Jump to content

Mac OS X hacked in less than 30 minutes


  • Please log in to reply
10 replies to this topic

#1
whistler

whistler

    InsanelyMac Protégé

  • Members
  • Pip
  • 44 posts

Gaining root access to a Mac is "easy pickings," according to an individual who won an OS X hacking challenge last month by gaining root control of a machine using an unpublished security vulnerability.



read more

#2
skn

skn

    InsanelyMac Geek

  • Members
  • PipPipPipPip
  • 214 posts
  • Gender:Male
A new hack challenge just launched by the University of Wisconsin:

http://test.doit.wisc.edu/

According to them, the MacOSX was hacked LOCALLY by someone who was allowed to have a local account on the box, not from the outside...

Here is the nmap output. The machine is (still) running OS X 10.3.x...

# nmap -sS -P0 -O test.doit.wisc.edu

Starting nmap 3.81 ( http://www.insecure.org/nmap/ ) at 2006-03-06
Interesting ports on test.doit.wisc.edu (128.104.16.150):
(The 1659 ports scanned but not shown below are in state: filtered)
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
427/tcp closed svrloc
443/tcp closed https
Device type: general purpose
Running: Apple Mac OS X 10.3.X
OS details: Apple Mac OS X 10.3.0 - 10.3.3

Nmap finished: 1 IP address (1 host up) scanned in 61.196 seconds

#3
ElectricSheep

ElectricSheep

    InsanelyMac Protégé

  • Just Joined
  • Pip
  • 1 posts
Fingerprinting has been updated in nmap 4.00, and reports the box as running MacOS X 10.4-10.4.4 (the latest revision of MacOS X as of 4.00 release). I would bet that the box is running 10.4.5 as reported by the challenge site.

#4
skn

skn

    InsanelyMac Geek

  • Members
  • PipPipPipPip
  • 214 posts
  • Gender:Male

Fingerprinting has been updated in nmap 4.00, and reports the box as running MacOS X 10.4-10.4.4 (the latest revision of MacOS X as of 4.00 release). I would bet that the box is running 10.4.5 as reported by the challenge site.


Thank you for the information!
However I've just updated it to version 4.01 and it still reports OS X 10.3.x... That's weird! :D

#5
xSuRgEx

xSuRgEx

    InsanelyMac Geek

  • Members
  • PipPipPip
  • 134 posts
Local hacking is easyer than an outside hack anyway.

people shoulent be put off buying a mac because of this. as long as they have tight security and a good firewall (eg) some thing hardware based and properly configured they shouldent have any problems, right ?!? :weight_lift:

#6
domino

domino

    Retired

  • Members
  • PipPipPipPipPipPipPipPipPipPip
  • 1,958 posts
  • Gender:Male
  • Location:/tmp

According to gwerdna, the hacked Mac could have been better protected, but it would not have stopped him because he exploited a vulnerability that has not yet been made public or patched by Apple.

This is what I am afraid of. There are so much flaws that aren't addressed by Apple what giving anyone a simple local client access to a normal Mac with personal server running isn't advisable anymore. I guess that's where .MAC gets it's fundings from.

#7
A Nonny Moose

A Nonny Moose

    Proud PPC User

  • Members
  • PipPipPipPipPipPipPipPipPipPip
  • 2,421 posts
  • Gender:Male
ars technica has a great analysis of the issue, with less FUD than any other article I've seen on this subject. I'm also blogging about it. :weight_lift:

This is what I am afraid of. There are so much flaws that aren't addressed by Apple what giving anyone a simple local client access to a normal Mac with personal server running isn't advisable anymore. I guess that's where .MAC gets it's fundings from.


But .Mac (as well as Apple.com) runs on XServes that can be hacked. So here are your choices:

1. Either set it up yourself and practice safe computing

OR

2. Set it up using a web hosting service and hope and pray they're using safe computing on their central servers.

#8
domino

domino

    Retired

  • Members
  • PipPipPipPipPipPipPipPipPipPip
  • 1,958 posts
  • Gender:Male
  • Location:/tmp
I didn't say Apple gave there production servers the same priority as the people that buy them out of the box. You have better control running a server OS than the normal OS build. The personal Firewall that comes with Tiger is a joke.

This article or any Mac security article doesn't even cover MySQL, PHP, and Apache vulnerabilities that can cause problems with your home built personal server. Then you also have the option to make /var, /tmp, /home partitions and restrict suexec on your partitions. All this falls under any Unix OS, so whether you are running a server or not, it is still applicable. Let's not even talk about the webscripts that aren't exactly safe to use.

Anyway, if you have nothing of interest, people shouldn't get discouraged about all these warning signs. Just be aware of them :angry:.

#9
xtraa

xtraa

    InsanelyMac Legend

  • Members
  • PipPipPipPipPipPipPipPip
  • 1,063 posts
  • Gender:Male
  • Location:Hamburg
Hey,

imho, the whole challenge was a FAKE:

gwerdna? gwerdna is Andrew Griffiths, look him up at Phrack:

http://www.pullthepl...news/index.html
http://www.phrack.or...w.php?p=63&a=14

His mate set up the machine with special versions of Fink, PHP, MySQL,
Apache, LDAP. The domain wideopenbsd.org is known for BSD-Bashing btw.

I cannot proof it, but it must have been worked like this:

Andrew told him, how to set up the machine, and what versions of the above
named soft to use. He did so, and after that it was a walk in the park to apply
the exploits on the software to gain higher rights. I think he made it via Fink
but it is always good to have some old php around.

Why "higher rights" and not root? Well, the competition wasn't even finished.
I already posted this, but the mission was to do an rm -rf, to proof the Root-
status. But Andrew just defaced the site, what makes a big difference, cause
you can deface a site easily with an local LAMP exploit. You don't need to be
root for that.

So thats the whole story IMHO. (he is still a good hacker maybe but thats
another story) Just guessing :guitar:

I don't want to say OSX is bulletproof. Also I know that it is a worse thing to
enter the system even from within a gues account, becaue this is a bad thing
for bigger intranets. BUT. I doubt the whole story. Seems like one BSD hater
and a 1337 haxx0r just married.

jm2c

#10
skn

skn

    InsanelyMac Geek

  • Members
  • PipPipPipPip
  • 214 posts
  • Gender:Male

I don't want to say OSX is bulletproof.


Indeed. No OS is bulletproof. However, MacOSX succesfully passed the Security Test launched by Dave Schroeder: :)

- There were no successful access attempts of any kind, including during the 38 hour duration of the test period, nor have their been any claims of success. The host is still the same host and configuration used for the test.


Check out the test results here:

Mac OS X Security Test

#11
xtraa

xtraa

    InsanelyMac Legend

  • Members
  • PipPipPipPipPipPipPipPip
  • 1,063 posts
  • Gender:Male
  • Location:Hamburg

Indeed. No OS is bulletproof. However, MacOSX succesfully passed the Security Test launched by Dave Schroeder: :D
Check out the test results here:

Mac OS X Security Test


Yes, it was a good action message to set up a second challenge with real conditions. Anyway, It will never really proove the target itself, it always prooves vulnerabilities of the software used, mostly mysql and php.

The first competition was simply not fair. I mean, if a mac got hacked, I am fine with it, {censored} happens. But that had nothing to do with it. This was big style Apple bashing, and I am simply upset about ZDNet and all the other Copy&Paste Media, that jumped on the bandwagon.

The good thing is, that most forums on slashdot etc. corrected this unfair behavior. Like I said, no prob with a real mac hack. Also no prob with fanboy bashing in forums :D But to hype a fake story that big wasn't fair.

No matter if it's Apple, Dell or Microsoft.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

© 2014 InsanelyMac  |   News  |   Forum  |   Downloads  |   OSx86 Wiki  |   Mac Netbook  |   PHP hosting by CatN  |   Designed by Ed Gain  |   Logo by irfan  |   Privacy Policy