|
Penetration Testing
mailing list archives
Re: Mac symlink attack techniques?
From: don bailey <don.bailey () gmail com>
Date: Fri, 11 Apr 2008 12:23:00 -0600
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
If this is a server, just create root's .ssh/authorized_keys file. If it
ends up world rw just remember that you have to change modes so it is
not world rw for sshd to use it.
If this is a desktop-only app, do the same to a user's account that
has information you want.
You don't need root on MacOSX to compromise it unless it's a server.
Another fun technique is to create a user's .bash_profile or .bashrc
if it isn't already created. I can't remember if MacOSX gives you a
bash shell by default, but every shell has a similar file. If MacOSX
creates these files for its users, there are still other tricks. If
they don't have a .bash_history file, for example, you can create
one with fake commands. So when they execute history it'll install
a trojan or some such other thing.
There are 1,000+1 more techniques here, these are just lame examples.
Just get creative :-)
D
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFH/6x+yWX0NBMJYAcRAnFMAJ0RasxlGonM53hd6gsUe4HencDIyQCfWDzx
q55hwtLHLUoOS5jzExTAWn4=
=4dvF
-----END PGP SIGNATURE-----
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------
 By Date 
By Thread
Current thread:
|
Intro
