Re: Mac symlink attack techniques?

[don bailey <don.bailey () gmail com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

If this is a server, just create root's .ssh/authorized_keys file. If it
ends up world rw just remember that you have to change modes so it is
not world rw for sshd to use it.

If this is a desktop-only app, do the same to a user's account that
has information you want.

You don't need root on MacOSX to compromise it unless it's a server.

Another fun technique is to create a user's .bash_profile or .bashrc
if it isn't already created. I can't remember if MacOSX gives you a
bash shell by default, but every shell has a similar file. If MacOSX
creates these files for its users, there are still other tricks. If
they don't have a .bash_history file, for example, you can create
one with fake commands. So when they execute history it'll install
a trojan or some such other thing.

There are 1,000+1 more techniques here, these are just lame examples.
Just get creative :-)

D
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFH/6x+yWX0NBMJYAcRAnFMAJ0RasxlGonM53hd6gsUe4HencDIyQCfWDzx
q55hwtLHLUoOS5jzExTAWn4=
=4dvF
-----END PGP SIGNATURE-----

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------