Difference between revisions of "Escalate Privileges on Mac OS X"
From Secure Computing Wiki
(→Lock it Down) |
(→Lock it Down) |
||
Line 21: | Line 21: | ||
== Lock it Down == | == Lock it Down == | ||
In Mac OS X 10.4 and later, simply setting an Open Firmware, or EFI firmware password will prevent booting into single-user mode without the firmware password. You can view Apple's Knowledge Base articles here: | In Mac OS X 10.4 and later, simply setting an Open Firmware, or EFI firmware password will prevent booting into single-user mode without the firmware password. You can view Apple's Knowledge Base articles here: | ||
− | * [http://support.apple.com/kb/HT1352 Setting up firmware password | + | * [http://support.apple.com/kb/HT1352 Setting up firmware password protection in Mac OS X] |
Revision as of 10:25, 13 February 2009
This is a rewrite of the article from Hackszine on 2/13/2009.
Introduction
Mac OS X has very few core differences in operation from a standard Unix operating system. In many cases, a trick that works on Linux or FreeBSD will work, with little modification, on Mac OS X. We'll apply this to escalation of privileges. We do this the same way a root password is recovered on Linux or BSD systems.
How To
- First, reboot the machine into single-user mode. Do this by holding the Command-S key combination until the machine has booted.
- Once booted, mount the file systems read-write. Most default-installed Mac OS X systems only have one partition:
:/ root# mount /
- Now. we need to launch directory services.
:/ root# launchctl load /System/Library/LaunchDaemons/com.apple.DirectoryServices.plist
- Add the user to the admin group.
To add the group membership to a user, use the following command:
:/ root# dscl . append groups/admin users <username>
- Using one of the two following commands, verify the user has been added to the admin group:
- groups <username> -or-
- dscl . read groups/admin users (there is a space on either side of the period)
Lock it Down
In Mac OS X 10.4 and later, simply setting an Open Firmware, or EFI firmware password will prevent booting into single-user mode without the firmware password. You can view Apple's Knowledge Base articles here: