This differs from OS X whereby each user has their own individual shadow file stored in the /var/db/shadow/hash/ directory. On a Unix-based system, every hash associated with the system is stored in the /etc/shadow file. Since the release of OS X 10.3 in 2003, Macintosh products have stored their shadow files in the /var/db/shadow/hash/ directory.Īnother key difference is the way in which the two systems store their hashes. Whilst traditional Unix and BSD variants store their password hashes in /etc/shadow and /etc/master.passwd respectively, Mac OS X does not. If you have ever poked around on an OS X system, you may have noticed the absence of the /etc/shadow file. Lets take a quick look at some of the differences. Whilst Mac OS X is based on a Unix variant (BSD), there are several key differences between traditional Unix-based and Mac OS systems when it comes to password storage. The OS X variants that this tutorial is aimed at are 10.4 (Tiger), 10.5 (Leopard) and 10.6 (Snow Leopard). In this post I will demonstrate how to both extract and crack Mac OS X passwords.
