[HELP] Get administrator privileges on Mac w/o access to sudo

drewby

drewby

hey brah
OP
Member
Level 7
Joined
Dec 29, 2015
Messages
668
Trophies
1
Age
22
Location
Virginia, USA
Website
www.instagram.com
XP
1,191
Country
United States
Hey guys,

I am a student looking to get the most out of his school issued mac, and was wondering how to get admin permissions without access to the "sudo" command since I cannot access the sudoers file to add myself to the list.

I am on a MacBook Air running 10.11.5 (El Capitan)

EDIT: sorry if this is the worng place to put this thread, I couldn't find a better place to put it. If an admin wants to move this thread somewhere else, please feel free to.
 
Relys

Relys

^(Software | Hardware) Exploit? Development.$
Member
Level 7
Joined
Jan 5, 2007
Messages
878
Trophies
0
XP
1,218
Country
United States
Drew That Gamer said:
Hey guys,

I am a student looking to get the most out of his school issued mac, and was wondering how to get admin permissions without access to the "sudo" command since I cannot access the sudoers file to add myself to the list.

I am on a MacBook Air running 10.11.5 (El Capitan)

EDIT: sorry if this is the worng place to put this thread, I couldn't find a better place to put it. If an admin wants to move this thread somewhere else, please feel free to.
Click to expand...

This one should work: https://www.rapid7.com/db/modules/exploit/osx/local/rsh_libmalloc

Don't do anything that would get you in trouble...
 
Relys

Relys

^(Software | Hardware) Exploit? Development.$
Member
Level 7
Joined
Jan 5, 2007
Messages
878
Trophies
0
XP
1,218
Country
United States
Drew That Gamer said:
Do you mind telling me how I would run and download this?
Click to expand...

I misread the system version as (10.10.5). It doesn't look like there's a a public PoC out for 10.11.5.

If you can't figure out how to use an exploit, you probably shouldn't have root access...
 
Relys

Relys

^(Software | Hardware) Exploit? Development.$
Member
Level 7
Joined
Jan 5, 2007
Messages
878
Trophies
0
XP
1,218
Country
United States
Drew That Gamer said:
Well, it just was a description. No download/instructions.
Click to expand...

It's part of the Metasploit framework. Also, it is for an older version so it won't work.

The Pegasus 0days used on iOS recently https://blog.lookout.com/blog/2016/08/25/trident-pegasus/ (that were patched on iOS 9.3.5) also applies to OSX as they are both based off of the XNU kernel. It does look like someone is current developing an exploit for the latest version 10.11.6 using these vulnerabilities: https://twitter.com/in7egral/status/776038618641104896
 
Last edited by Relys,
Joom

Joom

 ❤❤❤
Member
Level 16
Joined
Jan 8, 2016
Messages
6,026
Trophies
1
Location
US
Website
mogbox.net
XP
5,992
Country
United States
You could create an El Capitan USB installer using an El Capitan VM and Unibeast on a separate PC then just reinstall the OS. You'd just need to backup whatever app bundles your school installed on the target then drag and drop them back to Applications.
 
_112

_112

Well-Known Member
Newcomer
Level 2
Joined
Mar 10, 2016
Messages
96
Trophies
0
XP
168
Country
Australia
Becoming a admin is very easy.

Step 1 -- First you need to see if you can boot into Single Usermode

This is very easy todo simply shutdown the mac and when you press the power button hold ⌘-S, after a few moments a command line will start to boot and then release the keys.

After the command line has booted there is two commands you need to run the first command is.

/sbin/mount -uw /


This will mount the Macintosh HD so you can run the next command

the second command you need to run is this.

rm /var/db/.AppleSetupDone
When you first buy a mac the apple setup assistant runs this lets you pickup your language and do all your other crap. But it is also where you make your account. Deleting this file lets you run it again and therefore creating a new admin account.



There is one problem with this though some schools or people put firmware passwords on the mac so when you try to boot into single user mode it asks for a password there is a way around this but not needed yet


You may also wan't to enable root which is a hidden user and then delete the admin account the root login is "root" and then what ever password you set with this command
"dsenableroot"

If your school has blocked certain system preferences panes here is two easy way's to get access to them.

Way 1 -- Open system preferences at the top bar click view, then customize un-check the boxes you want to access. Then click done, quit system preferences and then re-open. Search the name of the pref pane you want to use in the search bar and click the name it will open tada.

Way 2 -- Right click system preferences then click show package contents. Now --> Contents --> Resources, and delete NSPrefPaneGroups.xml. open system preferences all the panes will be disappeared just search one you want in the search bar and tada it works.
 
Last edited by _112,
  • Like
Reactions: QuarkTheAwesome and Joom
drewby

drewby

hey brah
OP
Member
Level 7
Joined
Dec 29, 2015
Messages
668
Trophies
1
Age
22
Location
Virginia, USA
Website
www.instagram.com
XP
1,191
Country
United States
Dr_Doom said:
Becoming a admin is very easy.

Step 1 -- First you need to see if you can boot into Single Usermode

This is very easy todo simply shutdown the mac and when you press the power button hold ⌘-S, after a few moments a command line will start to boot and then release the keys.

After the command line has booted there is two commands you need to run the first command is.

/sbin/mount -uw /


This will mount the Macintosh HD so you can run the next command

the second command you need to run is this.

rm /var/db/.AppleSetupDone
When you first buy a mac the apple setup assistant runs this lets you pickup your language and do all your other crap. But it is also where you make your account. Deleting this file lets you run it again and therefore creating a new admin account.



There is one problem with this though some schools or people put firmware passwords on the mac so when you try to boot into single user mode it asks for a password there is a way around this but not needed yet


You may also wan't to enable root which is a hidden user and then delete the admin account the root login is "root" and then what ever password you set with this command
"dsenableroot"

If your school has blocked certain system preferences panes here is two easy way's to get access to them.

Way 1 -- Open system preferences at the top bar click view, then customize un-check the boxes you want to access. Then click done, quit system preferences and then re-open. Search the name of the pref pane you want to use in the search bar and click the name it will open tada.

Way 2 -- Right click system preferences then click show package contents. Now --> Contents --> Resources, and delete NSPrefPaneGroups.xml. open system preferences all the panes will be disappeared just search one you want in the search bar and tada it works.
Click to expand...
Yeah, my school blocked it with a firmware password. Thanks for your help though!
 
Red9419

Red9419

Well-Known Member
Member
Level 6
Joined
Apr 17, 2014
Messages
526
Trophies
0
XP
785
Country
I'm no mac expert, but can't you boot the laptop with a different amount of ram to bypass the firmware password?
 
Red9419

Red9419

Well-Known Member
Member
Level 6
Joined
Apr 17, 2014
Messages
526
Trophies
0
XP
785
Country
Originality said:
Most current macs have RAM hard soldered into the logic board so that's not an option. Also, I don't think that would work with any device in the first place.
Click to expand...
It does, but it was an older trick that worked on macs that don't have the ram soldered on.
 
General chit-chat
Help Users
  • No one is chatting at the moment.
    SylverReZ @ SylverReZ: @Psionic Roshambo, Ouch, I'm sorry to hear that. :( +1