AXiD

Mac OS X Aqua BIG PROBLEM

21 posts in this topic

OK here's what you're going to do. This is rediculous...

There is a huge security problem that allows any user who can get to the terminal to gain Administrator (or even sudo root) privalages. All you need to do is know the name of the administrator account on the system. This can be found using a few different methods i won't discuss because if you know your way around a darwin system you can figure it out.

1. Get into terminal

2. type lookupd -d

3. type UserWithName: [admins name]

4. You will be given the encrypted password

5. Get John the ripper

6. crack the hash in like 2 mins flat since it's DES by default.

NOTE: Don't look up root even though there is a root user he's by default locked out. If you want to preform any root like actions as an administrator use the sudo command. or if you want to set a root password type sudo passwd root

Fix:

There are a few ways of fixing this problem.

1. don't allow access to the terminal

2. chown it to system. You can't set to low of premissions because this is what OS X uses to get all the information it needs for users. I forget what my exact settings were in the computer lab but trying root:wheel and premissions of 600 didn't work.

And people said macs were secure ;)

0

Share this post


Link to post
Share on other sites

Which version of OS X is this? I can't get it to work using your directions on my 10.2.8 laptop.

PF

0

Share this post


Link to post
Share on other sites
I thought OS X implemented password shadowing.. insane.  :blink:

It does. I think this was addressed with a security update already, which would explain why I can't make it work.

PF

0

Share this post


Link to post
Share on other sites

I havn't gotten the 10.3 update yet so I bet it will still work.

Edited by Vyeperman
0

Share this post


Link to post
Share on other sites

so its not on os x 10.3 then so i cant test it out

0

Share this post


Link to post
Share on other sites

This was actually fixed in Panther and maybe in later updates to Jaguar. In reality, in Jaguar, it is still retuning the password hash, it's simple DES so have fun with that. In Panther they've started using MD5 and they've disabled that functionality.

0

Share this post


Link to post
Share on other sites

i dunno why everytime a security exploit comes out for macs people are all AND YOU THOUGHT MACS WERE SECURE!!! like rubbin it in mac addicts faces. who cares it still gets less security problems than windows.

0

Share this post


Link to post
Share on other sites

(not dissing anyone's architecture preferences)

who the fuck is the genious that came up with using DES? hasn't that been proved time-and-time again to not work? isn't the first thing that every skiddie unix hacker learns is how to use jtr? :nono:

0

Share this post


Link to post
Share on other sites

Well, since OSX is a direct (Very direct) descendent of NeXT, I would assume this was something that carried over from it and was just now revised.

0

Share this post


Link to post
Share on other sites

You can also get the hash through the Netinfo Manager. Simple fix really, don't allow anyone access to the box. Firewall anyone from the outside and do your best to make sure nobody has physical access. But if they do they won't be trying to crack some hash.

0

Share this post


Link to post
Share on other sites

I had one of these at work for a very short time.

Cube

Somewhere between late 1989/early1990 I was working for a printing company. The Linofilm dept got the NeXT Cube, and the layout dept I worked in got a Mac II fx. (Not sure how much the Cube cost, but the Mac and all its peripherals cost more than my '89 Nissan 4x4 I had just bought!) This was my second exposure to the Mac, the first was through one of my high school teachers in '86. I stayed late every night for a month learning how to use the thing on my own time and got everything pretty much mastered. I browbeated the head of the linofilm dept into letting me in to play around with the cube, but only had two evenings on it before they got rid of it because no one in the dept wanted to take the initiative and learn how to use it. I spent a few evenings at bookstores and the library and brought the bad news to the president of the company... ready for this? They needed to buy some software! They had bought the machines, but no one had ever explained to them that they'd need to get software too.

They planned on programming on the Next Cube and graphics on the Mac. The cube had a monochromatic display and layout had a color one for the Mac. The owner of the company had written some DOS programs that were used for outputting type to vinyl-like tape that was cut and pasted. I guess they wanted one of the schmucks in Linofilm to decide one night to learn to program on the Cube. :)

In retrospect, as much as I've loved using Macs for the past 15 years, I probably should have pushed earlier to work on the Cube. I'd have been using a *nix, and may have spent the last 15 years programming and not designing.

0

Share this post


Link to post
Share on other sites

Alright I tested this on a OS X machine that was of pretty high version number i can't remember what it was exaclty but i can check. I basicly own every computer in my school due to this exploit. Yes this has been fixed in panther. However i believe that most (if not all) aqua versions are stil vulnerable.

0

Share this post


Link to post
Share on other sites

wow.......like half the comps at MY school run aqua I think. now I just have to figure out how to escalate my self to the level of having terminal :ninja: :devil:

0

Share this post


Link to post
Share on other sites

you SHOULD be able to get to terminal, just go to the hard drive and click the applications button, then click under utilities.

0

Share this post


Link to post
Share on other sites

it gives me some permissions error whenever I do that. i know fuckall about macs and how permissions are decided, so i have no idea how to start getting around this

0

Share this post


Link to post
Share on other sites

I think this has been fixed in Panther. Couldn't get it to work on my Jaguar machine either, probably cuz that's running 10.2.3. Most of the Jag related security issues were in 10.2.8, and there are fixes for them.

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now