Tuesday, March 8, 2011

get the password from an osx 10.5 leopard user account

sometimes we have business need to log in as an ex employee, on a mac it is handy to be able to retain the user's keychain, if we use the standard password reset means we will lose access to the keychain, therefore it is handy to gain access to the user's password so as to retain keychain access

using the latest john the ripper, here is the process i used to complete this procedure on a 10.5.8 mac system

1) extract guid for user:
dscl localhost -read /Search/Users/$username | grep GeneratedUID | cut -c15-

will return the guid, similar to this:
4554C58F-FA33-41E5-BE5E-996283326248

2) extract hashes:
cat /var/db/shadow/hash/$guid | cut -c169-216

will return the sha1 hash like this:
4C7C490529E21548221182CD40EEC6EC80026D61E0901F82

3) create a text file with the user's username:passwordhash like:
duder: 4C7C490529E21548221182CD40EEC6EC80026D61E0901F82

4) run john the ripper on the file, that's it!

Tuesday, January 4, 2011

tabloid landscape printing issues on mac osx 10.6.5

the issue:
tabloid size printing (11x17) landscape does not work properly, the print is done in portrait mode when it should be landscape, all other paper sizes work with landscape mode without issue

the reason:
apple changed some files in the printing subsystem they are using (cups) between mac osx 10.6.4 and 10.6.5

the fix:
replace /usr/libexec/cups/filter/pstops on the 10.6.5 installation with the same file from a 10.6.4 installation. i have an archive of that file for my own purposes here:
http://natefrogg.com/tools/pstops.zip

make sure you are root or sudo to a bash shell, we are going to shut down the print server (cupsd), move the old pstops file, pop the new file in, correct permissions on the new pstops, then restart, here we go:

mkdir /tmp
cd /tmp
curl -O http://natefrogg.com/tools/pstops.zip
unzip pstops
launchctl unload /System/Library/LaunchDaemons/org.cups.cupsd.plist
mv /usr/libexec/cups/filter/pstops /usr/libexec/cups/filter/pstops-OLD-10.6.4
cp pstops /usr/libexec/cups/filter/pstops
chown root:wheel /usr/libexec/cups/filter/pstops
chmod 0555 /usr/libexec/cups/filter/pstops
shutdown -r now

once the system reboots, give it a try and you should be printing tabloid size in landscape mode without issues...well, at least until 10.6.6 comes out ;)