Skip to content

Instantly share code, notes, and snippets.

@dreness dreness/shadowhash.sh
Last active Mar 17, 2018

Embed
What would you like to do?
Examine shadowhash data from a DSLocal account record in macOS
#!/bin/bash
if [ -z $1 ]
then
echo "Requires a username as the first and only argument."
exit 1
fi
readShadowhash() {
u=$1
if id ${u} > /dev/null
then
set -x
# need sudo to read AuthenticationAuthority, unlike most record attributes
sudo dscl . read /Users/${u} AuthenticationAuthority
sudo defaults read /var/db/dslocal/nodes/Default/users/${u}.plist ShadowHashData|tr -dc 0-9a-f|xxd -r -p|plutil -convert xml1 - -o -
set +x
else
echo "unknown user?"
fi
}
readShadowhash $1
# to change hash types:
# pwpolicy sethashtypes SALTED-SHA512-PBKDF2 on SRP-RFC5054-4096-SHA512-PBKDF2 on SMB-NT on CRAM-MD5 on RECOVERABLE off
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.