Skip to content

Instantly share code, notes, and snippets.

@theopolis

theopolis/unset_passwords.sql

Created November 29, 2017 01:54
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save theopolis/99718fc1e07e814268d6bd0aa5bacd0a to your computer and use it in GitHub Desktop.
Save theopolis/99718fc1e07e814268d6bd0aa5bacd0a to your computer and use it in GitHub Desktop.
Download ZIP
Find enabled accounts on macOS with unset passwords
Raw
unset_passwords.sql
select os_version.version, case when from_base64(p2.value) like '%passwordLastSet%' then 1 else 0 end as password_set, case when p1.value = '*' then 0 else 1 end as account_enabled, u.shell, u.username as account_username from plist p1, plist p2, os_version, (select * from users where directory != '/var/empty') u where (p1.path = '/var/db/dslocal/nodes/Default/users/' || username || '.plist' and p1.key = 'passwd') and (p2.path = '/var/db/dslocal/nodes/Default/users/' || username || '.plist' and p2.key = 'accountPolicyData');
@theopolis
Copy link
Author

Another way, possibly more effective:

select * from (select os_version.version, case when p2.value <> '' then 1 else 0 end as password_set, case when p1.value = '*' then 0 else 1 end as account_enabled, u.shell, u.username as account_username from plist p1, os_version, (select * from users where directory != '/var/empty') u left join plist p2 where (p1.path = '/var/db/dslocal/nodes/Default/users/' || username || '.plist' and p1.key = 'passwd') and (p2.path = '/var/db/dslocal/nodes/Default/users/' || username || '.plist' and p2.key = 'ShadowHashData'));

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment