how to change the admin password on a mac without privlages

4 replies [Last post]
spider
Offline
NeoApprentice
Joined: 2009/07/12

Just came across this post on another forum and thought it might be of some interest to some of the members here.
------------------------------------------------------
http://ausphreak.com/index.php?showtopic=259

reao: Here's some quick tips that will get you up and running damn quick. Planky's on a good thing, Single User Mode is the way to do it (screw carrying around physical media). When you're in single user mode, you already have admin access.

So here's what you do. To make an admin account quickly, you're best off removing the file that tells the Mac the OS installation is finished. This will bring you back to the start up screen, and let you create a new admin account. No files or applications will be deleted, there'll just be a new admin account, without in any way breaking the current account privs. From this account, you can delete the other admin account, change the password, or anything similar.

Reboot
Hold Apple (Command) + S

Type:

mount -uw /
rm /var/db/.AppleSetupDone
shutdown -h now

Now, make a new admin account, and if you want to be super stealthy, log in, put in the new password for the other admin account. Log back in, and delete that new admin account.

A lot of schools with one-to-one laptop programs are wising up to using Single User mode to change so much. Apple has a protective option called Open Firmware Password, requiring a super-secret code to be entered before being able to boot off an external drive, or get into things like Single User mode. Of course, such things being controlled in firmware means they're easily bypassed. Here's how you get around Open Firmware Passwords:

Change the amount of RAM in the computer (ie take out one of the two RAM modules on the laptop)
Reset the PRAM 3 times (hold down Command + Option + P + R together as the computer starts up, it will chime, then reboot. Keep holding, this will happen three times).

After this is done, the Open Firmware Password is gone. Alternatively, you can download and install an application called FWSucker from SecureMac.com to do the same thing if you don't have physical access to the RAM.

And here's the biggen: turning on the root account from Single User Mode (or even from Terminal with admin privs):

What you need: command line access to the machine you need to be root on, and an account with administrative privileges. And the key command is "dsenableroot". Assuming your admin account is foo, and you are logged in as foo:

foo@mac ~ % dsenableroot
username = foo
user password:
root password:
verify root password:

dsenableroot:: ***Successfully enabled root user.