MAC etc/master.passwd
- User Database
- Note that this file is consulted when the system is running in single-user
- mode. At other times this information is handled by one or more of:
- lookupd DirectoryServices
- By default, lookupd gets information from NetInfo, so this file will
- not be consulted unless you have changed lookupd's configuration.
- This file is used while in single user mode.
- To use this file for normal authentication, you may enable it with
- /Applications/Utilities/Directory Access.
i already did the unix basic challenge but i forgot the first line, what is the correct way to use chmod all and execute. this somewhat has to do with my real question. please pm me.
my real question is i found the file etc/master.passwd on a mac. is there any way that i can view this and either find the hash or the cleartext password, or anything that i can get the password from. when i found the etc/passwd file and opened it it said.```markup##
User Database
Note that this file is consulted when the system is running in single-user
mode. At other times this information is handled by one or more of:
lookupd DirectoryServices
By default, lookupd gets information from NetInfo, so this file will
not be consulted unless you have changed lookupd's configuration.
This file is used while in single user mode.
To use this file for normal authentication, you may enable it with
/Applications/Utilities/Directory Access.
nobody::-2:-2:Unprivileged User:/:/usr/bin/false root::0:0:System Administrator:/var/root:/bin/sh daemon::1:1:System Services:/var/root:/usr/bin/false lp::26:26:Printing Services:/var/spool/cups:/usr/bin/false postfix::27:27:Postfix User:/var/spool/postfix:/usr/bin/false www::70:70:World Wide Web Server:/Library/WebServer:/usr/bin/false eppc::71:71:Apple Events User:/var/empty:/usr/bin/false mysql::74:74:MySQL Server:/var/empty:/usr/bin/false sshd::75:75:sshd Privilege separation:/var/empty:/usr/bin/false qtss::76:76:QuickTime Streaming Server:/var/empty:/usr/bin/false cyrusimap::77:6:Cyrus IMAP User:/var/imap:/usr/bin/false mailman::78:78:Mailman user:/var/empty:/usr/bin/false appserver::79:79:Application Server:/var/empty:/usr/bin/false clamav::82:82:Clamav User:/var/virusmails:/bin/tcsh amavisd::83:83:Amavisd User:/var/virusmails:/bin/tcsh jabber::84:84:Jabber User:/var/empty:/usr/bin/false xgridcontroller::85:85:Xgrid Controller:/var/xgrid/controller:/usr/bin/false xgridagent::86:86:Xgrid Agent:/var/xgrid/agent:/usr/bin/false appowner::87:87:Application Owner:/var/empty:/usr/bin/false windowserver::88:88:WindowServer:/var/empty:/usr/bin/false tokend::91:91:Token Daemon:/var/empty:/usr/bin/false securityagent::92:92:SecurityAgent:/var/empty:/usr/bin/false unknown:*:99:99:Unknown User:/var/empty:/usr/bin/false
Yeah, I was trying to give you a subtle hint… wanted to see if you knew about the shadow file. Whenever you see a single * where the password would be, it tells you that the passwords are stored / encrypted in the shadow file. Not sure off the top of my head, but I think they're DES or 3DES encrypted. John the Ripper will chew through a shadow file.
The shadow file is in the same location as the passwd file, last time I checked. Don't know if it's different with Macs, but I think Linux distros keep the files in /etc. Don't take my word for it, though. Use Google and do a search for something like the Mac OS version and the word "shadow".
Edit: Forgot to mention… the last part of each line looks like each user's default shell.