Jump to content

SSH and VNC access on *many* OS X systems


H@L0_F00
 Share

Recommended Posts

I have sudoer access (meaning I can "sudo su" and get root) to a whole bunch of Mac OS X systems (same user name and password for them all) at my school. The Network Admin already knows this because I told him and we're on a good basis. I want to put together some type of PoC for him and the district guy (his boss). Is it possible to write a script or something that can SSH into a bunch of different IPs with the user and pass already given (because they are all the same...) and execute a given command after logging in?

Thanks.

Link to comment
Share on other sites

  • 2 weeks later...

Yeah... And the really sad thing is that it's a district wide image, meaning essentially ALL computers have the same passwords (OS X and XP machines have the same passwords for similar accounts). That's kind of why I want to put together a PoC and hopefully get them to realize what somebody *could* do... Like setup a botnet that bruteforces, sayyyy... the proxy server that restricts internet access for THE ENTIRE DISTRICT to sites on its blocked list? Or maybe even bruteforce the local servers that contain the grade databases? Or (assuming they have some type of IDS... I hope...), one could simply DDoS the proxy server or local servers...

Keyloggers are an option, but AFAIK, there is nothing that can be done to disable Deep Freeze remotely. Deep Freeze gives an attacker quite the advantage though... Once a computer is shut off, all logs are gone for good... Profit? lol

Anyways, I'm still not sure what I should do with the PoC? I mean, I have root access, I could do anything... I've checked out some cool commands/scripts that could disable the Dock via terminal, use the default OS X screen saver as the desktop background, etc. but I want to do something that would illustrate the potential for malicious things to occur. I found that OS X has say. I found a script that can manipulate the volume, so I *could* setup a mass Mac "botnet" saying "All your bases are belong to us" ;)

Any ideas?

Link to comment
Share on other sites

Lol. That would be something. I wonder what the look on the sysadmin's face would be.

Doing a DDoS of the proxy that filters traffic would probably raise some eyebrows if everyone is unable to get access to the internet (if it's set up the way I think it is.. Squid/Dan's guardian type thing)

Link to comment
Share on other sites

I *could* setup a mass Mac "botnet" saying "All your bases are belong to us" wink.gif

You need to do that NOW.

I'm serious. Not only is it totally harmless, but also hilarious and super noticable! What could go wrong?

All you need to do is write a script that loops the say command and then RDP into every single computer during the school day and cron it to execute just before class ends. BEST. PRANK. EVER.

EDIT: It looks like your original question about installing the script automatically is still unanswered. I've got nothing.

EDIT: It would be really hard, but if you could swap the blacklist and whitelist on the filter proxy, that would be pretty funny. Imagine, Wikipedia blocked and 4chan allowed. Or make /b/ the home page! THAT would be funny.

EDIT: Hold on a sec. You said that you were on good terms with the SysAdmin, but you also said you were trying to get his boss's attention. Are you trying to convince him to change the root password, or do you want him fired?

Link to comment
Share on other sites

All you need to do is write a script that loops the say command and then RDP into every single computer during the school day and cron it to execute just before class ends. BEST. PRANK. EVER.

EDIT: It looks like your original question about installing the script automatically is still unanswered. I've got nothing.

Actually, I'm quite certain I'll go with Sparda's suggestion. It's just what I was looking for.

EDIT: Hold on a sec. You said that you were on good terms with the SysAdmin, but you also said you were trying to get his boss's attention. Are you trying to convince him to change the root password, or do you want him fired?

I've already had a talk with his boss... After the SysAdmin told him what he knew about me *at the time*, his boss was skeptical, so he came down to my school the next day. I was told he said something along the lines of "I don't think we have any students that smart..." (Although I didn't take any credit for being able to run Ophcrack... I also explained to him that *anybody* could use it and it's the most mainstream way to crack Windows passwords/). We had a conversation about how I was able to boot Ophcrack from my flash drive, crack all of the passwords within a few minutes, and how I implemented the same passwords on the Mac systems. I then also told them how easy it is to completely disable Deep Freeze and re-enable it without them every having reason to be suspicious. He was taking notes the whole time... :)

Link to comment
Share on other sites

  • 2 weeks later...

Put this script in the crontab. Every 5 minutes should do.

osascript -e "set volume output volume 100" ;

say -v Xarvox "This is my password. There are many like it, but this one is mine.

My password is my best friend. It is my life. I must master it as I master my life.

My password, without me, is useless. Without my password, I am useless."

Link to comment
Share on other sites

Put this script in the crontab. Every 5 minutes should do.

osascript -e "set volume output volume 100" ;

say -v Xarvox "This is my password. There are many like it, but this one is mine.

My password is my best friend. It is my life. I must master it as I master my life.

My password, without me, is useless. Without my password, I am useless."

rotfl

Link to comment
Share on other sites

Had the same problem with my current SysAdmin at school. Except we had Windows XP computers, all routing to a ntwork logon domain. And we deep freeze and the lot. So I told the principal they could care less. I then found that there backup was hosted on the network and could be access by ANYONE. I got the Student information list. And put it on everyones desktop, then 're-froze' it.

Alert the press and it'll be hillarious. News Headline: "Kid hacks into school, administrators careless"

Good luck,

Juf

P.S. Give them a solution to their problem and they are more likely to listen to you.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...