Mac OS X Admin Hack

wjariHere’s a quick little hack on how to create an administrator account on Mac OS X Tiger without knowing the current administrator password and do not have the installation disks.[…] Thanks to wjari for providing this nice story on Digg.

What other users say about this:

chmoder: works. and wow is that not so cool

tylerXh: k i have a laptop for school that the school gives us untill school is out but we can’t do anything not even change our backgrond without admin password and we can’t start in single user mode andwe have no disks or ne thing so i need to know how to get the admin password if i can so i can atleast change my background……………….
a lot of peopl in my school have been able to change their background because there date n time get all scrwed up and they restart there comp and then every thing is unlocked…….. how would i be able to screw up date n time without being able to open it cuz its locked??
email me at

5plic3r: That article was the worst attempt at English grammar I’ve seen all week.

rotn: Not sure was is a secret … .. but anyway : )

sewerraccoon: Why do you need the GUI? If you have to go through all this trouble, more than likely you intentions are less than pure, in which case you could just trash anything from the root terminal.
#sudo rm StupidFakeHack.sux

randylovin: Since when is singleuser mode “hacking” ?

Binome: heh, i used this little trick once to get administrator access on all our school’s eMacs.

lastplace: It’s absurd to call this a “hack.” Anyone who has physical access to a machine can do any number of things to “hack” it. Not limited to a boot CD, removing the hard-drive, or any number of things. 3 Cheers for stupid sensationalist reporting.

xtraa: From the page: “Here’s how to create an admin account with knowing the current administrator password.”


fonik: Awesome! I just hacked Digg to show this comment by typing it in the comment box and hitting “Submit Comment.”

BrianGFargo: Duh!

securitymonkey: For some added hilarity, use the ‘chflags’ command on /var/db/.applesetupdone.
Set the file to ‘immutable’.

In recent versions of OSX I think ‘rm’ is smart enough to ask root to ‘override’ though. Back in the old days that provided some real interesting root shell history files:

# rm /some/file

Access Denied.


hugobsd: wow, someone just found out about single user mode.. nice “hack”.

How does this crap even reach the frontpage?

MattInChicago: This is silly. If you have this much access time with the machine just boot the damn thing in FireWire disk mode, copy what you want, and leave to browse at your leisure! Added benefit is your user will never know you were there! As has been pointed out, in the absence of physical security all bets are off! Oh, and as far as the EFI, again with this much time and access, you only need to remove the RAM to reset that!

wjanoch: By Design. Calling this a hack is like calling it hacking when you log in normally.

Hackers have historically created tools to take over a system when they have physical access, it’s always just been a matter of time, a very short time. Many hackers (maybe most) created these tools to fix things, not to crack into other people’s systems. So Apple and others have designed their systems with the idea that a computer’s normal setup should require special knowledge to reset, but not special tools.

As mentioned by another here, Apple has gone beyond this by adding features to prevent others from gaining access to your information when the user or company decides it’s better to risk looking access to it then to risk others gaining access (by using File Vault and Encrypted Memory).

Hardware Passwords slow hackers down, but hardware settings can be forced back to default settings, sometimes w/o even opening the case. It’s good if you are worried about someone sitting at your work desk, hacking the system while you’re at lunch, but not walk away with your computer.

And with Apple hardware especially, it’s a really simple matter to pull a hard drive out of one system and put it in another Apple computer and it will boot perfectly. I’ve booted a MacBook CoreDuo (32 bit dual CPU) from a hard drive pulled from a MacBook Pro Core2Duo (64 bit dual CPU), and vice-versa. Until OS X 10.5 Leopard is released you will still need to have the same CPU architecture (PPC or Intel) on both systems.



Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: