Penetration Testing mailing list archives

Re: [PEN-TEST] MacOS-9

From: Jose Nazario <jose () BIOCSERVER BIOC CWRU EDU>
Date: Mon, 23 Oct 2000 16:52:48 -0400

On Sat, 21 Oct 2000, Derrick Lewis wrote:

I have been asked to test a system that is running MacOS-9. From what
I know of (through checking the "wall closets" on my way out) they
have a Cisco PIX-520 Firewall with a DMZ setup... Does anyone have any
experience with penetrating Mac systems or can anyone point me to any
resources that might assist me? Thank you.


most macos systems don't listen on any ports. however, their client
software (ie web browsers) are often littered with bugs. i suggest you
look at abusing, say, the brown orifice hole or something similar to
create a method of entry.

furthermore, the macos recently could be used to amplify DoS attacks when
specially crafted. not exactly a penetration of a macos system, but it
could use the system to assist in an attack (say take down a key server
and spoof it with your own data; an NIS server comes to mind).

jose nazario                                    jose () biochemistry cwru edu
PGP fingerprint: 89 B0 81 DA 5B FD 7E 00  99 C3 B2 CD 48 A0 07 80
Public key available at http://biocserver.cwru.edu/~jose/pgp-key.asc

Current thread:

[PEN-TEST] MacOS-9 Derrick Lewis (Oct 24)
- Re: [PEN-TEST] MacOS-9 Jose Nazario (Oct 24)
- Re: [PEN-TEST] MacOS-9 Riley Hassell (Oct 24)
- Re: [PEN-TEST] MacOS-9 cdowns (Oct 25)
- Re: [PEN-TEST] MacOS-9 Jev (Oct 25)
- Re: [PEN-TEST] MacOS-9 Eric Thomas Black (Oct 25)
- <Possible follow-ups>
- Re: [PEN-TEST] MacOS-9 Carskadden, Rush (Oct 24)