- Mac machine with OS Mountain Lion.
If you need to crack passwords on Tiger, Leopard, or Snow Leopard, please use this guide.
If you have doubt. Watch this Video tutorial.
1. Gain Root OR Admin Access
If you don’t have access to an administrator already, you need to acquire root access.
If you don’t have admin access, boot the computer into Single-User Mode by holding CMD+S on startup, mount the drive, and type the command:
/sbin/mount -uw /
launchctl load /System/Library/LaunchDaemons/com.apple.opendirectoryd.plist
Then, enter your new root password when prompted twice. After the password has been reset, type:
And hit return/enter.
2. Log In
Log into an administrator account that you have access to on the computer, or, if you don’t have access to one, select “Other” in the Login Window (only if you have User Account Pictures enabled), and enter “root” as the username, and then the password that you just set.
3. Download Utility
For 10.8, we’ll be using the DaveGrohl utility to both crack the password and extract the hash.
The utility works by extracting the hash from the User Profile, which is located in:
Withreplaced with the name of the target user. It pulls the hash from the ‘ShadowHashData’ field and begins cracking.
Download the DaveGrohl 10.8 cracking utility. Please visit DaveGrohl.org to download.
4. Open Up Terminal and Open the Directory
Once you’ve downloaded the utility, open up Terminal and type:
5. Crack The Password
Type the following to begin cracking the password:
sudo ./dave -u
Replacing with the shortname of the target user and entering your password when prompted (it will not prompt you for a password if you’re logged into the root account).
DaveGrohl will begin cracking your password via wordlists and then continue with brute-forcing until it gets the password.
It can take quite a bit of time, depending on the complexity of the password, so be patient! Passwords we’ve cracked have ranged from a few seconds to several days, and Apple’s new password encryption scheme with Mountain Lion (PBKDF2) really throttles the speed at which DaveGrohl can work.
When DaveGrohl has successfully cracked the hash, it’ll spit out a message like this:
-- Found password : 'banana'
-- (dictionary attack)
Optional: Extract Hashes
To extract a correctly formatted hash, use this command:
sudo ./dave -j
Replacing with the target user’s shortname, and again, entering your password if prompted.
You can then copy and paste the output into a .txt file and load it into John.
Here are a few advanced options that can be used when cracking passwords with DaveGrohl. Type:
before entering any of the following parameters.
-u username : Crack a user’s password.
-i : Incremental attack only.
-c chars : Specify possible characters in the password.
-m # : Specify minimum length of the password.
-M # : Specify maximum length of the password.
-v : Verbose mode. (hella slow)
-j username : Dump a user’s password hash formatted for John the Ripper.
-h : Help
That’s It .
Thanks to :