lion

Crack Password Hashes in OS X Lion

This guide will NOT WORK with Mountain Lion 10.8. Please view our new, updated guide for Cracking Passwords in Mac OS X Mountain Lion

This guide is an updated version of our extremely popular guide, Decrypt OS X User Account Passwords. The guide has been updated to work with Lion 10.7.

Requirements

    • Physical access to the machine.

If you need to crack passwords on Tiger, Leopard, or Snow Leopard, please use our tried-and-true Decrypt OS X User Account Passwords guide.

Procedure

1. Gain Root OR Admin Access

If you don’t have access to an administrator already, you need to acquire root access.

If you don’t have admin access, boot the computer into Single-User Mode by holding CMD+S on startup, mount the drive, and type the command:

/sbin/mount -uw /

Followed by:

launchctl load /System/Library/LaunchDaemons/com.apple.opendirectoryd.plist

And finally:

passwd

Then, enter your new root password when prompted twice. After the password has been reset, type:

restart

And hit return/enter.

2. Log In

Log into an administrator account that you have access to on the computer, or, if you don’t have access to one, select “Other” in the Login Window (only if you have User Account Pictures enabled), and enter “root” as the username, and then the password that you just set.

3. Download Utility

For 10.7, we’ll be using the DaveGrohl utility to both crack the password and extract the hash.

The utility works by extracting the hash from the User Profile, which is located in:

/private/var/db/dslocal/nodes/Default/users/.plist

Withreplaced with the name of the target user. It pulls the hash from the ‘ShadowHashData’ field and begins cracking.

NOTE: It appears that the usual download link isn’t working, so we’ve put up a mirror:

Download the DaveGrohl 10.7 cracking utility (MIRROR).

4. Open Up Terminal and Open the Directory

Once you’ve downloaded the utility, open up Terminal and type:

cd Downloads/DaveGrohl

5. Crack The Password

Type the following to begin cracking the password:

sudo ./dave -u

Replacing with the shortname of the target user and entering your password when prompted (it will not prompt you for a password if you’re logged into the root account).

That’s It!

DaveGrohl will begin cracking your password via wordlists and then continue with brute-forcing until it gets the password.

It can take quite a bit of time, depending on the complexity of the password, so be patient! Passwords we’ve cracked have ranged from a few seconds to several days.

When DaveGrohl has successfully cracked the hash, it’ll spit out a message like this:

-- Found password : 'banana'
-- (dictionary attack)

Finished in 0.772 seconds / 51,860 total guesses…
67,209 guesses per second.

5. Optional: Extract Hashes

If you only have a limited window of access to the target computer, DaveGrohl can give you the hash formatted for cracking in John The Ripper, so you can crack the password on a computer of your choice at your convenience. We cover how to use John in our other guide, so check that out if you’re interested.

To extract a correctly formatted hash, use this command:

sudo ./dave -j

Replacing with the target user’s shortname, and again, entering your password if prompted.

You can then copy and paste the output into a .txt file and load it into John.

Advanced Options

Here are a few advanced options that can be used when cracking passwords with DaveGrohl. Type:

sudo ./dave

before entering any of the following parameters.

-u username : Crack a user’s password.
-i : Incremental attack only.
-c chars : Specify possible characters in the password.
-m # : Specify minimum length of the password.
-M # : Specify maximum length of the password.
-v : Verbose mode. (hella slow)
-j username : Dump a user’s password hash formatted for John the Ripper.
-h : Help

Let us know in the comments if this worked for you!

124 Comments

  1. Zack Carlson

    08.03.2011

    Reply

    Hey Guys!
    Dave Grohl should work fine on OS X Tiger and anything newer. If it doesn’t for you, please email me with details so I can fix it. youarestupid@davegrohl.org

    • pat

      05.13.2012

      Hi so my problem is when i type sudo ./ -u i keep getting command not found. I followed everything, whats wrong?

  2. FaintestEdge

    08.03.2011

    Reply

    First!

  3. dan

    08.12.2011

    Reply

    If you don’t have access to an administrator already, you need to acquire root access.

    If you don’t have admin access, boot the computer into Single-User Mode by holding CMD+S on startup, mount the drive, and type the command:

    passwd

    here i get an error that says The daemon encountered an error processing request.. wha am i doing wrong?

    • Jeff Browning

      08.14.2011

      Did you remember to mount the drive?

    • Jonathan

      02.06.2012

      Remember if you’re trying this on your own computer to check for corrupt files and generally find the bad things in your system (fsck -fy) and then mount it mount -uw /

      if you don’t know the users (which is useful if you’re hacking someone else) type ls /users/ this will give you a list of all users that can log into the computer

      after that type passwd
      change the password
      type reboot
      and screw everything up >:D

      hope this was usefull

    • jadada

      05.25.2012

      i did this but it still wont work

  4. Vincent2128

    08.12.2011

    Reply

    The first step, gaining admin/root access, didn’t work for me. ‘passed’ showed up that ‘a daemon had encountered and error’ or something of that caliber. Help anyone?

  5. Vincent2128

    08.13.2011

    Reply

    1 more thing, I meant ‘passwd’ not ‘passed’ up there…(Dangnammit spellchecker)

  6. Vincent2128

    08.17.2011

    Reply

    How do you mount the drive?

    • Jeff Browning

      08.17.2011

      The system prompts you to enter it when you enter Single-User Mode. It’ll say something about making modifications to the file system, and then tells you to enter this command:

      /sbin/mount -uw /

      (Make sure you remember the space in between the -uw and the /)

    • Jonathan

      02.06.2012

      you don’t necessarily need the /sbin/ but the space inbetween the mount -uw/ is very very important!

  7. macuser

    08.19.2011

    Reply

    I’m getting the daemon too, in spite of following directions above. My system is telling me that it’s booting up as read-only, if I want to alter files, type /sbin/fsck -fy and then /sbin/mount -uw / but I did that and no luck, message says the daemon encountered an error processing request, then back to :/ root#

    • Jeff Browning

      08.23.2011

      Were you able to successfully mount the drive with “/sbin/mount -uw /”?

      Then what command did you enter?

  8. gilles

    08.20.2011

    Reply

    hello
    i did what you say, but seems doesn t work
    i did enter in enter Single-User Mode by pressing CMD+S on startup
    then mount the drive by typing /sbin/mount -uw /
    until this step it works but after you says we have to type passwd, when i do a meesage appear :
    a deamond encountered an error

    can you please help out thanks a lot

    • Jeff Browning

      08.23.2011

      Okay, I think I’ve figured this out.

      Instead of booting into Single-User Mode, boot into Recovery mode by holding Option+R on boot. Then go into Disk Utility and open Terminal, then enter in this:

      write resetpassword

      Select root as the account, and set the root password, then restart your machine.

  9. G

    08.20.2011

    Reply

    Hi I really need some help. I tried this on the forums and no one could help. I need a way to be able to get the password hash without using Dave Grohl’s application. I need just a few commands that I can type into terminal or single user mode and get the hash.

    Thanks for your help,
    G

    • Jeff Browning

      08.23.2011

      I’m pretty sure you did NOT ask on the forums for two reasons:

      1. There is no topic by anybody asking for this information
      2. The information is already in a thread labeled “Cracking 10.7 Lion Password Hashes: Going a bit more in-depth”

      People on the forum can ALWAYS help, so please, feel free to actually use it next time!

      The command is this:

      dscl . -read /Users/Username ShadowHashData | cut -f9-25 -d" " | cut -f3 -d ":" | tr -d ' '

    • classified

      06.13.2012

      the code dscl . -read /Users/Movie Master ShadowHashData | cut -f9-25 -d” ” | cut -f3 -d “:” | tr -d ‘ ‘ didnt work!!!!!!!!!!!!!!!!!!!!!!

  10. Vincent2128

    08.26.2011

    Reply

    ^^^^^
    ‘Okay, I think I’ve figured this out.

    Instead of booting into Single-User Mode, boot into Recovery mode by holding Option+R on boot. Then go into Disk Utility and open Terminal, then enter in this:

    write resetpassword

    Select root as the account, and set the root password, then restart your machine.’

    In that case, you would probably be better off editing the article rather than answering everyone’s questions.

    • Jeff Browning

      08.28.2011

      Yeah, I agree. Article is updated with new instructions.

    • bryan

      01.28.2012

      how do you open up terminal after starting disk utility in recovery mode?

  11. Zack

    08.27.2011

    Reply

    ‘passwd’ doesn’t actually know how to change a user’s password anymore. Instead, it asks the guy in charge of user accounts ‘opendirectoryd’ to do it for him. In single-user mode, you have start the open directory daemon before you can reset anybody’s password.

    The commands are:

    /sbin/mount -uw /
    launchctl load /System/Library/LaunchDaemons/com.apple.opendirectoryd.plist
    passwd username

    Depending on the specific version of OS X, passwd is sometimes smart enough to do this for you, but don’t count on it.

    • Jeff Browning

      08.28.2011

      That’s awesome Zach, I’ll update the article — That should clear up the issues.

    • Apollo

      01.18.2012

      Ah, don’t forget an important step that grants writing permissions on HD:

      /sbin/fsck -fy

      _then_ mount it.

      Apollo

  12. MaxHax

    09.11.2011

    Reply

    Ok, this is what happens to me:

    first of all, when i try to extract the hash by typing ‘/private/var/db/dslocal/nodes/Default/users/.plist’ in Terminal, it says:
    -bash: /private/var/db/dslocal/nodes/Default/users/.plist: Permission denied

    also, when i try to cd into the Downloads/DaveGrohl folder, it says:
    -bash: cd: /Downloads/DaveGrohl: Permission denied

    I have Admin access so this should work, according to your requirements, right?

    Please help me,

    Max

  13. Fred

    09.22.2011

    Reply

    hi, please help with the exercise:
    I am in Lion 10.7.1
    Cmd-S
    :/ root# mount -uw /
    :/ root# launchctl load /System/Library/LaunchDaemons/com.apple.opendirectoryd.plist
    :/ root# passwd
    New password:
    Retype new password:
    passwd: Could not verify credentials because directory server does not support the requested authentication method.
    :/ root#
    What am I doing wrong?

    • Jeff Browning

      10.23.2011

      Check your spelling on your commands.

    • Apollo

      01.18.2012

      “Could not verify credentials” : probably a permission error.

      @include before all else:
      /sbin/mount -uw /
      and
      /sbin/fsck -fy

      If you forget these, know that if you read through that startup info you’ll find all the references and cmds you need.

  14. Sal

    09.26.2011

    Reply

    I tried this on my password for just about everything and it took 7.9 seconds to crack it… Time to get a new password…

  15. Dave

    10.14.2011

    Reply

    I am trying to use John the Ripper to break the Lion user password. I have tried the command that works on 10.6 salted hashes and variations but JTR doesn’t recognize the 10.7 hash. I have the latest version of JTR with the jumbo patch that supports Lion Sha512. I used Dave Grohl to extracted the salted hash and I have done it manually.

    Can someone help me with correct command for JTR and Lion?

    Thanks
    Dave

    • Jeff Browning

      10.23.2011

      What OS is the machine that you’re trying to crack on? Also, have you read our older guide on decrypting passwords in 10.5 and 10.6? The commands should be the same on those systems for JTR.

    • Louden

      04.05.2012

      I am using the DaveGrohl application but i get as far as it starts to brute force, but my password is 6 characters, the app is going up to 8 and just staying there. is there a way that i can do this possibly using Jack the Ripper, or some other password cracking app? And if you reply to this, can you write it so a 15 year old could read it? im not that smart in this feild

      -Louden

  16. Eigle

    10.21.2011

    Reply

    Hi, I am using Lion OSX. I’m trying to use terminal for a first time and then I have to type in the password it doesn’t work. I mean I can’t type anything at all. (I am using admin user). why is that? and what should i do about it?

    • Jeff Browning

      10.23.2011

      Hey Eigle – It actually IS working. Terminal just doesn’t show any feedback when you’re entering the password. If you enter the password (even if it looks like you’re not typing), and then hit return, it should log you right in.

  17. Lucas Riccio

    10.23.2011

    Reply

    After doing the process i only have one problem, when i turn my computer on, i need to delete the option that says login as other, because that gives away what i’ve done, how can i make it so that on the login screen i can only see the 2 users i used to see and not see the “other…” option ? please reply

  18. Ben

    10.25.2011

    Reply

    Hey, great guide i followed everything and it works 100%.
    But after using the root account i was not able to remove its icon from the login screen. I went into the System Preferences then to Users and the root account was not included in the list of accounts. Is there a way to remove the icon for the ‘root’ account from the login screen?

  19. Wondering (Newb)

    10.26.2011

    Reply

    Just wondering, does “Dave Grohl” work on Leopard or Snow leopard?

  20. tony

    11.01.2011

    Reply

    Let’s say I know that a password starts with a certain letter or a string of letters but don’t know the remainder. Is there a way to force Dave or John to start by guessing with a given letter(s)? That would require much less time to guess correctly, right? Thanks!

  21. A name

    11.10.2011

    Reply

    The command is reboot, not restart.

  22. achraf

    11.20.2011

    Reply

    i have a question, i succesfully reset my password but now i have an extra acount called OTHERS…
    how can i remove this account?

  23. Miles

    11.20.2011

    Reply

    When using the recovery mode is there anyway to find out what the old password is? I’ve already tried the Command-S option and yet to try the Option-R. If not is there any way to find out the old password?

    I’ve already tried:

    root-passwd

    and

    the old codes that you had up before. It’s been a while since I looked at the site or anyone has posted so I’m not too sure if I will get a reply. From what it looks like the new codes should work for figuring out the old password so I’ll save the option-R for later until I know for sure.

    • Miles

      11.20.2011

      Also, I’m trying to crack it on 10.7 with lion.

  24. James Grant

    12.04.2011

    Reply

    Hi, So everything worked perfectly, but how do i get rid of the “Other” account icon on my Mac OS Lion login screen?

  25. Cracking up

    12.07.2011

    Reply

    Like Dave, above, JTR doesn’t recognize my hash, whether it was extracted by DaveGrohl or manually per the “Decrypt OS X User Account Passwords” post. So then I reset the root password and logged in as “Other.” (I had thought I’d had an admin password but didn’t know what else to try.) Now, when I follow instructions, I get the same GUID, and Dave gives me the same (bad) hash; but when I try to manually extract the hash in Terminal, it says “No such file or directory.” Ack! What have I done wrong?!?

    By resetting the root password, have I changed the password on the account I’m trying to crack?

    Also, the machine I’m trying to crack is running OS X 10.7.2.

    Thanks in advance for any help. Great post!!

  26. poti

    12.10.2011

    Reply

    http://dazzlepod.com/uniqpass/ has a good password dictionary (over 30 million entries) for use with John the Ripper.

  27. The bear

    12.10.2011

    Reply

    I’m trying to get the admin password reset and tried the steps entered before but the computer is stating:
    Unable to change the password for record root. eDSRecordNotFound
    Then it took me back to root command.
    Please help!!
    Thanks

  28. Bince

    12.13.2011

    Reply

    Hey this works for 10.6.7 right? cause the older guide didnt work at all for me. Well, how to you start this one WITHOUT changing an Admin password? if i do that my admin will know someones changed it, and he will know it was me.

  29. Vince

    12.14.2011

    Reply

    Hi im Using Version 10.6.7 and the other guide did not help me, i was wondering since im not that tech saavy; what does it mean to gain root access? does that mean you don’t have to change the Admin passwd? or is that the admin password?

  30. Arthur

    12.21.2011

    Reply

    After I’ve done all of the steps, I typed in sudo ./dave 17liy2 <— that's my brother's account name. Terminal doesn't do anything. Anyone?

    • Arthur

      12.21.2011

      Oh er, never mind. It’s supposed to be sudo ./dave -u 17liy2, I missed that. Sorry.

  31. ElijahDaProphet

    12.27.2011

    Reply

    Hi, when I restart my computer and hold down option+R on boot it does not do anything. please help!

  32. BrotatoChip

    12.27.2011

    Reply

    I get to the disk utility thingy using the method you said when you replied to gilles’s comment. but when i get into disk utilities, i cannot find terminal anywhere! please help

  33. Michel

    12.28.2011

    Reply

    Am I correct in assuming that this will not work if full disk encryption is enabled?

  34. TJT

    01.11.2012

    Reply

    com.apple.opendirectoryd.plist

    Is not available. I also checked with the ls command and it didnt show..

  35. Baen

    01.22.2012

    Reply

    It’s typing you just can’t see it. I guess they put it like that as a security precaution. Dave Grohl is taking a really long time to crack the password. Any suggestions?

  36. Amy Parsons

    01.25.2012

    Reply

    Hey, I have a problem. I reset the root password, and everything worked up until I restarted the computer. I can’t find a way to login to the root account, there is only the password entry box for the user, and two buttons labelled “guest” and “cancel”. If I click guest it just restarts the computer in a very simple user account in which you really can’t do anything at all.

    Any tips? Perhaps there is a way to change the login method in single user mode? I am new to Lion, but I managed to do it perfectly on Tiger.

    thanks,

    Amy

  37. Aiden

    01.29.2012

    Reply

    IT WORKED =D great job!

  38. Goodie

    01.29.2012

    Reply

    Every time i type in cd Downloads/DaveGrohl it keeps saying -sh: cd: Downloads/DaveGrohl: No such file or directory when I’m taring right at it, what am i doing wrong?

  39. Bovic

    02.03.2012

    Reply

    Hi, I just have two quick questions:
    I do not have access to the root account however do I have access to the local administrator account, will this do? And will I need to input this information anywhere? /private/var/db/dslocal/nodes/Default/users/.plist
    Thanks

  40. Chris

    02.18.2012

    Reply

    How to I remove the “Others” option in the login screen, and can I leave the root user without a password? Thanks great article

  41. hellsbadass

    02.20.2012

    Reply

    Every time I try to enter “sudo ./dave” I get an error message saying “sudo: ./dave: command not found”
    What have I done wrong?

  42. Tom

    02.25.2012

    Reply

    Hi if I enabled the root user on a mac running lion, would I be able to login via ssh and get the hash in the same way as snow leopard? Or do I have to install the davegrohl on the target computer? It would be ideal if I could use ssh to login as the root on the target computer and then run a few commands to give the GUID and then the hash. Just like in snow leopard.

    Thanks
    Great tutorials by the way! Extremely helpful.

    Tom

  43. Cliff

    02.28.2012

    Reply

    I am on Lion OSX. Let’s say that I don’t have administrator access, and am trying to log in as root.
    “Log into an administrator account that you have access to on the computer, or, if you don’t have access to one, select “Other” in the Login Window (only if you have User Account Pictures enabled), and enter “root” as the username, and then the password that you just set.”
    When I start up the computer and get to the login page, there isn’t any option for selecting “Other”. I believe that the User Account Pictures are enabled. Is there any way of logging in as root?

  44. Jake

    02.28.2012

    Reply

    is there a way to make that “other…” account be not visible on the homescreen? i just reset the root password and now that other account just appeared. is there a way to make it go away? because that was never there before i reset the root password with the instructions above

  45. Jake

    02.28.2012

    Reply

    never mind, i figured it out

  46. Marco

    03.04.2012

    Reply

    What if you don’t have acess to “other”. I only have two users showing up in the login window and no “other”. Lion 10.7.1

  47. Marcus

    03.07.2012

    Reply

    Do you have to be logged into a root account to do this? If so, then how do you create a root account.

  48. Jack

    03.11.2012

    Reply

    You said:
    Type the following to begin cracking the password:

    sudo ./dave -u

    Replacing with the shortname of the target user and entering your password when prompted.

    Where (what part) does the short name go?

    lets say my targets short name is jack, would it be
    sudo ./jack -u
    thanks in advance

  49. stella dogcºw

    03.18.2012

    Reply

    What if I am trying to crack an OSX (snow leopard) KEYCHAIN that was removed from the target’s machine and brought to mine? The has has got to be hidden inside it somewhere…

    thanks

  50. Boards of Canada

    03.24.2012

    Reply

    Hi Jeff. I don’t want to crack passwords, but what I would like to do is change my standard account to admin. Your previous article is great, but doesn’t work for Lion. Any ideas how I can go about that?

  51. Neil

    03.25.2012

    Reply

    I get “Is not a command blah blah blah on launchct1

  52. sean

    03.28.2012

    Reply

    hi, whenever i boot into SUM, it says ‘dev/console-on’ and I’m not able to type anything in at all.
    thanks:)

  53. Jolly Imran Yusuf

    04.01.2012

    Reply

    It worked at the first instance…..

    I had several accounts on the Mac and some bugger changed the Admin Previlages.

    I got the root done and now control the Mac

  54. Jeff P.

    04.03.2012

    Reply

    Hey, I did this before to gain root access and undo the parental controls that were severely impacting the use of my iMac. Now, when I go to login as “root”, it tells me my password is incorrect, and parental controls
    are enabled. Is it possible my father did the same thing I did? Also, I tried to do the hack myself, and I do everything right, but when I type in “passwd”. it says “The daemon encountered an error processing request.”. Can you give me any pointers to bypass this? I really appreciate your help for people like me, suffering the cruelty of restrictions. Is it possible he enabled a Firmware password? Thanks!

  55. James

    04.07.2012

    Reply

    Well I got through everything to test out my password. The only problem is that I cannot confirm whether or not it’s working since I know my password is 14 characters and even after i set the minimum and maximum password length ( -m 13 -M14) and it starts at 1 digit passwords up to 12 and it stays there for up to two hours.

    I tried to dump the hash to John the ripper but it only supports up to 8 characters long even after changing the config file. so…. Any suggestions?

    I don’t give up until the problem is solved… and I like these kinds of problems.

    Thanks for any advice.

  56. Ninja123

    04.09.2012

    Reply

    Hi
    Non of these setup didn’t helped me because its hard to hack my laptop because its for school and i need to hack it
    When i press CMD + S it didn’t work
    When i press option + R it didn’t work
    even in the terminal when its say new password i can’t type anything plz if somebody can hack

  57. Ninja123

    04.09.2012

    Reply

    Hi
    Non of these setup didn’t helped me because its hard to hack my laptop because its for school and i need to hack it
    When i press CMD + S it didn’t work
    When i press option + R it didn’t work
    even in the terminal when its say new password i can’t type anything plz if somebody can hack
    till now i didn’t see any video or search helped
    thanks

  58. Ninja123

    04.09.2012

    Reply

    Hi

    Everything i saw in youtube and google about the hacks for the mac lion didn’t helped
    I press CMD +S didn’t work
    i press Option key +R didn’t work
    Even the terminal didn’t work
    its says type new password but when i type it doesn’t type
    please help
    Thanks

  59. Rorz

    04.10.2012

    Reply

    How do you oen terminal in recovery mode?

  60. angry mom

    04.10.2012

    Reply

    Any ideas on how to undo this???? My lovely 13 yr old did this to get around parental controls.

  61. carey34

    05.02.2012

    Reply

    This is what I get – I am the administrator – have I got the wrong short name and if so how do i get the right one?
    Password:
    sudo: ./dave-u: command not found

    H

  62. TristanC

    05.03.2012

    Reply

    Hey, I am using Lion Server and I accidentally deleted my admin group. This has left me with only standard accounts. Can you help me? I really need my computer back!

    Here is my forum post for more information:

    http://www.hackmac.org/forum/topic/981-accidentally-deleted-admin-group-help/

    Thanks :)

  63. Andrew Ferguson

    05.05.2012

    Reply

    Is there any way to delete the root access account after you have created it at start up using CMD+S?

  64. Mandi

    05.10.2012

    Reply

    The error that everyone is getting is the same I got.. It’s corrected by inserting a space after -uw”insert space” /
    This may have been answered already only scrolled through first few comments.

  65. Nick

    05.12.2012

    Reply

    it says permission denied whe i try to get the hash

    • Nick

      05.12.2012

      now it says no such file or directory exists when i look for the hash

  66. pat

    05.13.2012

    Reply

    Hi so my problem is when i type sudo ./ -u i keep getting command not found. I followed everything, whats wrong?

  67. lill

    05.14.2012

    Reply

    Hey I need some help, after i have typed the commands /sbin/mount -uw /

    Followed by

    launchct1 load /System/Library/LaunchDaemons/com.apple.opendirectoryd.plist

    it says launchct1 is an an unknown command :(
    then i tried passwd
    it lets me go into New password: i typed in a new one
    Retype new password: i typed it again, and it says
    psswd: Unable to change the password for record root. eDSRecordNotFound
    What does that even mean!?!??! please reply back! I NEED HELP :(

  68. Mrman

    05.14.2012

    Reply

    hi so i did ” sudo ./dave -j (username)” and i get the hash, but it seems to ‘big’. I was reading your other post, the cracking with John the ripper, and i saw an example hash and the example is much shorter. So obviously I’m doing something wrong.

    But what is it?

  69. peter

    05.17.2012

    Reply

    is there a video to this cause im confused i have acess already but i dont understand what to do when i open terminal

  70. Vincent

    05.20.2012

    Reply

    How do you type in a password for a machine that you don’t know the admin password for to begin with? The user of said machine is usually automatically logged in, however

  71. James

    06.03.2012

    Reply

    I know it can take a minute to crack, but is there a way to tell if it is finished if it can’t break the password?

  72. classified

    06.13.2012

    Reply

    when i went 2 download DaveGrohl it said “account suspended”

  73. Sammy

    06.23.2012

    Reply

    davegrohl.org has been temporarily taken down
    are you guys able to put up a download link on mediafire or something?

  74. DeusEx

    06.24.2012

    Reply

    Hello

    DaveGrohl’s website has been suspended, any alternative links to the application?

    • DeusEx

      06.24.2012

      I found the app, however I am now curious about how to convert the hash DaveGrohl gives into a Sha1 hash. Or did Apple change something, because the hash I recieved is 32 characters long.

  75. quentin

    06.26.2012

    Reply

    hey guys .. i have a little problem ..
    everything was working … (i’m not the administrator of the mac)
    but when i was trying to do the command : launchctl load /System/Library/LaunchDaemons/com.apple.opendirectoryd.plist

    it is just saying that the access is denied .. and after , when i try to do : passed it tells me that daemons met a problem and i can’t do anything more but to exit and ask for help here :)

    do you have any idea of the problem ? my OS version is 10.7.2

  76. Hfosnflanf

    07.04.2012

    Reply

    Just a quick question (sounds kinda nooby tho) when I do the sudo ./dave -u command, what am I supposed to replace with what? The short name is testuser. I’ve tried:

    sudo ./dave -u testuser
    sudo ./dave testuser
    sudo ./testuser -u
    sudo ./testuser -u testuser
    sudo ./dave testuser -u

    They all return either

    sudo: ./dave: command not found
    or
    sudo: ./testuser: command not found

    what kind of noobish mistake am I making?

    • Hfosnflanf

      07.04.2012

      Never mind. I figured it out. Lol. I had to go back to bash and enter sudo.

      Thanks for the tutorial, it’s awesome!

  77. Kid

    07.05.2012

    Reply

    I’m trying to get root access on Snow Leopard. Once I mount the drive I type passwd then the root password and the conformation for it. But then I get this message:
    unable to change password for record root. eDSRecord Not Found
    A little help please?

  78. Reuben M

    07.10.2012

    Reply

    Says -sh: launchtl: command not found

  79. Bhushan

    07.17.2012

    Reply

    Will it keep cracking even when the computer is in sleep?

  80. Jed

    07.27.2012

    Reply

    Anyone test this in Mountain Lion? It worked great in Lion. THanks.

  81. Anon_!

    07.29.2012

    Reply

    Nope! KEep getting this!

    Thread 4: Started 1 digit passwords…
    Thread 3: Started 2 digit passwords…
    Thread 2: Started 2 digit passwords…
    Thread 1: Started dictionary attack. (english.txt)
    Aa: No readable password file.
    AaAaAaCouldn’t get shadow hash.
    : No readable password file.
    : No readable password file.
    : No readable password file.
    Couldn’t get shadow hash.
    Couldn’t get shadow hash.
    Couldn’t get shadow hash.

    • Anon_!

      07.29.2012

      Maybe i’m doing somethin wrong?

  82. Jeffrey Goldberg

    08.02.2012

    Reply

    Thanks! This is just what I needed. (I set a quick admin password one day with a plan to sort things out, but then things got in the way and forgot it when I actually needed it.)

    Also the command to restart from the shell is either

    reboot

    or

    shutdown -r now

    Cheers,

    -j

  83. Aman

    08.13.2012

    Reply

    Does this work in Mountain Lion?

  84. yi

    08.25.2012

    Reply

    i have mountain lion and i tried it and i keep getting no readable password file, can’t get shadow hash. is my system too new?

  85. Henry

    08.26.2012

    Reply

    Unfortunately both links are dead now :(

    • Jeff Browning

      Jeff Browning

      08.28.2012

      Really? I just tested the mirror link we have and it works fine. You just have to click “regular download” and then wait 15 seconds and it will give you a link to click and start downloading.

  86. Juststarted

    09.08.2012

    Reply

    Link is working with OS X10.7. Do you have an update for OS X10.8 Latest Mountain lion. Especially to chk the keychain password..

  87. Paul

    09.10.2012

    Reply

    I love your website but i would like to know if there are other ways you can hack on your terminal and also please make youtube tutorials for us, since I am not a professional hacker and actually suck at hacking. Thank You!

  88. Mountain

    09.14.2012

    Reply

    does this work with mountain lion? i upgraded the computer to mountain lion but the school admin access is still in the computer, i would like to crack its password and spread around their passwords

  89. SC4R3CR0W

    09.18.2012

    Reply

    Wow, hacked my school administrator pass in 1.9 secounds! Amazing thanks guys!

  90. Tomm

    09.21.2012

    Reply

    hi anybody have crack or keygen for CPS accurate accounting software version 4.2 and rene point sale version 2?im really need that

  91. Edward Soto

    09.22.2012

    Reply

    Im a complete noob, and i got it working, it starts to crack the password but then it stopes while cracking it. The exact text i get is this:

    sudo ./dave -u cadmin
    Password:
    Thread 1: Started dictionary attack. (english.txt)
    Thread 2: Started 1 digit passwords…
    Thread 2: Started 2 digit passwords…
    Thread 3: Started 3 digit passwords…
    Thread 4: Started 4 digit passwords…
    Thread 2: Started 5 digit passwords…
    Thread 3: Started 6 digit passwords…
    Thread 1: Started dictionary attack. (rockyou-75.txt)
    Thread 1: Dictionary attack failed.
    Thread 1: Started 7 digit passwords…
    Thread 4: Started 8 digit passwords…

    then it stops, its been like than for an hour or so, can anyone help me?
    email me at es50678@gmail.com

  92. Scott Smith

    09.25.2012

    Reply

    Yes, the DaveGrohl utility does not seem to be working with Mountain Lion. Any way that I can extract the password hash in ML?

  93. Daniel

    09.27.2012

    Reply

    I too have mountain lion and am getting ” No readable password file. Couldn’t get shadow hash.” Is there any fix for this?

  94. Paul

    09.30.2012

    Reply

    I typed restart but it says command not found. I followed all of your instructions. Do I have to type reboot?

  95. thesmallhacker

    10.01.2012

    Reply

    the e-mail address that you give doesn’t work

  96. Mark

    10.16.2012

    Reply

    There is a 2.0 beta version at http://davegrohl.org that works with Lion and Mountain Lion.

  97. Sam Groeller

    11.29.2012

    Reply

    Hi i have been trying many things to try and gain access to an administrator account, i’m using the os x lion

    I open up single user mode and type the command: /sbin/mount -uw /

    Then i type out the next command: launchctl load /System/Library/LaunchDaemons/com.apple.opendirectoryd.plist

    I then type the command: passwd

    And when i go to change the password of the root account no letters come up as i type and even when i press enter twice for both prompts it tells me the account is disabled and I cannot make changes or something along those lines?

    Someone please help me!

Leave a Reply to A name Cancel reply