Viewing entries tagged
password

Extract & Decode Forgotten Billion WAN Service Password

Comment

Extract & Decode Forgotten Billion WAN Service Password

Forgotten Internet credentials can be recovered by contacting your ISP. They can also be easily decoded from a backup configuration file.

First download the backup configuration file (backupsettings.conf) by selecting Configuration > System > Backup / Update > Backup Settings.

Open backupsettings.conf in a text editor and search for WAN service username, the following line will contain the password, Base64 encoded.

 

Copy and paste the encoded password into the field below to decode the password.


Comment

Recovering a Forgotten OS X/macOS User Password

1 Comment

Recovering a Forgotten OS X/macOS User Password

Recently I had an elderly client that could not remember the password to his iMac nor the email passwords configured in Apple Mail. I was caught in a situation where I could not reset his Keychain as that would remove his email passwords, but I also had no way of extracting passwords from his Keychain. On top of that I needed the password to install new printer drivers.

This information is intended to support others that have forgotten their login password, it should not be used for evil. If you want to secure your system from vulnerabilities like this it is important to enable FileVault whole-disk encryption and use a unique/secure password. You can turn it on under System Preferences > Security & Privacy > FileVault.

I remembered reading how the Automatic Login feature stores a cipher of the user's password in /etc/kcpassword. A quick Google search later and I had the following command to extract the password.

Since the above command requires sudo and I didn't have access to an administrator account, I booted the iMac into Target Disk Mode, connected it to another Mac (via FireWire/Thunderbolt cable) and ran the following command:

sudo ruby -e 'key = [125, 137, 82, 35, 210, 188, 221, 234, 163, 185, 31]; IO.read("/Volumes/Macintosh HD 1/etc/kcpassword").bytes.each_with_index { |b, i| break if key.include?(b); print [b ^ key[i % key.size]].pack("U*") }'

And just like that I had recovered his password!

1 Comment