Crack Mac user password #


Extract hash

sudo ./ /Volumes/Target/var/db/dslocal/nodes/Default/users/username.plist


Save the output without the leading "user:" (otherwise you'll need to specify --username when running hashcat) to hash.txt

Start cracking

hashcat -a 0 -m 7100 --status -o found.txt hash.txt wordlist.txt


Additional scripts and a program that accomplish the same goal as (i.e., extracting hashcat-compatible hashes from binary plist shadow files generated by OS X 10.8 and up (SALTED-SHA512-PBKDF2)):

The process can also be done manually:

See also Recovering saved macOS user passwords.

/mac | Oct 30, 2019

Subscribe or visit the archives.