Calling All Hackers

9 replies [Last post]
Offline
Joined: Aug 11 2004
Posts: 1

Can Anybody tell me why it is so easy to change the admin password, All you have to do on Mac OS X is
1. Shut down your computer
2. Start Up Holding Command+S Until You get a Unix Prompt Mac
3. Type "/sbin/fsck -y"
4. Type "/sbin/mount -uw /"
5. Type "/sbin/systemstarter" Mac OS
6. Type "passwd [Username]" ( [Username] means the username you want to change the password for)
7. You Will be asked for the new password 2 times
8. last Type "reboot" Tongue

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
Eudimorphodon's picture
Offline
Joined: Dec 21 2003
Posts: 1204
There is no security...

without physical security. If someone can get to your machine to reboot while holding down a key, they can probably compromise it no matter what OS it's running.

Some other UNIXoids require that you know the root password to get in when booted to single user mode. (Most modern Linux distributions and recent Solaris versions, for instance.) But of course, in those cases someone could just force the machine to, say, boot from a CD-ROM, mount the "/" partition on the disk, chroot to it, and modify the password of their choice. Windows can be broken by booting a floppy with a password database munger... etc, etc.

Simple rule of thumb: Don't let people you don't trust touch your machine. And if you're really paranoid, encrypt your filesystem.

--Peace

eeun's picture
Offline
Joined: Dec 19 2003
Posts: 1891
Also keep in mind that OS X i

Also keep in mind that OS X intended for both business and home users. It would be poor marketing to sell an OS that people are inevitably going to lock themselves out of without having a back door that tech support or their IT can walk them through over the phone (unless you're Dogbert Wink)

You could do similar with At Ease back in the early 90s. Figuring this stuff out is half the fun.

__________________

"Give a man a fire, he's warm for a day. Set a man on fire and he's warm for the rest of his life."
(Terry Pratchett)

Offline
Joined: Dec 20 2003
Posts: 234
Re: There is no security...

Eudimorphodon wrote:

But of course, in those cases someone could just force the machine to, say, boot from a CD-ROM, mount the "/" partition on the disk, chroot to it, and modify the password of their choice.
--Peace

I can say that I have done that to every Major Unix OS except Tru64.

I remember back in 98 or so I talked a guy down $100 on a SGI Indy because he did not have the root password. I borrowed a set of Irix discs and was in under 5 min. The hardest one I ever did that on was a HP PA-Risc machine with HP-UX. Took me a month to figure out how to boot the thing from a CD. I can't remember what exactly the difficulty was in doing it but I think I ended up having to boot from tape or something.

__________________

The lazy man would rather exert himself than make two trips. -- Slovenian saying

Kurenai's picture
Offline
Joined: May 28 2004
Posts: 82
Well duh..

Any password to anything can be craked or changed, its just a matter of time/effort to do it. this seems easy even to me, and i know almost nothing about unix! my solution to this problem? don't let your laptop out of your sight, and put your destop system somewhere(I.E. bedroom) where most people wont be able to jsut sit down and mess with it without you noticing. best security mesures i can think of...

Eudimorphodon's picture
Offline
Joined: Dec 21 2003
Posts: 1204
Re: There is no security...

redrouteone wrote:

I remember back in 98 or so I talked a guy down $100 on a SGI Indy because he did not have the root password. I borrowed a set of Irix discs and was in under 5 min.

I "rooted" my (free) Indy by compiling the XFS filesystem patches to the kernel on a Linux machine and hanging the drive from the Indy on its SCSI controller. (At the time I had neither Irix CDs or a bootable CD-ROM drive for the system.)

Admittedly, steps like that are a bit more invasive then changing a password on OS X, but a motivated data thief could to it in 10 minutes alone with the machine. Which just emphasizes the point.

--Peace

performaman's picture
Offline
Joined: Dec 20 2003
Posts: 209
BIOS Boot Password

And if your BIOS allows you to have a password to boot the machine, USE IT! It's in BIOS and probably more difficult to crack than an OS password.

__________________

Egg freckles?

Eudimorphodon's picture
Offline
Joined: Dec 21 2003
Posts: 1204
Re: BIOS Boot Password

performaman wrote:

And if your BIOS allows you to have a password to boot the machine, USE IT! It's in BIOS and probably more difficult to crack than an OS password.

Not really, unless you have an IBM Thinkpad. (Most BIOS passwords can be cleared by resetting the CMOS.)

And if you do have a Thinkpad, you'll seriously regret setting a BIOS password after you forget it. (And have to pay IBM for a new motherboard.)

--Peace

eeun's picture
Offline
Joined: Dec 19 2003
Posts: 1891
I had a Fujitsu E-series in a

I had a Fujitsu E-series in a bulk lot of lappies I'd purchased that was bios password protected. Fujitsu recommends shipping the laptop off to Cypress or Singapore or some darn place, and they'll re-flash the bios and send it back. Supposedly very secure, those Fujitsus.

Alternatively, I spent five minutes on google and found a dos program that'll reset the bios from a floppy.

__________________

"Give a man a fire, he's warm for a day. Set a man on fire and he's warm for the rest of his life."
(Terry Pratchett)

Jon's picture
Jon
Offline
Joined: Dec 20 2003
Posts: 2804
IIRC my first laptop, a Packa

IIRC my first laptop, a Packard Bell Statesman, had a horrid BIOS password setup. When you typed in the password it would register an incorrect attempt at the first incorrect key that was typed. You just started at 'a' and kept following the alphabet until it accepted the first key without error. Then you did it again 'first-key'-'a', etc. until it let you in. Way, way, way too easy. I've hated PBs ever since and fully regret spending the $500 (new) on the POS. Of course security that crappy can only come during the days after the release of Win 95, one reason I got the lappy so cheap as everything still running 3.x (the PB had 3.11) was being cleared from stock.

__________________

I am not in this world to live up to other people's expectations, nor do I feel that the world must live up to mine. - Fritz Perls