Penetration Testing mailing list archives
Re: Mac symlink attack techniques?
From: don bailey <don.bailey () gmail com>
Date: Fri, 11 Apr 2008 12:23:00 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 If this is a server, just create root's .ssh/authorized_keys file. If it ends up world rw just remember that you have to change modes so it is not world rw for sshd to use it. If this is a desktop-only app, do the same to a user's account that has information you want. You don't need root on MacOSX to compromise it unless it's a server. Another fun technique is to create a user's .bash_profile or .bashrc if it isn't already created. I can't remember if MacOSX gives you a bash shell by default, but every shell has a similar file. If MacOSX creates these files for its users, there are still other tricks. If they don't have a .bash_history file, for example, you can create one with fake commands. So when they execute history it'll install a trojan or some such other thing. There are 1,000+1 more techniques here, these are just lame examples. Just get creative :-) D -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFH/6x+yWX0NBMJYAcRAnFMAJ0RasxlGonM53hd6gsUe4HencDIyQCfWDzx q55hwtLHLUoOS5jzExTAWn4= =4dvF -----END PGP SIGNATURE----- ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
Current thread:
- Mac symlink attack techniques? Jon Hart (Apr 11)
- Re: Mac symlink attack techniques? don bailey (Apr 12)
- Re: Mac symlink attack techniques? Paul Melson (Apr 12)
- Re: Mac symlink attack techniques? Jon Hart (Apr 14)
- Re: Mac symlink attack techniques? Marco Ivaldi (Apr 14)
- Re: Mac symlink attack techniques? Jon Hart (Apr 16)