Thanks for the comment, really appreciate it! 😀

@icarusswitkes6833 Год назад

It keeps saying signature unmatched No hashes loaded. I tried putting in the example hash from the website too and it has the same issue. Do you know what the problem is or how to fix it?

@embracethered Год назад

Interesting, sorry not sure if I can help much. Maybe there is a copy/paste error or typo when putting the strings together in the hashcat line? I got it to work many times.

@JohnDoe-wi7eb Год назад

How do you use Hashcat on Apple scullion

@alexsteiner6103 11 месяцев назад

How could I contact you ? I got a problem with my school computer

@user-lh8fg4ou6i 9 месяцев назад

Hi, I'm having an issue with the 'wordlist' section at the end.. I don't have a wordlist file.. how to create one or where to find?

@embracethered 3 месяца назад

Here are some good examples: github.com/danielmiessler/SecLists

@Kev376 Год назад

So I have a friend wanting me to crack the password on their macbook, I am only familiar with windows personally but know hashcat well enough, basically am I able to run this DSCL even if you can't get into the computer? like I said i'm not familiar with macbook all I know is they can't get into the computer.

@FleaMarketSocialist Год назад

Try booting the mac into single user mode by holding command+S on boot? dscl might require some dependancies that single user does not load so I'm not sure? If that fails you can always try KonBoot to gain access first, then open terminal and go from there to actually get the password hash.

@Kev376 Год назад

@@FleaMarketSocialist Yeah thats what i'm going to try, what about doing the root trick i know it's 5 years old but this may be an older laptop since it was his late dads. the trick is from the video ru-vid.com/video/%D0%B2%D0%B8%D0%B4%D0%B5%D0%BE-IPsUM48H4MY.html which crazy allows you to log into a root account or something.

@Astranix59 3 месяца назад

What wordlist file do you use?

@embracethered 3 месяца назад

Depends, a common source to get started is: github.com/danielmiessler/SecLists. Also, quite significant are the mutations and rulesets that are being used by the way.

@Astranix59 3 месяца назад

@@embracethered thank you!!