How to Hack into a Mac Without the Password

Hello, my fellow hackers.

My name is cl0ck. I am a senior majoring in Computer Engineering with an emphasis is Security. I have been lurking the site for a while now reading and learning from the great minds that reside here. I, too, have some knowledge that I would like to share with all of you. This post actually comes from a personal problem I faced and had to find a solution for. Without further ado, here it is:

Imagine this. Your girlfriend needs to type a very important report for her Accounting class but she forgot the password to her MacBook Pro. She tries and tries, but keeps getting the password wrong. She asks her boyfriend if he can "hack" into her laptop. He actually knows how to do this so he breaks in and puts a password of his choice. He then gives it to her and tells her to change her password and to not forget it this time.

Question is, how did he do it without knowing the password? Here's how...

  1. Power off the MacBook.
  2. Turn it back on and immediately press the Command + R keys until the apple logo appears. You will now be in this screen:

Note: If Recovery doesn't load, restart your Mac and try again.

The combination of these keys launches OS X Recovery. Mac OS X Lion (10.7) through El Capitan (10.11) include OS X Recovery. This feature includes tools that you need to reinstall your operating system, repair your disk, and restore from a Time Machine backup.

  1. Select Utilities -> Terminal from the top menu bar.
  1. Once the Terminal window loads, type "resetpassword" without quotations and press Enter. The screen below will load.
  1. Select the user and type the new password. Click Save.
  2. Restart your Mac and log in with your new password.

So it turns out that Apple included a feature just in case we forgot our passwords. But how do we prevent this from happening to us? Stay tuned, as in my next tutorial I will be showing you how to prevent this from happening to you.

7 Comments

There are two ways to prevent this:

  1. Remove the recovery partition.
  2. Turn on FileVault disk encryption.

There may be a third way in El-Captian since the introduction of System Integrity Protection (csrutil), but I haven't looked into it yet. Though this was a nice read.

TRT

I completely agree on this.

Just a quick note,

I misplaced the tutorial somewhere but you can delete a particular file in single user mode allowing you to set up a new admin account and then once you are done messing around you can delete the new account from single user mode and so the owner is not suspicious that their password stopped working

Thank you, and nice! I didn't know that method myself; will have to try it out.

Are you able to do this from another computer if you forgot your password either on the same network or over the internet using ssh?

Like if you're on the same network

Share Your Thoughts

  • Hot
  • Latest