Jump to content

SSH and VNC access on *many* OS X systems

H@L0_F00

By H@L0_F00
in Security

 Share

Recommended Posts

H@L0_F00 Newbie

H@L0_F00

Posted
Posted

I have sudoer access (meaning I can "sudo su" and get root) to a whole bunch of Mac OS X systems (same user name and password for them all) at my school. The Network Admin already knows this because I told him and we're on a good basis. I want to put together some type of PoC for him and the district guy (his boss). Is it possible to write a script or something that can SSH into a bunch of different IPs with the user and pass already given (because they are all the same...) and execute a given command after logging in?

Thanks.

Link to comment
Share on other sites
  • 2 weeks later...
H@L0_F00 Newbie

H@L0_F00

Posted
  • Author
Posted

Yeah... And the really sad thing is that it's a district wide image, meaning essentially ALL computers have the same passwords (OS X and XP machines have the same passwords for similar accounts). That's kind of why I want to put together a PoC and hopefully get them to realize what somebody *could* do... Like setup a botnet that bruteforces, sayyyy... the proxy server that restricts internet access for THE ENTIRE DISTRICT to sites on its blocked list? Or maybe even bruteforce the local servers that contain the grade databases? Or (assuming they have some type of IDS... I hope...), one could simply DDoS the proxy server or local servers...

Keyloggers are an option, but AFAIK, there is nothing that can be done to disable Deep Freeze remotely. Deep Freeze gives an attacker quite the advantage though... Once a computer is shut off, all logs are gone for good... Profit? lol

Anyways, I'm still not sure what I should do with the PoC? I mean, I have root access, I could do anything... I've checked out some cool commands/scripts that could disable the Dock via terminal, use the default OS X screen saver as the desktop background, etc. but I want to do something that would illustrate the potential for malicious things to occur. I found that OS X has say. I found a script that can manipulate the volume, so I *could* setup a mass Mac "botnet" saying "All your bases are belong to us" ;)

Any ideas?

Link to comment
Share on other sites
Charles Newbie

Charles

Posted
Posted

Lol. That would be something. I wonder what the look on the sysadmin's face would be.

Doing a DDoS of the proxy that filters traffic would probably raise some eyebrows if everyone is unable to get access to the internet (if it's set up the way I think it is.. Squid/Dan's guardian type thing)

Link to comment
Share on other sites
dylanwinn Newbie

dylanwinn

Posted
Posted
I *could* setup a mass Mac "botnet" saying "All your bases are belong to us" wink.gif

You need to do that NOW.

I'm serious. Not only is it totally harmless, but also hilarious and super noticable! What could go wrong?

All you need to do is write a script that loops the say command and then RDP into every single computer during the school day and cron it to execute just before class ends. BEST. PRANK. EVER.

EDIT: It looks like your original question about installing the script automatically is still unanswered. I've got nothing.

EDIT: It would be really hard, but if you could swap the blacklist and whitelist on the filter proxy, that would be pretty funny. Imagine, Wikipedia blocked and 4chan allowed. Or make /b/ the home page! THAT would be funny.

EDIT: Hold on a sec. You said that you were on good terms with the SysAdmin, but you also said you were trying to get his boss's attention. Are you trying to convince him to change the root password, or do you want him fired?

Link to comment
Share on other sites
H@L0_F00 Newbie

H@L0_F00

Posted
  • Author
Posted
All you need to do is write a script that loops the say command and then RDP into every single computer during the school day and cron it to execute just before class ends. BEST. PRANK. EVER.

EDIT: It looks like your original question about installing the script automatically is still unanswered. I've got nothing.

Actually, I'm quite certain I'll go with Sparda's suggestion. It's just what I was looking for.

EDIT: Hold on a sec. You said that you were on good terms with the SysAdmin, but you also said you were trying to get his boss's attention. Are you trying to convince him to change the root password, or do you want him fired?

I've already had a talk with his boss... After the SysAdmin told him what he knew about me *at the time*, his boss was skeptical, so he came down to my school the next day. I was told he said something along the lines of "I don't think we have any students that smart..." (Although I didn't take any credit for being able to run Ophcrack... I also explained to him that *anybody* could use it and it's the most mainstream way to crack Windows passwords/). We had a conversation about how I was able to boot Ophcrack from my flash drive, crack all of the passwords within a few minutes, and how I implemented the same passwords on the Mac systems. I then also told them how easy it is to completely disable Deep Freeze and re-enable it without them every having reason to be suspicious. He was taking notes the whole time... :)

Link to comment
Share on other sites
  • 2 weeks later...
barry99705 Veteran

barry99705

Posted
Posted

Put this script in the crontab. Every 5 minutes should do.

osascript -e "set volume output volume 100" ;

say -v Xarvox "This is my password. There are many like it, but this one is mine.

My password is my best friend. It is my life. I must master it as I master my life.

My password, without me, is useless. Without my password, I am useless."

Link to comment
Share on other sites
Tarbizkit Newbie

Tarbizkit

Posted
Posted
Put this script in the crontab. Every 5 minutes should do.

osascript -e "set volume output volume 100" ;

say -v Xarvox "This is my password. There are many like it, but this one is mine.

My password is my best friend. It is my life. I must master it as I master my life.

My password, without me, is useless. Without my password, I am useless."

rotfl

Link to comment
Share on other sites
Juf Newbie

Juf

Posted
Posted

Had the same problem with my current SysAdmin at school. Except we had Windows XP computers, all routing to a ntwork logon domain. And we deep freeze and the lot. So I told the principal they could care less. I then found that there backup was hosted on the network and could be access by ANYONE. I got the Student information list. And put it on everyones desktop, then 're-froze' it.

Alert the press and it'll be hillarious. News Headline: "Kid hacks into school, administrators careless"

Good luck,

Juf

P.S. Give them a solution to their problem and they are more likely to listen to you.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...