ichthuz Posted December 22, 2006 Posted December 22, 2006 I've just begun work on a backdoor for mack os 10.4.0 and greater using a combination of applescripts. best cas scenario i will build a fully functioning trojan with applescript and integrate it into a mac veersion of the USB switchblade... another project which i have ideas for. If anyone is interested in helping please PM me. I am looking for good applescripters and Coacoa programmers for the Switchblade. Peace ichthuz Quote
Sparda Posted December 22, 2006 Posted December 22, 2006 Wouldn't some thing like this have to run as root? Quote
cooper Posted December 22, 2006 Posted December 22, 2006 Why would you require root? Sure, it'll be handy to have, but what in the above concept actually requires root privs? Quote
ichthuz Posted December 23, 2006 Author Posted December 23, 2006 I am going to test soon how mac osx handles different types of usb keys. worst case just put it on an ipod and overflow itunes Quote
rFayjW98ciLoNQLDZmFRKD Posted December 23, 2006 Posted December 23, 2006 Ha, another person trying to find a major unpatched flaw in a Unix based OS /me laughs Quote
ichthuz Posted December 23, 2006 Author Posted December 23, 2006 not an unpatched flaw... and unpatched feature microsoft style! Quote
Sparda Posted December 23, 2006 Posted December 23, 2006 Privilege escalation isn't a bug, it's a feature! Quote
ichthuz Posted December 24, 2006 Author Posted December 24, 2006 it wont work care to elaborate? i think it will.. ill have soem code by the end of the month. Quote
Sparda Posted December 24, 2006 Posted December 24, 2006 Ignore melodic, he's just a mac fan boy lol, and like all mac fan boys when ever some one makes a claim about mac OS security not been up to nick, he gets all in your face and tries to make you go away (much like Scientoloagists do when you state how obviously fake there religion is). Quote
ichthuz Posted December 24, 2006 Author Posted December 24, 2006 (much like Scientoloagists do when you state how obviously fake there religion is). lol i've decided i like you! Quote
ir0cku55 Posted January 3, 2007 Posted January 3, 2007 You guys get so offensive when someone says something you don't like. Go cry a river babies. Just because he said it won't work doesn;t mean hes trying to make you go away or that he a mac fan boy you windows fag. All he said was it won't work and you get all defensive. maybe he is just stating a fact. BTW I believe he is right BECUASE IT IS IMPOSSIBLE TO write a virus on applescript alone, how you gonna get the user to execute the script, how are you going to propagate the virus? What major flaws are you going to use? It also seems like you want help for you so called virus applescript since you asking for good programmers. DO the shit yourself and come back and prove us wrong. It maybe possible or not but as far as i know it won't work, so next time someoone says that do get so bent out of shape and start crying over a person who may or may not love macs. BTW if it does work ill give you 500 hundred bucks. NO IM SERIOUS. I really want to see an applescript virus for mac not MACK lolololol No that doesn't mean Mac os x security is solid it mean I would really love to see an applescript virus, GOD SIT BACK IN YOUR SEAT Quote
moonlit Posted January 3, 2007 Posted January 3, 2007 Oooh, OK, Chill there ir0cku55... Someone may have over-reacted in this thread and I'm not sure I'm going to bother pointing out who it was. However, I will say that is this thread doesn't get back on track soon it's liable to be locked. Oh, and welcome ir0cku55, just a note: we all know that melodic *is* our resident Mac fanboy and we love it... ;) Quote
ichthuz Posted January 4, 2007 Author Posted January 4, 2007 Oooh, OK, Chill there ir0cku55...Someone may have over-reacted in this thread and I'm not sure I'm going to bother pointing out who it was. However, I will say that is this thread doesn't get back on track soon it's liable to be locked. Oh, and welcome ir0cku55, just a note: we all know that melodic *is* our resident Mac fanboy and we love it... ;) aighty moonlit im sorry my thread has gotten so explosive. i never meant for this to happen. to avoid taking this further off track i will not defend myself against irock publicly (although i will pm him) i also am going to have example code VERY soon. this is not yet a fully functioning trojan but it does some stuff Quote
VaKo Posted January 4, 2007 Posted January 4, 2007 You know that the best way to get the payload to the target is something along the lines of a free iTunes voucher, Mac users won't have that same level of innate paranoia you'd find in a PC user. Quote
Deveant Posted January 4, 2007 Posted January 4, 2007 Mac users won't have that same level of innate paranoia you'd find in a PC user. lol thats a fair comment lol. Not that im a malicios person or anythink, but i would really like to see a virus for Mac that is devistating lol, as mentioned not coz im malicios just coz im sick of all the Apple Vs. MS adds, like were wondows is dressed up in the fake nose and glasses, its getting anoying (hope u guys also get these ad's other wise i sound like a knob). and also all my frineds going out and spending 4k on an Ibook coz they belive security is key (they have no media authoring ideas at all <_<). Would love to help u out, though sadly i have no real experience with applescript or Mac's in general, on that of the days of the old school yard, sneaking over to a friends house so we can play LSL, and Strip the bar maid ^_^. Quote
darkphan Posted January 5, 2007 Posted January 5, 2007 Mac users won't have that same level of innate paranoia you'd find in a PC user. lol thats a fair comment lol. Not that im a malicios person or anythink, but i would really like to see a virus for Mac that is devistating lol, as mentioned not coz im malicios just coz im sick of all the Apple Vs. MS adds, like were wondows is dressed up in the fake nose and glasses, its getting anoying (hope u guys also get these ad's other wise i sound like a knob). and also all my frineds going out and spending 4k on an Ibook coz they belive security is key (they have no media authoring ideas at all <_<). Would love to help u out, though sadly i have no real experience with applescript or Mac's in general, on that of the days of the old school yard, sneaking over to a friends house so we can play LSL, and Strip the bar maid ^_^. If it was possible to write a "devistating" (or any for that matter) virus using applescript, don't you think it would have been done by now, after all, OS X has been around for just about 5 years (10.0 came out on March 24, 2001). Now, there are and have been exploits for OS X, and there will continue to be, but, they do get patched. The fact remains, there are 0, zero, zip, nada, etc Virus's for OS X. There had been some "proof of concept" claims, but, those required the user to do something, type their admin password, etc. As you may have guessed, I am a Mac user. I have been since around October or so of 2005, when I received my Unix workstation at work, a 17" Powerbook. I was hooked. I have since bought a Power Mac G5, as well as a 20" iMac (Core Duo). Not only is OS X superb, but the machines are damn sexy looking too! In the year - year and a half, I have been able to concentrate on working on my machine, and not working my machine. (I am sure I will get flamed as being a fanboy, etc, and frankly, I am, and proud of it) Quote
Privateer Posted January 5, 2007 Posted January 5, 2007 The biggest obstacle for a switchblade type attack on a Mac will probably be CD Autorun. This, as previously stated, would require some sort or user interaction. I am far from a Mac expert, but I do not doubt that you will be able to achieve some malicious activity using applescript. From my limited use of applescript/applescript studio/xcode, it appears to be rather robust and admitably enjoyable to use. Quote
PoyBoy Posted January 6, 2007 Posted January 6, 2007 Yonder Knaves. There are such things as well kept secrets. Do you honsetly think that the mac os has no unpatched or soon to be patched flaws in it? EVERY OS ever made has undocumented "features" built in. Back on topic, you could execute a bash command in applescript, open a new terminal perhaps and then pull an "ever so elegant" sudo passwd root, as your average mac user doesnt know what BSD is and thinks roots are part of plants or when their hair dye is slightly past its prime. Also, nobody turns off applescript, as many programs require it to work correctly, so there is no problem in executing the script however you choose to. Oh ya, if you want your virus to work for more than three days, I recommend having a closed dev environment and a full blown NDA Quote
ichthuz Posted January 6, 2007 Author Posted January 6, 2007 okay i have a basic prototype up now : workflow: posting link hold on a sec .app file: posting ink hold on a sec this version is only passive spyware which gives me system info but nothing more. i will continue working however. i have an idea to have it connect to a specified site where i will post instructions via applescript. also there are a few functions which might help in developing a keylogger..maybe Quote
PoyBoy Posted January 6, 2007 Posted January 6, 2007 I really like the idea of a framework that is set is installed and fetches instructinos, as long as this phase is very efficient, so a noticable bandwidth spike isnt created (not likely, but had to say it) Quote
ichthuz Posted January 6, 2007 Author Posted January 6, 2007 it would be simple. just write a script that every hour checks the site. say microsoft.com/mactrojan.php for an applescript then executes it. with automators built it execute applescript function it would be transparent. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.