First we need to get an idea of how to get root access.
The easiest way would be to make a keylogger or sth., but thats boring.
We want to brute force... but how?
We need a way to check a password, we need sth. pretty easy but we want to make it work on any Mac.
So... what do all macOS (OS X) versions have... hmmm.... there is a terminal.
But how do we use a login or sth. in the terminal? The answer is pretty simple. Sudo!
Yes, sudo is almost everything we need. Every macOS(OS X) version has a working terminal and you can run sudo on it.
We need to run a command with sudo... but we don't want to type the next password every time, so we have to find a way to pass the passwords as input when executing a command with sudo.
To solve this, i used a small .sh script:
echo $sudoPW | sudo -S ls
this script just tries to execute "ls" with root-privileges.
To create this script automatically we write the following code:
we create a new file, write the .sh code in it and make it executable with chmod.
Now we have the .sh script but we don't use it... until now.
Next we have to read the password list:
in this function we read the file and return an array.
Now we have the list and we have the script. Let's use them:
we get the length of the list and make a for loop with an iteration count of the array length.
Every loop we run our .sh script with a password as parameter (os.system has to be one more left).
After this we calculate the percentage value of our progress. Then we print it in the center bottom of our terminal. The two functions are looking like this:
At the end we just need to set up some variables and call some functions.
At the bottom of the py file write:
Thats just for some error handling, so we don't get errors when giving too few or too much arguments.
Then we set our file path (the printIntro is just for a start screen or sth. if you want to add sth. like that), we create the root.sh file and try out all passwords.
The last line is os.system("sudo -i"). If one of our passwords worked we will not be asked for a password and get directly logge in as root.
Now we can test our little script.
Open terminal, cd to the location of the py file and type:
Then drag and drop your password list into the terminal or write the path by hand.
Hit enter and enjoy.
(little disadvantage... the script is very slow with 5 passwords per second (in my case))
If you were to lazy wo write down the whole script from the pictures and it annoys you, that you can't just make copy and paste, visit my Github: Sn4p3 on Github