Local Admin Account

by vanbo

10K721

Intro: Local Admin Account

This instructable goes over how to theoretically go about changing the local root password on Mac OS X to gain full admin privileges.

This is my first i'ble, so please comment

*Hehem. Emphasis on the word comment

STEP 1: Why?

Me and my friend discovered this while trying to beat the various sysadmins at my school.

As long as what you are doing is within the UN declaration of human rights, I don't care.

STEP 2: Find a Mac

This only works on OS X (there are different methods for other *nixes), so first, find one.

As long as it runs a DARWIN-based kernel, this will work.

STEP 3: Turn It On!

Turn on the Mac.

As soon as the screen starts up, press and hold {apple} + {S}.

From here a black screen with a lot of text pops up.

You have now entered single user mode.

STEP 4: Single User Mode

After text has stopped popping up, type /etc/ rc/ .

At this point a huge amount of text will come at you at a million miles an hour.

When stuff has stopped coming up, press {return} and then type passwd root

Type in whatever you want the password to be, confirm it and after it says root password successfully changed (or something like that), reboot the computer by using the power button.

STEP 5: Et Voila!

Sign in with the user name : root and whatever password you created. Congratulations! You have just beaten the demonic Sysadmins!

Please comment.

(I will add photos later)

EDIT: Added photos. Will have better ones when I get Hackintosh working

22 Comments

admin 15 years ago

Hey, this is a great instructable and is very informative. Just one thing is missing... pictures! It really helps a lot when trying to follow directions so you should consider taking some photographs. Once you do that and leave me a message when you have so that we can publish your work. Thanks! Thanks for the cool instructable and we hope to publish this soon!

vanbo 15 years ago

Pictures are now up

Gelfling6 10 years ago

I recently inherited an old xserver dual-G4. there is also one method, of re-owning the mac that works similar.. In /Library , there is a file with the actual pass-key to install the mac, and, it also requires deleting one file, (name escapes me right now, system is at home).. Plenty of "How-To's" on the net on how to do this.. Apple turned what they used to call A/UX (their 68000 derivative of UNIX) into OS-X, but turned their backs on it once the iPhone became so popular, and began focusing on iOS.. Everyone decided they wanted ultra-portable, instead of lugging around their laptops. But, the LINUX world still lives, despite the cloud-ed world.

thormilo 11 years ago

How can I do this on os x mountain lion? I have a macbook air

Lyokoking99 13 years ago

I feel your pain. Our school runs on Mac systems as well, but our District Level admins are pretty smart for school employees. They have blocked access to the Open Firmware (Single User Mode) with a password. Any ideas on how to get around that? I'm only asking for knowledge, I don't plan on breaking through their system.

Element1604 13 years ago

any idea on how to do this the other way around? (Block access to single user mode on MY mac to protect from this?)

macwhiz 13 years ago

Put a firmware password on using the firmware password utility on the OSX setup disk

macwhiz 13 years ago

reset the PRAM (google it) and then try single user mode

northernmagnet 13 years ago

uh huh sure i looked at this becuse im helping my school we run linux mac and windows how screwed up is that i need this becouse the owners of the macs left without giving the password

lockpick 13 years ago

Won't the teachers know when there password has changed?

amandaggogo 13 years ago

Yes they will when they unfourtunatly try to log in and the old password will not work.

tinkerC 15 years ago

Good. Now I know where the useful files are. I hack Macs, like changing the background image on the login window. Good 'ible.

Redgerr 13 years ago

yeah dood, macs are terrible... IMAPC

vanbo 15 years ago

Why thank you.

tinkerC 15 years ago

If you have more things you could do in single user mode, it might attract more attention. I didn't even know about /etc/rc until you said so. And I'm the guy who has changed the .hidden file.

jsejcksn 14 years ago

Any knowledgeable "Sysadmin" will have the firmware password enabled and you won't be able to boot into Single User Mode.

vanbo 14 years ago

You'd think so, woudn't you?

That said however, every time I've tried this on a school or corporate Mac network, it has worked. Go figure.

And yes, it is a perfectly valid point, but at the same time, if they do that, then there is a lot to be said for trying a USBoot with something like #!, which will probably work.

jsejcksn 14 years ago

Firmware password also disables booting from any volume other than the currently blessed system volume. The bad side to it is that you can't use Target Disk Mode, boot from a recovery CD, or any other media either... I personally find it more of a pain than a help, but if you want a truly locked down Mac, then I guess you gotta do what you gotta do.

Mr. Weigleweg 14 years ago

Whenever I type in /etc/ rc/ it just says /etc/ is a directory. I tried cd /etc/ rc/ but that just mounts it. Please help!

Scissors MacGillicutty 14 years ago

Type "/etc/rc" with no space or extra slash between "etc" and "rc"—and, naturally, no quote marks around it.

On my version of Mac OS X (Leopard), the file is called "/etc/rc.common", but that's once the machine is booted regularly, so try "/etc/rc" first. Good luck.

More Comments