Crack User password in OS X Mountain Lion 10.8 [Solved]


    • Mac  machine with OS Mountain Lion.

If you need to crack passwords on Tiger, Leopard, or Snow Leopard, please use this guide.


If you have doubt. Watch this Video tutorial.

1. Gain Root OR Admin Access

If you don’t have access to an administrator already, you need to acquire root access.

If you don’t have admin access, boot the computer into Single-User Mode by holding CMD+S on startup, mount the drive, and type the command:

/sbin/mount -uw /

Followed by:

launchctl load /System/Library/LaunchDaemons/

And finally:


Then, enter your new root password when prompted twice. After the password has been reset, type:


And hit return/enter.

2. Log In

Log into an administrator account that you have access to on the computer, or, if you don’t have access to one, select “Other” in the Login Window (only if you have User Account Pictures enabled), and enter “root” as the username, and then the password that you just set.

3. Download Utility

For 10.8, we’ll be using the DaveGrohl utility to both crack the password and extract the hash.

The utility works by extracting the hash from the User Profile, which is located in:


Withreplaced with the name of the target user. It pulls the hash from the ‘ShadowHashData’ field and begins cracking.

Download the DaveGrohl 10.8 cracking utility. Please visit to download.

4. Open Up Terminal and Open the Directory

Once you’ve downloaded the utility, open up Terminal and type:

cd Downloads/DaveGrohl

5. Crack The Password

Type the following to begin cracking the password:

sudo ./dave -u

Replacing with the shortname of the target user and entering your password when prompted (it will not prompt you for a password if you’re logged into the root account).

That’s It!

DaveGrohl will begin cracking your password via wordlists and then continue with brute-forcing until it gets the password.

It can take quite a bit of time, depending on the complexity of the password, so be patient! Passwords we’ve cracked have ranged from a few seconds to several days, and Apple’s new password encryption scheme with Mountain Lion (PBKDF2) really throttles the speed at which DaveGrohl can work.

When DaveGrohl has successfully cracked the hash, it’ll spit out a message like this:

-- Found password : 'banana'
-- (dictionary attack)

Optional: Extract Hashes

To extract a correctly formatted hash, use this command:

sudo ./dave -j

Replacing with the target user’s shortname, and again, entering your password if prompted.

You can then copy and paste the output into a .txt file and load it into John.

Advanced Options

Here are a few advanced options that can be used when cracking passwords with DaveGrohl. Type:

sudo ./dave

before entering any of the following parameters.

-u username : Crack a user’s password.
-i : Incremental attack only.
-c chars : Specify possible characters in the password.
-m # : Specify minimum length of the password.
-M # : Specify maximum length of the password.
-v : Verbose mode. (hella slow)
-j username : Dump a user’s password hash formatted for John the Ripper.
-h : Help

That’s It .

Thanks to :


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s