H@L0_F00 Posted February 7, 2010 Share Posted February 7, 2010 I have sudoer access (meaning I can "sudo su" and get root) to a whole bunch of Mac OS X systems (same user name and password for them all) at my school. The Network Admin already knows this because I told him and we're on a good basis. I want to put together some type of PoC for him and the district guy (his boss). Is it possible to write a script or something that can SSH into a bunch of different IPs with the user and pass already given (because they are all the same...) and execute a given command after logging in? Thanks. Quote Link to comment Share on other sites More sharing options...
Sparda Posted February 7, 2010 Share Posted February 7, 2010 http://www.manpagez.com/man/1/expect/ Quote Link to comment Share on other sites More sharing options...
barry99705 Posted February 10, 2010 Share Posted February 10, 2010 Use Apple Remote Desktop. Also, if the net admin knows a student has root access to the computers and hasn't changed the password, he needs his ass handed to him, then shown the door. Quote Link to comment Share on other sites More sharing options...
H@L0_F00 Posted February 20, 2010 Author Share Posted February 20, 2010 Yeah... And the really sad thing is that it's a district wide image, meaning essentially ALL computers have the same passwords (OS X and XP machines have the same passwords for similar accounts). That's kind of why I want to put together a PoC and hopefully get them to realize what somebody *could* do... Like setup a botnet that bruteforces, sayyyy... the proxy server that restricts internet access for THE ENTIRE DISTRICT to sites on its blocked list? Or maybe even bruteforce the local servers that contain the grade databases? Or (assuming they have some type of IDS... I hope...), one could simply DDoS the proxy server or local servers... Keyloggers are an option, but AFAIK, there is nothing that can be done to disable Deep Freeze remotely. Deep Freeze gives an attacker quite the advantage though... Once a computer is shut off, all logs are gone for good... Profit? lol Anyways, I'm still not sure what I should do with the PoC? I mean, I have root access, I could do anything... I've checked out some cool commands/scripts that could disable the Dock via terminal, use the default OS X screen saver as the desktop background, etc. but I want to do something that would illustrate the potential for malicious things to occur. I found that OS X has say. I found a script that can manipulate the volume, so I *could* setup a mass Mac "botnet" saying "All your bases are belong to us" ;) Any ideas? Quote Link to comment Share on other sites More sharing options...
Charles Posted February 20, 2010 Share Posted February 20, 2010 Lol. That would be something. I wonder what the look on the sysadmin's face would be. Doing a DDoS of the proxy that filters traffic would probably raise some eyebrows if everyone is unable to get access to the internet (if it's set up the way I think it is.. Squid/Dan's guardian type thing) Quote Link to comment Share on other sites More sharing options...
H@L0_F00 Posted February 21, 2010 Author Share Posted February 21, 2010 From some nmap scans, I have found some Blue Coat systems. I'm almost positive there will be more than one... I'll just have to do some more digging. Quote Link to comment Share on other sites More sharing options...
dylanwinn Posted February 21, 2010 Share Posted February 21, 2010 I *could* setup a mass Mac "botnet" saying "All your bases are belong to us" wink.gif You need to do that NOW. I'm serious. Not only is it totally harmless, but also hilarious and super noticable! What could go wrong? All you need to do is write a script that loops the say command and then RDP into every single computer during the school day and cron it to execute just before class ends. BEST. PRANK. EVER. EDIT: It looks like your original question about installing the script automatically is still unanswered. I've got nothing. EDIT: It would be really hard, but if you could swap the blacklist and whitelist on the filter proxy, that would be pretty funny. Imagine, Wikipedia blocked and 4chan allowed. Or make /b/ the home page! THAT would be funny. EDIT: Hold on a sec. You said that you were on good terms with the SysAdmin, but you also said you were trying to get his boss's attention. Are you trying to convince him to change the root password, or do you want him fired? Quote Link to comment Share on other sites More sharing options...
H@L0_F00 Posted February 23, 2010 Author Share Posted February 23, 2010 All you need to do is write a script that loops the say command and then RDP into every single computer during the school day and cron it to execute just before class ends. BEST. PRANK. EVER. EDIT: It looks like your original question about installing the script automatically is still unanswered. I've got nothing. Actually, I'm quite certain I'll go with Sparda's suggestion. It's just what I was looking for. EDIT: Hold on a sec. You said that you were on good terms with the SysAdmin, but you also said you were trying to get his boss's attention. Are you trying to convince him to change the root password, or do you want him fired? I've already had a talk with his boss... After the SysAdmin told him what he knew about me *at the time*, his boss was skeptical, so he came down to my school the next day. I was told he said something along the lines of "I don't think we have any students that smart..." (Although I didn't take any credit for being able to run Ophcrack... I also explained to him that *anybody* could use it and it's the most mainstream way to crack Windows passwords/). We had a conversation about how I was able to boot Ophcrack from my flash drive, crack all of the passwords within a few minutes, and how I implemented the same passwords on the Mac systems. I then also told them how easy it is to completely disable Deep Freeze and re-enable it without them every having reason to be suspicious. He was taking notes the whole time... :) Quote Link to comment Share on other sites More sharing options...
Charles Posted February 23, 2010 Share Posted February 23, 2010 Awesome. That's even better! Quote Link to comment Share on other sites More sharing options...
redxine Posted March 5, 2010 Share Posted March 5, 2010 There's a utility (for Linux, but I'll assume it compiles on Macs too) called clusterssh that sends commands to multiple ssh instances (say, in a cluster) all at once, making it easy to set them up all at once. http://sourceforge.net/projects/clusterssh/ Quote Link to comment Share on other sites More sharing options...
barry99705 Posted March 6, 2010 Share Posted March 6, 2010 Put this script in the crontab. Every 5 minutes should do. osascript -e "set volume output volume 100" ; say -v Xarvox "This is my password. There are many like it, but this one is mine. My password is my best friend. It is my life. I must master it as I master my life. My password, without me, is useless. Without my password, I am useless." Quote Link to comment Share on other sites More sharing options...
Tarbizkit Posted March 6, 2010 Share Posted March 6, 2010 Put this script in the crontab. Every 5 minutes should do. osascript -e "set volume output volume 100" ; say -v Xarvox "This is my password. There are many like it, but this one is mine. My password is my best friend. It is my life. I must master it as I master my life. My password, without me, is useless. Without my password, I am useless." rotfl Quote Link to comment Share on other sites More sharing options...
Juf Posted March 6, 2010 Share Posted March 6, 2010 Had the same problem with my current SysAdmin at school. Except we had Windows XP computers, all routing to a ntwork logon domain. And we deep freeze and the lot. So I told the principal they could care less. I then found that there backup was hosted on the network and could be access by ANYONE. I got the Student information list. And put it on everyones desktop, then 're-froze' it. Alert the press and it'll be hillarious. News Headline: "Kid hacks into school, administrators careless" Good luck, Juf P.S. Give them a solution to their problem and they are more likely to listen to you. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.