remote login Trojan, Trying to make a program that will select remote login. |
remote login Trojan, Trying to make a program that will select remote login. |
 May 18 2008, 04:44 PM
Post
#1
|
|
 Group: Members Posts: 299 Joined: 27-January 08 From: USA Member No.: 11772  |
******** EDIT Begins **********
6/25/08 EDIT *IMPORTANT* For Visitors: QUOTE The following links to our knowledge base contain further information on this subject, including Solutions, Discovery, Templates, and more: ARDAgent exploit & Com.apple.SystemLoginItems.plist Exploit - Spratt_ ******** EDIT Complete ********** So the deal is I'm trying to write a script that will locate preferences--->sharing--->and then select remote login if there is write privileges. This will be my first attempt at making something that does this so please give me a break. what language should I use? perl? what compiler? Xcode? The program also has to run in the background or imbed it in a file or document of some kind. Once again I have no experience here so please help all you can. p.s. please don't write the code and say heres an example, I'll end up copying most of it. -------------------- -Lokin-
|
 |
 
|
|
|
|
lokin remote login Trojan May 18 2008, 04:44 PM
callmenames QUOTE(callmenames @ May 17 2008, 10:06 AM... May 18 2008, 05:08 PM
lokin And I have.
I've forgotten all about preferenc... May 18 2008, 09:54 PM callmenames Ok, step one is to figure out which file(s) are ch... May 18 2008, 10:24 PM lokin Ok, well using fseventer I found that just clickin... May 19 2008, 01:48 PM callmenames For instance... restart. Open Terminal and type..... May 19 2008, 01:31 PM callmenames CODEls -alo /System/Library/LaunchDaemons/ssh.plis... May 19 2008, 01:55 PM lokin Ok. I get it.
The next problem is that that comman... May 20 2008, 02:04 AM callmenames There are ways to have things run under the root a... May 20 2008, 12:29 PM lokin So, If I add launchctl load -w /System/Library/Lau... May 20 2008, 07:41 PM callmenames Yes, although what constitutes an 'executable ... May 20 2008, 08:03 PM lokin O sweet. how should I save that file? does it matt... May 21 2008, 12:23 AM callmenames How should you save which/what file? An AppleScri... May 21 2008, 12:44 AM lokin QUOTE(callmenames @ May 20 2008, 10:44 PM... May 21 2008, 01:50 AM callmenames You need more help with it than me giving you the ... May 21 2008, 01:57 AM lokin You're a quick one to reply...
I was under the... May 21 2008, 02:30 AM callmenames Inside the Applications folder should be a folder ... May 21 2008, 02:44 AM lokin So close.... gotta love a syntax error
A identifie... May 21 2008, 02:59 AM callmenames RE: remote login Trojan May 21 2008, 03:02 AM lokin Hmm well I did all that it was found in my login i... May 21 2008, 03:20 AM callmenames What does 'found in my log in items' mean? May 21 2008, 11:06 AM callmenames Do you have write access to /Library/Preferences/c... May 21 2008, 05:45 PM lokin QUOTEWhat does 'found in my log in items' ... May 21 2008, 07:05 PM lokin ok made it in textedit added the name of my script... May 21 2008, 07:46 PM callmenames The Login Items shown in System Preferences are ru... May 21 2008, 07:31 PM callmenames What says that? May 21 2008, 07:58 PM lokin system preferences. May 21 2008, 09:03 PM callmenames What can I do to convince you to stay out of Syste... May 21 2008, 09:37 PM lokin Lol, ya I know you've pointed that out.
It sti... May 21 2008, 10:44 PM lokin And everything as far as I can tell is in place.(e... May 21 2008, 10:47 PM callmenames What does "It still isn't working" m... May 21 2008, 11:13 PM lokin When I simply try and open com.apple.SystemLoginIt... May 21 2008, 11:47 PM callmenames And if you run Terminal and enter
ssh 127.0.0.1
W... May 22 2008, 12:03 AM lokin Well if I ssh my self then it does nothing conside... May 22 2008, 01:27 AM callmenames No, the AppleScript run-only application bundle ca... May 22 2008, 01:36 AM lokin Well it all seems to be in order, I'll play ar... May 22 2008, 04:04 AM Squid Hehe, I remember writing an applescript that did t... May 22 2008, 04:04 PM lokin Was it similar?
My main problem is that once I hav... May 23 2008, 02:28 AM Squid QUOTE(lokin @ May 23 2008, 03:28 AM) Was ... May 24 2008, 04:07 AM Oktane I think I'm missing pieces here can you explai... May 24 2008, 09:21 AM lokin That was my original idea.
Because making it run o... May 25 2008, 02:52 PM callmenames You could place the file inside your application b... May 23 2008, 10:34 AM callmenames GOAL: Enable Remote Login without user interaction... May 24 2008, 11:46 AM callmenames Incidentally, launchctl only applies to 10.4 and 1... May 24 2008, 03:43 PM callmenames Are you saying that you have no access, at all, to... May 25 2008, 02:57 PM lokin Ya chances are I won't ever have physical acce... May 25 2008, 09:22 PM callmenames Sigh. So then your actual question is either how t... May 25 2008, 10:07 PM Oktane It would be nice if the trojan emailed you the tar... May 25 2008, 10:46 PM callmenames No point even discussing that part until the big m... May 25 2008, 11:12 PM lokin QUOTEIs the user an absolute moron with admin priv... May 26 2008, 02:55 AM callmenames I think you will get as much success from this as ... May 26 2008, 03:27 AM Oktane QUOTE(callmenames @ May 26 2008, 03:27 AM... May 26 2008, 10:54 AM lokin That one is impressive.
I have to learn applesript... May 26 2008, 02:40 PM Siph0n Making a replica of the Mac OS X password prompt a... May 26 2008, 08:35 AM callmenames QUOTE(Siph0n @ May 26 2008, 06:35 AM) Mak... May 26 2008, 11:23 AM Oktane QUOTE(callmenames @ May 26 2008, 11:23 AM... May 26 2008, 12:05 PM lokin Sorry, I'v been gone on vacation. Love coming ... May 26 2008, 02:44 PM callmenames http://www.google.com/search?q=%22with+adm...%22+a... May 26 2008, 01:11 PM Oktane I did it:
CODE
tell application "System Eve... May 26 2008, 01:14 PM callmenames QUOTE(Oktane @ May 26 2008, 11:14 AM) I m... May 26 2008, 01:49 PM Oktane 1. Start up XCode
2. Select “File -> N... May 26 2008, 02:02 PM callmenames QUOTEdo shell script "command" user name... May 26 2008, 01:31 PM callmenames CODEtry
if text of (do shell script "echo... May 26 2008, 02:13 PM Oktane QUOTE(callmenames @ May 26 2008, 02:13 PM... May 26 2008, 02:33 PM callmenames No, not at all. For some of us, the effort is the ... May 26 2008, 02:51 PM Oktane Wait a second I wasn't doing a teaching/learni... May 26 2008, 03:01 PM callmenames Suit yourself, as always. Whether you are intentio... May 26 2008, 03:11 PM Oktane Truce, I got what your saying next time when I pos... May 26 2008, 03:17 PM callmenames CODE--Variables
set admin_user to false
set root_a... May 26 2008, 05:02 PM Oktane Thanks, I'm working on combining what you just... May 26 2008, 05:57 PM Oktane This has been skiddie proofed!!!
CODEo... May 26 2008, 07:15 PM callmenames QUOTE(Oktane @ May 26 2008, 05:15 PM) set... May 26 2008, 08:01 PM callmenames QUOTE(Oktane @ May 26 2008, 05:15 PM) set... May 26 2008, 08:19 PM Oktane QUOTE(callmenames @ May 26 2008, 08:19 PM... May 26 2008, 08:40 PM callmenames QUOTE(Oktane @ May 26 2008, 06:40 PM) Can... May 26 2008, 08:51 PM callmenames QUOTE(Oktane @ May 26 2008, 05:15 PM) -- ... May 26 2008, 09:00 PM Oktane i am currently working on that cause I don't h... May 26 2008, 09:02 PM callmenames QUOTE(Oktane @ May 26 2008, 07:02 PM) I a... May 26 2008, 09:14 PM Oktane QUOTE(callmenames @ May 26 2008, 09:14 PM... May 26 2008, 09:19 PM callmenames QUOTE(Oktane @ May 26 2008, 07:19 PM) YES... May 26 2008, 09:28 PM Oktane The first ip address of my traceroute is that of m... May 26 2008, 09:34 PM callmenames QUOTE(Oktane @ May 26 2008, 07:34 PM) The... May 26 2008, 10:03 PM callmenames QUOTE(Oktane @ May 26 2008, 08:28 PM) How... May 26 2008, 10:49 PM lokin This is getting beyond me.
Callmenames your script... May 26 2008, 08:50 PM callmenames QUOTE(lokin @ May 26 2008, 06:50 PM) Call... May 26 2008, 08:56 PM Oktane QUOTE(lokin @ May 26 2008, 08:50 PM) try ... May 26 2008, 08:56 PM callmenames QUOTE(Oktane @ May 26 2008, 06:56 PM) I a... May 26 2008, 09:02 PM Oktane I am testing the trojan on my other computers on m... May 26 2008, 09:09 PM callmenames QUOTE(Oktane @ May 26 2008, 07:09 PM) I a... May 26 2008, 09:16 PM callmenames QUOTE(lokin @ May 26 2008, 06:50 PM) This... May 26 2008, 10:16 PM Oktane How can we make the Applescript email us the resul... May 26 2008, 10:28 PM lokin Send results ~/Public/.howdy to your ip through po... May 26 2008, 11:34 PM lokin They are coming along I downloaded an e-book on ap... May 26 2008, 11:30 PM callmenames In looking back over my posts I must say I can no ... May 27 2008, 12:08 AM callmenames Did you guys get it working yet? Need a hint? :)
... May 27 2008, 01:02 AM lokin After a minute or two of pasting....
CODEset admi... May 27 2008, 01:15 AM callmenames You have the "if admin_user then" block ... May 27 2008, 01:27 AM Oktane I had an idea for the con aspect:
You use a previ... May 27 2008, 06:39 AM callmenames QUOTE(Oktane @ May 27 2008, 04:39 AM) I h... May 27 2008, 11:58 AM Oktane Name the application "vacation" then use... May 27 2008, 02:49 PM  |
| Lo-Fi Version | Time is now: 7th September 2010 - 11:42 PM |
