Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Apple pentesting

from [Javier Blanque] Network Security [Permanent Link]
Subject: Re: Apple pentesting
Date: Thu, 7 Apr 2005 00:22:36 -0300
Another aproach is to divide the problem in two parts, the open source part of Mac OS X (Darwin and os third part tools added to the system) may be trying to exploit the same vulns detected into BSD variants and doing a walkthrough over the source code trying to see buffer overflows, array limits not checked and memory leaks (which is what are doing several security groups lately), and take the propietary part ( the Apple graphics, the tools) and try to make an attack plan by working with the known bugs in Quicktime or other tools, or by generating conditions of DOS giving the tools very long parameters or unexpected input. Applescript can be a great tool to automate pen testing of graphics tools within the MAC OS X environment. With TIGER, the new 'Automator' tool may make even easier to make automated pen testing on the platform.
Public automated tools such as nessus will give you a preliminary view of the system, but nothing too deep, albeit it is a good sanity check.
Best regards,
Javier Blanque

El 06/04/2005, a las 10:21, Todd Towles escribió:

 Hey, Thanks guys,

It was my mistake...I was talking in front of my mind for a bit. Yesterday was a rough day, sorry for the confusion. Cory, sorry for taking my displeasure of the day out on ya..my bad. I understand that Apple has a very good security image and does inform their users.

As far as pen-testing, Nessus is a good start, but false positives are possible and they should be double checked with another tool or manually. You will get both Mac OS X and UNIX type vulns. The other links provided by the other members give some holes to check. I was surprised to not find any attack info on packetstormsecurity as well.

http://www.osvdb.org/ - Found several vulns for Mac OS X

http://secunia.com/product/96/ - Mac OS X Vulnerabilities - Secunia

Also, look at the other apps that are installed. If you do get local access to the box, then installed apps and maybe unpatched local access will help you gain higher access.

-----Original Message-----
From: Javier Blanque [mailto:javier@blanque.com.ar]
Sent: Tuesday, April 05, 2005 4:40 PM
To: Todd Towles; Julian Totzek
Cc: <pen-test@securityfocus.com>
Subject: Re: Apple pentesting

In general Corporations like Apple, Microsoft, Sun, Cisco,
etc. do not help attackers to their products, even for good
reason (pen testing), they do not give more than is needed to
know about a bug. But Apple has been doing its homework about
patching and describing these vulns. You should check at:
http://www.macsecurity.org/
http://www.securemac.com/
and google for "mac security"
Best regards,
Javier Blanque

El 05/04/2005, a las 14:47, Todd Towles escribió:

Nessus does work against Macs, the problem with testing
Macs is they 
never released vulnerability statements..never. If a hole is found,
Apple releases a patch and no ones says anything. If Microsoft did
this..everyone would go crazy.





[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Apple pentesting, Mike
Next by Date:  Fingerprinting Firewall, Prashant Gawade
Previous by Thread:  RE: Apple pentesting, Todd Towles
Next by Thread:  Recent threads, Chuck Fullerton
Indexes:  [Date] [Thread] [Top] [All Lists]