In this post, we will take a look at how to obtain the password hash from users on a macOS system. macOS uses a "SALTED-SHA512-PBKDF2" hash format for its user accounts. The way that macOS stores users, each users' data is stored in a property list (plist) file which is stored in the /var/db/dslocal/nodes/Default/users directory. Each file is named username.plist. It should be noted that you must have sudo ability to access the user data in that directory.