Admin passwords
#1
Is there any way I could get an admin password from just the files on my computer? I don't think it's possible but thought it would be worth an ask as I could disable all the security filters on my school computer. I could say I need something and use a keylogger but I would prefer the other way.
Reply
#2
Your passwords are stored on:

If you use Linux, /etc/passwd and /etc/shadow. With both files you can decrypt all passwords in the machine.
If you use Windows, they are on the files %/SystemRoot%/system32/config/sam (or %/SystemRoot%/NTDS/ntds.dit you you are on a server) and %/SystemRoot%/system32/config/system. Same story, with both you can decrypt the passwords. Those files are protected while your system is on, so you have to make a shadow copy or get then with a forensics tool. You can also find the on hklm\sam and hklm\system registers, if you have privileges.

Those are the general users of your machine. If we are talking about a specific program/system, they probably are on other places.
Reply
#3
(10-26-2021, 11:11 AM)Corvo Wrote: Your passwords are stored on:

If you use Linux, /etc/passwd and /etc/shadow. With both files you can decrypt all passwords in the machine.
If you use Windows, they are on the files %/SystemRoot%/system32/config/sam (or %/SystemRoot%/NTDS/ntds.dit you you are on a server) and %/SystemRoot%/system32/config/system. Same story, with both you can decrypt the passwords. Those files are protected while your system is on, so you have to make a shadow copy or get then with a forensics tool. You can also find the on hklm\sam and hklm\system registers, if you have privileges.

Those are the general users of your machine. If we are talking about a specific program/system, they probably are on other places.

I am on mac, any way I could do that on mac?
Reply
#4
1. i really shouldnt have to say this, but trying to hack your school computer that is fairly locked down and is likely being monitored to some extent is not a smart idea.

2. the information disclosed in this post is for educational/theoretical study/use ONLY. i do not condone nor encourage any practical activities or scenarios arising as a result of this post.



mac is weird in the sense that it doesnt store the user account data all in one single file, rather it stores data of each individual account in its own individual file.

unfortunately, most ways to read even the hashed passwords requires some kind of elevation (i.e. sudo) so it looks like you might need some kind of priv.esc exploit to read anything.

at the same time, it looks like the root user is disabled by default, rather admin accounts belong to a root group (or rather a group that can `su` or something.) https://support.apple.com/en-us/HT204012

now, this only applies to local accounts. you mentioned this is a school laptop, so it's probably more likely that it's a network account setup, in which case there probably isn't any interesting userdata stored on your computer.



in short:
-- you probably need privilege escalation
-- if you have privilege escalation, there's no need to go any further by trying to get an actual root account.
Reply
#5
(10-27-2021, 07:46 PM)poppopret Wrote: 1. i really shouldnt have to say this, but trying to hack your school computer that is fairly locked down and is likely being monitored to some extent is not a smart idea.

2. the information disclosed in this post is for educational/theoretical study/use ONLY. i do not condone nor encourage any practical activities or scenarios arising as a result of this post.



mac is weird in the sense that it doesnt store the user account data all in one single file, rather it stores data of each individual account in its own individual file.

unfortunately, most ways to read even the hashed passwords requires some kind of elevation (i.e. sudo) so it looks like you might need some kind of priv.esc exploit to read anything.

at the same time, it looks like the root user is disabled by default, rather admin accounts belong to a root group (or rather a group that can `su` or something.) https://support.apple.com/en-us/HT204012

now, this only applies to local accounts. you mentioned this is a school laptop, so it's probably more likely that it's a network account setup, in which case there probably isn't any interesting userdata stored on your computer.



in short:
-- you probably need privilege escalation
-- if you have privilege escalation, there's no need to go any further by trying to get an actual root account.

Epic, thanks for the help. The laptop is monitored through an application called DyKnow if you know anything about it. Macs are intresting in the ways that they work but thanks for the reference!
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Using browsers cache to get passwords enmafia2 10 30,663 07-22-2021, 01:12 AM
Last Post: AXIL#SaintV
  Insights About Emails and Passwords Corvo 1 9,664 04-29-2021, 04:45 PM
Last Post: Wipe_TS
  Unhackable Passwords Guide DeepLogic 1 8,929 06-10-2020, 10:13 AM
Last Post: enmafia2
  The 25 Most-used Passwords Nerdie 1 11,041 02-20-2016, 03:13 PM
Last Post: Sehaal