Code: Select all
fsck -fyCode: Select all
mount -uw /Code: Select all
systemStarterCode: Select all
passwd root
Moxus wrote:Many thanks to the people who have made my years on MGM and on Halo Demo so memorable.
UM. WOW. i knew it wouldnt take long. though you log in as root via single user, you cannot command the GUI, not access components such as diskutil. Now even if you are in single user it does not mean root is enabled you idiot. you need to wait for netinfo or directory utility to load to access the ability to enable the root user. once you have gained FULL privileges to the OS THAT MAKES IT A SECURITY HOLE. thanks for your un necessary assholish reply. i am glad to see that the mac gaming community is still full of opinionated douche bags. This was again posted as a simple security whole. How do you 1337 hax0r propose a way to get into YOUR mac? The problem is the abillity to enable root within the OS from single user not change roots password while in root. /facepalmDirk Gently wrote:oh wow, so pro. You can reset the root password because you login as root. GJ
sorry if I am not phased by this at all, after cracking security permissions from a simple finder managed account this is child's play.
Also, enabling root account is a BAD idea because there is no need to be logged in as it under and normal circumstances. Sudo works just fine.
EDIT: it is not a security hole. It is BSD, so BSD is a security hole now. There goes all of OS X then.
no shit eh?codemonkey wrote:UM. WOW. i knew it wouldnt take long. though you log in as root via single user, you cannot command the GUI, not access components such as diskutil.
ofcourse, there is a reason why apple does not enable root on default, that is not needed, and leaves your computer open as a security risk.codemonkey wrote:Now even if you are in single user it does not mean root is enabled you idiot. you need to wait for netinfo or directory utility to load to access the ability to enable the root user.
Single user is hardly a security hole.codemonkey wrote:once you have gained FULL privileges to the OS THAT MAKES IT A SECURITY HOLE.
Since I have reported the ways I have broken into OS X tiger they have been since patched. If you get your hands on a mac that is tiger before 10.4.10 update you will be able to do the following:codemonkey wrote:thanks for your un necessary assholish reply. i am glad to see that the mac gaming community is still full of opinionated douche bags. This was again posted as a simple security whole. How do you 1337 hax0r propose a way to get into YOUR mac?
So... Many... Grammatical errors!codemonkey wrote: UM. WOW. i knew it wouldnt take long. though you log in as root via single user, you cannot command the GUI, not access components such as diskutil. Now even if you are in single user it does not mean root is enabled you idiot. you need to wait for netinfo or directory utility to load to access the ability to enable the root user. once you have gained FULL privileges to the OS THAT MAKES IT A SECURITY HOLE. thanks for your un necessary assholish reply. i am glad to see that the mac gaming community is still full of opinionated douche bags. This was again posted as a simple security whole. How do you 1337 hax0r propose a way to get into YOUR mac? The problem is the abillity to enable root within the OS from single user not change roots password while in root. /facepalm
so you dont see a guest user being able to sit down at your mac, load up single user (which takes nothing other than a restart holding the s key for you non privy people) and enable or change your root users password, log on as them and gain complete access to your file systems as a security hole? um ok.Dirk Gently wrote: Single user is hardly a security hole.
wow i bet it was just you and not the other thousands of people submitting bug reports and security reports to apple that made those changes. : /Dirk Gently wrote:Since I have reported the ways I have broken into OS X tiger they have been since patched. If you get your hands on a mac that is tiger before 10.4.10 update you will be able to do the following:
right click any document, openwith select the application you want to open it with. if you are not allowed to open said application then it will stop being launched. open an application that do have access to and go to the apple menu, recent documents and your application will be in that list. click that item and it will open.
Bypass all account permissions by running things from dashboard, dashboard acts as a separate user and is not subject to the same restrictions.
cp /location/to/master/password/file ~/Desktop/file
then use one of the two methods above to access a password cracker and wait.
so you are one of those, "too good for unix" people?codemonkey wrote:so you dont see a guest user being able to sit down at your mac, load up single user (which takes nothing other than a restart holding the s key for you non privy people) and enable or change your root users password, log on as them and gain complete access to your file systems as a security hole? um ok.Dirk Gently wrote: Single user is hardly a security hole.
now can we play nice?SecureMac.com wrote: Exploit
Step 1) Restart the computer (or turn it on if it's already off) while holding down the command and s keys at the same time. (If the computer is running Mac OS Public Beta, just press the s key.) They have root privileges at this moment, but now it's time to take advantage of these privileges.
Step 1.5) Type "/sbin/fsck -y". (Type this without the quotes, of course.) (This step really isn't necessary at all, but it just takes a second, and they might as well just do a quick check of the hard disk before mounting it.)
Step 2) Type "/sbin/mount -wu /" (This mounts the volume "/" with read/write access.)
Step 3) Type "/sbin/SystemStarter" (This starts the network services, which is necessary to gain access to NetInfo.)
Step 4) Here, one could now just type "passwd root" and override the existing root password with one of their own, or worse yet, someone could just get the current root password (and/or the administrative user account password) so the administrators of that computer don't know that their security has been compromised. One of the easiest ways to do this is to just type "nidump passwd ." and write down the root account's password hash. (The hash will be the text that looks like just a garbled mess of alphanumeric characters between two colons.)
Step 5) Now one can type up what they wrote down into a plain text file like the following example: "root:rQkFQ37SYveHw:0:0::0:0:System Administrator:/var/root:/bin/tcsh".
Step 6) Finally, they'll use a cracking program like John the Ripper for the PC, or the Meltino, a Classic Macintosh application, to crack the password hash.
And when it's finally cracked it, they've got the password!
I did not validate any of your statements, I am saying that everything you have said is cancelled out by the fact that you can install a firmware password. Last time I installed OS X I was able to install a firmware password. Also if it was not for this so called "security hole" I could not have fixed probably at least a dozen macs that had problems and could not boot.codemonkey wrote:and so now, you have only validated my previous statement that this is a problem, one which can be countered by setting the firmware password. unfortunately more people know how to do this even less than boot into single user.
also looking this up on the web will garner the same results
here is an examplenow can we play nice?SecureMac.com wrote: Exploit
Step 1) Restart the computer (or turn it on if it's already off) while holding down the command and s keys at the same time. (If the computer is running Mac OS Public Beta, just press the s key.) They have root privileges at this moment, but now it's time to take advantage of these privileges.
Step 1.5) Type "/sbin/fsck -y". (Type this without the quotes, of course.) (This step really isn't necessary at all, but it just takes a second, and they might as well just do a quick check of the hard disk before mounting it.)
Step 2) Type "/sbin/mount -wu /" (This mounts the volume "/" with read/write access.)
Step 3) Type "/sbin/SystemStarter" (This starts the network services, which is necessary to gain access to NetInfo.)
Step 4) Here, one could now just type "passwd root" and override the existing root password with one of their own, or worse yet, someone could just get the current root password (and/or the administrative user account password) so the administrators of that computer don't know that their security has been compromised. One of the easiest ways to do this is to just type "nidump passwd ." and write down the root account's password hash. (The hash will be the text that looks like just a garbled mess of alphanumeric characters between two colons.)
Step 5) Now one can type up what they wrote down into a plain text file like the following example: "root:rQkFQ37SYveHw:0:0::0:0:System Administrator:/var/root:/bin/tcsh".
Step 6) Finally, they'll use a cracking program like John the Ripper for the PC, or the Meltino, a Classic Macintosh application, to crack the password hash.
And when it's finally cracked it, they've got the password!
Users browsing this forum: Ahrefs [Bot] and 18 guests
