Notes
Here you can post notes about your findings, like information about files you think you shouldn't have had access to, ways to own this poor Mac, or just a final message before you rm it.
If you don't have the balls to ruin my life by rm'ing, feel free to tell me how you managed to own it. Remember to check the private checkbox to not post your note to the public.
Each posted note will be emailed to me so i can read an eventual final note before this box is rm'd
Last 50 posted notes (reload)
Mar 14, 18:56 CET
You're asking for the log files, but you overlook that, if the exploit is a fraud, fake log files can also be written. Yes, this is harder to do, but still, it is possible
Mar 14, 18:21 CET
Post the fucking logs you fraud!
Mar 14, 05:05 CET
Does a mechanic who spotted an oil leak have a duty to fix it for the owner, or even tell the owner? sure, its a nice gesture, but I don't see how it'd be a duty..
Mar 13, 18:31 CET
<h1>oh my god</h1>
Mar 13, 06:02 CET
Duty to report the vulnerability?
Why do you say that? Since when does anyone have to do other people's quality assurance, and checking for them?
Mar 10, 17:16 CET
"web logs"?
You sir have no idea what was asked for. If the hacker had access to the logs, we should see a gap in the logs. And, there are several sets of logs that are generated in UNIX. Web logs might tell you something about the web, but I'm more interested in the system or the shell history. There is also the gigantic 'everything.log', crash logs, shell histories, etc.
Maybe if you had some system-level knowledge you'd understand that IF the logs were provided, we would be able to determine what happened and how.
Mar 10, 14:57 CET
You should get Andrew G to explain the exploit. If there was an exploit, it's his and your duty to come forward with it for everyone's benefit. Without this explanation, your credibility will wane and wither and people will continue to accuse you of making it all up.
Mar 10, 14:49 CET
'SUOMI FINLAND PERKELE!'
MAIS PASKA.
Mar 10, 14:49 CET
'USER bugs in 2005/2006? Didn't that die out in the 80's?'
Dunno, but Macintoshes did. Haha.
Mar 10, 14:42 CET
'No clue what i'm doing on here. But i'm having fun.'
Yep. Must be a Mac fanboy. Haha.
Mar 10, 14:41 CET
SUOMI FINLAND PERKELE!
Mar 10, 14:41 CET
'There 's no way that any user in their right minds would let you create a home account on their machine over the internet, and then allow you access via SSH.'
No, but it could happen in a corporate network, couldn't it, you dimwit? In a corporate network where 80% of the intrusions still take place?
You people are pathetic. Here someone can own your box in less than thirty minutes - what are you going to do next, hold your breath until you turn blue? Please be our guests - start now!
You don't know anything about security in this context because no major corporation anywhere has yet to implement OS X boxes.
You guys are funny. Well not so funny actually. More like pathetic and annoying and hopeless.
Mar 10, 14:38 CET
Boy oh boy. With these Mac fanboys hovering around like flies at a picnic demanding to see the web logs - not much hope for the world, is there?
Hey you MORONS - this was a privilege escalation contest. They already had access to the machine in a non-privileged account. You MORONS!
Rather typical for Mac fanboys, isn't it?
Mac fanboys tremble in a huddle and hug each other tightly, desperately.
Mar 09, 22:35 CET
qw
Mar 09, 18:36 CET
Isn't it interesting that you REFUSE to publish the log files from the date/time of the attack and then CLAIM there's nothing in them.
Prove it. Post all the logs from that time so the world can have a look.
Looks like this whole thing is a fraud.
Mar 09, 00:33 CET
No clue what i'm doing on here. But i'm having fun. Thanks for the shell so I can learn. :)
Mar 08, 16:44 CET
Another day and still no logs from the date and time of the attack. I guess it never really happened, did it?
Mar 08, 08:29 CET
My little greetings message disappeared from the logs :P Nah, it had <pre> tag missing so it hides all the rest of the log...
Mar 07, 18:14 CET
Please post the server logs from the time of the attack and the root shell history. Let's see what was happening on the system at the time it was compromised.
Mar 07, 12:10 CET
You bet, the real thing is at http://test.doit.wisc.edu/
Mac OS X User
Mar 07, 12:07 CET
how can i delete this computer?
Mar 07, 10:43 CET
adfgdasfgdsfgsdgf
Mar 07, 04:38 CET
i forked your dumb ass - that's what you get for giving me a shell account, retard. give me an account on your Windows box now and let the REAL fun begin.
Mar 07, 04:31 CET
Hi,
I'm a hopeless Mac fanboy. Can I please trashtalk you and your site so that I can feel better about my platform of choice? Ideally none of my rantings would have any grounding in reality.
Thanks!
Mar 07, 04:31 CET
Hi,
I'm a hopeless Mac fanboy. Can I please trashtalk you and your site so that I can feel better about my platform of choice? Ideally none of my rantings would have any grounding in reality.
Thanks!
Mar 07, 00:45 CET
well... whats the big fuzz about? Mission is not accomplished yet... If the aim is winning the superbowl, and all you do is winning a backyard game with your little sister, you got along way to go...
Mar 06, 23:21 CET
Can you post the system logs when the exploit was carried out. How about the shell logs from root during the same period? I'd love to see what's in those logs.
Mar 06, 23:07 CET
"There 's no way that any user in their right minds would let you create a home account on their machine over the internet, and then allow you access via SSH." >> Umm, dude, have you been to http://freeshell.org ?
Mar 06, 22:33 CET
Well OSX is vulnerable to a fork bomb.
Mar 06, 21:47 CET
This is a joke. Try a real hack here.
http://test.doit.wisc.edu/
Mar 06, 17:39 CET
Re: "There 's no way that any user in their right minds would let you create a home account on their machine over the internet, and then allow you access via SSH."
Check out http://docs.info.apple.com/article.html?artnum=303382
Safari
CVE-ID: CVE-2006-0387
Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.5, Mac OS X Server v10.4.5
Impact: Viewing a malicious web page may cause arbitrary code execution
Description: By preparing a web page including specially-crafted JavaScript, an attacker may trigger a stack buffer overflow that could lead to arbitrary code execution with the privileges of the user. This update addresses the issue by performing additional bounds checking.
There is your home account, thanks to a Safari exploit. This one is patched, but there will always be another...
Mar 06, 17:36 CET
Mar 06, 17:34 CET
Oh, I'm also loving the pop-under ads when I leave the site. You may as well generate some income off of the traffic from all the press.
Go, go captialism!
Mar 06, 17:30 CET
So the guy who hacked the machine only hacked Apache? I thought the intention was to rm the box. Has anyone hacked anything beyond the Apache pages?
Mar 06, 16:15 CET
you're an idiot
Mar 06, 15:57 CET
My reply doesn 't seem to get posted once more, so I 'm sorry if this turns out to be a double post again, but hey, I don 't run this site ...
I 'm nothing but a noob in this kind of thing (working on that though), but it seems to me like the code below proves your point. So I 'll grant you that.
But now on to the real world. There 's no way that any user in their right minds would let you create a home account on their machine over the internet, and then allow you access via SSH.
So ... Nice try, but I doubt there 's any real danger here.
Doesn 't mean Apple shouldn 't know about this, though.
Mar 06, 15:54 CET
My reply doesn 't seem to get posted once more, so I 'm sorry if this turns out to be a double post again, but hey, I don 't run this site ...
I 'm nothing but a noob in this kind of thing (working on that though), but it seems to me like the code below proves your point. So I 'll grant you that.
But now on to the real world. There 's no way that any user in their right minds would let you create a home account on their machine over the internet, and then allow you access via SSH.
So ... Nice try, but I doubt there 's any real danger here.
Doesn 't mean Apple shouldn 't know about this, though.
Mar 06, 15:48 CET
<h1>blah
Mar 06, 13:09 CET
Buffer overflow in ping and traceroute.
Vulnerability summary:
The ping and traceroute programs used in Mac OS X are vulnerable to
a buffer overflow when resolving a hostname. In the case of ping a
hostname gets copied into a static buffer which is 80 bytes long. For
traceroute the hostname gets copied into a static buffer which is 50
bytes long as shown by the following code snippets:
ping:
char * pr_addr(u_long l) {
struct hostent *hp;
static char buf[80];
if ((options & F_NUMERIC) ||
!(hp = gethostbyaddr((char *)&l, 4, AF_INET)))
(void)sprintf(buf, "%s", inet_ntoa(*(struct in_addr *)&l));
else
(void)sprintf(buf, "%s (%s)", hp->h_name,
inet_ntoa(*(struct in_addr *)&l));
return(buf);
}
traceroute:
char * inetname(struct in_addr in) {
register char *cp;
static char line[50];
struct hostent *hp;
static int first = 1;
...
if (first && !nflag) {
first = 0;
...
}
cp = 0;
if (!nflag && in.s_addr != INADDR_ANY) {
hp = gethostbyaddr((char *)&in, sizeof (in), AF_INET);
if (hp) {
...
cp = hp->h_name;
}
}
if (cp)
(void) strcpy(line, cp);
...
Impact:
When properly exploited this yields local root.
Mar 06, 13:06 CET
malloc() logging enabled for suid applications.
Vulnerability summary:
The malloc() function within the libSystem library on Mac OS X uses several
environment variables to enable various logging functionality.
The description of one of these variables, “MallogLogFile” taken from the manual page is
shown below:
MallocLogFile <f> Create/append messages to the given file
path <f> instead of writing to the standard
error.
An error exists in the fact that malloc() will still pay attention to this variable when an
application is suid root.
The following code taken from libSystem (libc) illustrates this:
flag = getenv("MallocLogFile");
if (flag) {
fd = open(flag, O_WRONLY|O_APPEND|O_CREAT, 0644);
if (fd >= 0) {
malloc_debug_file = fd;
fcntl(fd, F_SETFD, 0); // clear close-on-exec
flag XXX why?
} else {
malloc_printf("Could not open %s, using
stderr\n", flag);
}
}
Impact:
A malicious user can set this variable before running a suid application in order to modify
any file on the system. This can be used in order to trivially escalate privileges on the
system.
Mar 06, 13:06 CET
Quote: "try to bang your head agaist it.. Tis stuuuupid I say! Oh and I bet those McApple's also don't auto-install ErrorSafe when visiting keygen-sites! It's made for your proteection dudes.. *sigh "
Muahahahah ... I love you man!
Mar 06, 12:32 CET
Oooh Apple soo sucks.. no intergration with windows software or those fancy wheather tools and stuff. And Windows got all sorts of tools like the Micorsoft AntiSpyware and Windows Firewall!!! It comes all in a colorfull security center that notices you everytime when.. wel.. everytime! So why don't all you noobs stick that oversized FancyPOD up your airshaft and try to bang your head agaist it.. Tis stuuuupid I say! Oh and I bet those McApple's also don't auto-install ErrorSafe when visiting keygen-sites! It's made for your proteection dudes.. *sigh
Ye.. If ur able to RM a mac.. AND people are able to get their hand on the Unreleased Windows sourcecodes.. RM those basterds! XD
Mar 06, 12:16 CET
My apologies for the double (three double *cough*) posts beneath, and for accusing you of censoring me, but er ... shouldn 't you have a look at this then? Seems like there 's a bug somewhere ...
Mar 06, 11:52 CET
You know, I 'm not an Apple fanboy, but I can do this too: put up a site like this and tell the world that my system has been hacked, but without giving any information whatsoever as to how it happened. I do believe there are numerous exploits in OSX, but if you really want to prove your point, at least make an effort to bring on real evidence. Otherwise, I just consider this a pathetic attempt to gain attention from the press, and maybe to discredit Apple because they sell proprietary software and make a profit off it.
Mar 06, 11:03 CET
Mac OS X wasn't created by god -- like any other software. If this box has gone down in 30 minutes, Windows boxes gone in way less than that. Be it a tablet, be it latop or a server.
But I really love this attention and cracking on Mac OS X's secutiry. This is going to make Apple look deeper at thier patching speed and may be patching systems. Some Linux systems are getting patched daily if not hourly.
Always remember, the biggest security hole in a system (Mac, Windows or anything else) is the un-aware user.
Mac OS X User
Mar 06, 05:24 CET
I suspect this box was compromised through the "backdoor". When i saw this box had been hacked i was very suprised. I thought Macs were invulnerable. I guess i should sell my powerbook and buy a tablet pc afterall. I hired the dvd 'hackers' to try and get a bit more insight into how this was achieved. They talk frequently of the "backdoor" and i can only assume they used apple's backdoor into this machine as it is fully patched. How else could they have hacked into it?
This gwerdna character seems somewhat fearsome. I think he hacked my Dad's hotmail a few weeks ago. He's someone the feds should look out for.
Mar 06, 04:43 CET
it appears as if this box has hit the news:
http://www.zdnet.com.au/news/security/soa/Mac_OS_X_hacked_in_less_than_30_minutes/0,2000061744,39241748,00.htm
still no real details about how the box was compromised though :~(
Mar 02, 00:12 CET
I suspect your assumption about reporting stuff to apple is wrong :)
As for learning something new, you can start off simpler stuff, such as coding in c (or if you wish to focus on macs, perhaps objective c) and once you're familiar with coding, branch out.
See how things can break, break software, learn assembly, etc. There is plenty to learn.
On the main page there is a link to pulltheplug, from there, vortex, which looks interesting. Try http://pulltheplug.org/wargames/vortex/ maybe?
Mar 01, 19:43 CET
Sorry if my earlier post didn't come across so well. I guess hackers aren't always the most sharing bunch. Also, I guess they may be keeping their cards close to their chest for reasons of contract with Apple [assuming they reported the vulns to them].
As you said, I'm not owed anything, and thanks for putting this site up to reinforce that Macs aren't invulnerable. I really was hoping to learn something new, but I'm not getting anywhere fumbling about on my own!
Feb 28, 23:56 CET
Things may not be shared because the people doing it doesn't want to share. Such is life, you're not owed anything.
This mac installation is fully up to date, and was still owned. Your average mac user won't be able to do any better than that.
Want better security? Probably better off using linux with grsecurity and pax enabled, and actually making use of that.
As for showing off, poor attempt to have things done your way.