Penetration Testing mailing list archives

Re: Apple pentesting

From: Mike <secfocus () mikesbytes com>
Date: Wed, 06 Apr 2005 11:56:20 -0700

At 4/5/2005 08:51 AM, Julian Totzek wrote:

I have to do a pentest in a environment where mac's should be located. Never
tested MacOS somebody have some tips for me? They normally should only be
clients no servers.
Do you know of special tools to test them, or is it possible to test them
with progs like nesuss?

Metasploit (http://www.metasploit.com) has exploits for three differentMacOS vulnerabilities:


AppleFileServer LoginExt PathName Overflow
        http://www.metasploit.com/projects/Framework/exploits.html#afp_loginext
Arkeia Backup Client Type 77 Overflow (Mac OS X)
        http://www.metasploit.com/projects/Framework/exploits.html#arkeia_type77_macos
Samba trans2open Overflow (Mac OS X)
        http://www.metasploit.com/projects/Framework/exploits.html#samba_trans2open_osx

Any pen testing tools you use for BSD systems should work fairly wellagainst MacOS X machines.

Current thread:

Apple pentesting Julian Totzek (Apr 05)
- Re: Apple pentesting Erik Winkler (Apr 05)
- Re: Apple pentesting Mike (Apr 06)
- <Possible follow-ups>
- RE: Apple pentesting Todd Towles (Apr 05)
  - Re: Apple pentesting Daniel (Apr 05)
  - Re: Apple pentesting sam f. stover (Apr 05)
  - Re: Apple pentesting Thomas Stromberg (Apr 05)
  - Re: Apple pentesting Thomas Hardly (Apr 06)
- RE: Apple pentesting Altheide, Cory B. (IARC) (Apr 05)
- RE: Apple pentesting Todd Towles (Apr 05)
  - Re: Apple pentesting Daniel (Apr 06)
- RE: Apple pentesting Altheide, Cory B. (IARC) (Apr 05)
- RE: Apple pentesting Todd Towles (Apr 06)

(Thread continues...)