01-20-2021, 01:25 PM
For macOS v10.6, the user-password is stored in /var/db/shadow/hash/GUID_of_your_user.
(The correct GUID can be found in the /private/var/db/dslocal/nodes/Default/users/[yourusername].plist)
Open that file with an Hex-viewer, and you should find the salted SHA1.
When looking at https://hashcat.net/wiki/doku.php?id=example_hashes, you'll see that you need -m 122 in order to crack it.
(The correct GUID can be found in the /private/var/db/dslocal/nodes/Default/users/[yourusername].plist)
Open that file with an Hex-viewer, and you should find the salted SHA1.
When looking at https://hashcat.net/wiki/doku.php?id=example_hashes, you'll see that you need -m 122 in order to crack it.