Penetration Testing: Re: Apple pentesting

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Penetration Testing mailing list archives

Re: Apple pentesting

From: Mike <secfocus () mikesbytes com>
Date: Wed, 06 Apr 2005 11:56:20 -0700

At 4/5/2005 08:51 AM, Julian Totzek wrote:

I have to do a pentest in a environment where mac's should be located. Never
tested MacOS somebody have some tips for me? They normally should only be
clients no servers.
Do you know of special tools to test them, or is it possible to test them
with progs like nesuss?

Metasploit (http://www.metasploit.com) has exploits for three differentMacOS vulnerabilities:


AppleFileServer LoginExt PathName Overflow
        http://www.metasploit.com/projects/Framework/exploits.html#afp_loginext
Arkeia Backup Client Type 77 Overflow (Mac OS X)
        http://www.metasploit.com/projects/Framework/exploits.html#arkeia_type77_macos
Samba trans2open Overflow (Mac OS X)
        http://www.metasploit.com/projects/Framework/exploits.html#samba_trans2open_osx

Any pen testing tools you use for BSD systems should work fairly wellagainst MacOS X machines.

By Date By Thread

Current thread:

Apple pentesting Julian Totzek (Apr 05)
- Re: Apple pentesting Erik Winkler (Apr 05)
- Re: Apple pentesting Mike (Apr 06)
- <Possible follow-ups>
- RE: Apple pentesting Todd Towles (Apr 05)
  - Re: Apple pentesting Daniel (Apr 05)
  - Re: Apple pentesting sam f. stover (Apr 05)
  - Re: Apple pentesting Thomas Stromberg (Apr 05)
  - Re: Apple pentesting Thomas Hardly (Apr 06)