Mac hacked in 2 minutes

[Eros]

Vista Laptop was Won!: Congratulations to Shane Macaulay from Security Objectives - he has just won the Fujitsu U810 laptop running Vista Ultimate SP1 after it was installed with the latest version of Adobe Flash. Not only is he the official winner of the Fujitsu laptop, but also $5,000 from us. Shane received some assistance from his friends Derek Callaway (also from Security Objectives) and Alexander Sotirov. If you'll also remember, Shane Macaulay was Dino Dai Zovi's on-site team member at last year's PWN to OWN event in which they ultimately took the top prize.

The new Adobe Flash 0day vulnerability that Shane exploited has been acquired by the Zero Day Initiative, and has been responsibly disclosed to Adobe who is now working on the issue. Until Adobe releases a patch for this issue, neither we nor the contestants will be giving out any additional information about the vulnerability. You will be able to track the vulnerability on the Zero Day Initiative upcoming advisories page.

Above pictured is Aaron from TippingPoint on the left officiating in front of the Fujitsu laptop, while Shane Macaulay and his pwnage assistants Alexander Sotirov and Derek Callaway (next from left to right) refine the Adobe Flash exploit.

So at the end of the last day of the contest, only the Sony VAIO laptop running Ubuntu was left standing.

We had an awards ceremony tonight where we officially handed out both winning laptops as well as brand spankin' new Zero Day Initiative laptop bags. Here are a couple of pics of the happy winners:

Above pictured is Charlie Miller whose team won the MacBook Air and $10,000 on day two of the contest.

Above pictured is winner Shane Macaulay on the right showing off the spoils of victory with his friend Alexander Sotirov on the left.

http://dvlabs.tippingpoint.com/blog/2008/0...day-and-wrap-up

[rtk]

We a company called MSI in our hospital this week, doing security checks via DDOS attacks, etc on our network to see how secure we our, we run a strict MS network and so far they've managed to bring down 5 systems since Monday

Windows is scary.

If they didn't manage to bring down every system in the building, it wasn't a very good DDOS attack. I'll assume you actually meant they DDOS attacked your gateway(s), in which case you'll need to figure out what's wrong with your routers if a single machine went down.

If the "etc" includes internal security testing, and they managed to break into 5 windows systems, that's a failure by your IT department. As is evidenced by the fact that no one took home the 20,000 dollar prize on the first day, running a current and fully patched OS from Apple, MS or Ubuntu provides a very secure platform against network based attacks.

and your reply to the windows PC, is actually true, it was done in my Security Class before i graduated, just like i also used the MMC to remotely connect to a machine across the classroom and edited their registry(entrys in MMC go to registry) to lock their startmenu, edit permissions. and at a LAN party as a practical joke, inserted a couple porn vid's to a friends startup. if i have physical access to it but its locked, i can BART it, remove the PW, load the registry into BART Edit that, and do whatever else to the system

there is no Bull***, its fact as iv done it, my job requires me to break into a system @ customers request, or recover files/information if they can no longer access their computer

Not to be offensive, but you sound like you just discovered the ping of death download for win95. If hacking into a remote machine via a LAN was still possible without an admin password, we'd be reading about the guy that walked away with 20k, not 10 or 5.

Most of the posters here can break into a system and recover files given physical access, as usual there's of course free tools available for us all to download.

Vista Laptop was Won!: Congratulations to Shane Macaulay from Security Objectives - he has just won the Fujitsu U810 laptop running Vista Ultimate SP1 after it was installed with the latest version of Adobe Flash.

Ah, good ol' adobe flash, MS couldn't have asked for a better ad for silverlight.

[include]

no one in this thread has said anything close to that.

Exactly...I like how he assumed we were all thinking that...

[Jock Horror]

LOL@All: The Ubuntu 7.10 machine remained unhacked.

[Knife Party]

'' So at the end of the last day of the contest, only the Sony VAIO laptop running Ubuntu was left standing. '' -- haha, OSX isnt that secure afterall, now is it? and its great sitting behind ubuntu right now, laughing at you dear Apple followers who are so arrogant and ''OSX is soo secure'' .

a healthy dose of reality never did anyone no harm

[CoolBits]

Here's a picture of Charlie (in the foreground) exploiting the MacBook Air from his own laptop, while Aaron from TippingPoint verifies the pwnage in real time.

http://dvlabs.tippingpoint.com/blog/2008/0...er-with-picture

LOL he is using a macbook... now we know what hackers use and why osx has no viruses and windows so much hehe

/joke

[mocax]

When a system's security is in question, it means the system is getting really popular.

Microsoft be scared.

Now it's Linux's turn.

[Jock Horror]

^Linux isnt perfet, but it is so goddam hard to hack/ harm that people dont bother :cool:

[Unto Darkness]

Well that assumption isn?t correct,can you explain why OSX had a surge in vulnerabilities the last 2 years? (aprox)

Obviosuly the OS has evolved since,but evolved negatively or positively? i have no doubt that has evolved in a positive manner,however the switching to the x86 architecture,the introduction of new features not related to designers,and the increasing user base,this bring a whole new choices of configurations in every system.

This reason make me belive that OSX is entering a dangerous era,in few words OSX isnt a Multistellar OS,and this transision will cause a lot of damage,this menas that apple has no idea in wich terrain is entering,competing with an expierenced and dominant Windows,that has been testes and tested by hundreds of million people all over the world,with i may say infinite configurations,and this is the day that winows still has problems with drivers from many manufacturers.

Apple proposed this chanllenge

and Microsoft says ?bring it on?

Excellent argumen(Y)(Y)

id have to disagree and say Linux Zealots, lol, with Mac close behind, but Mac VS Windows, yea Mac

They are Zealots for a reaso;) ;)

Wrong. Currently they are a lot more secure because there just aren't nowhere near as much real security threats circulating for Mac. Infact the number of those is close to ZERO.

Have they ever spread very far or were able to do anything harmful?

So if Vista will reach the marketshare XP has (won't happe:woot:ot: ) it will be as unsecure as XP?

Your argument is flawed.

Seriously, if you want to really secure your system, this is how:

1) Turn it off

2) Remove the harddrive, RAM and processor

3) Put each component in an airtight and awesomely secure compartment

4) Put them in a Swiss Vault

5) Start praying so that no one carpet bombs that plac:laugh:gh:

[mocax]

^Linux isnt perfet, but it is so goddam hard to hack/ harm that people dont bother :cool:

But when people start bothering to hack a Linux desktop, it's an indication that Linux has finally hit mainstream.

I'm looking forward to that indicator.

[Brandon Live Veteran]

there was more involved then going to a site

and your reply to the windows PC, is actually true, it was done in my Security Class before i graduated, just like i also used the MMC to remotely connect to a machine across the classroom and edited their registry(entrys in MMC go to registry) to lock their startmenu, edit permissions. and at a LAN party as a practical joke, inserted a couple porn vid's to a friends startup. if i have physical access to it but its locked, i can BART it, remove the PW, load the registry into BART Edit that, and do whatever else to the system

there is no Bull***, its fact as iv done it, my job requires me to break into a system @ customers request, or recover files/information if they can no longer access their computer

You're describing things that are documented as supported features / functionality on Microsoft.com, not hacks. If you're connecting via MMC / remote registry, you already have admin permissions on the box. Of course you can screw with it, you're an admin.

If you have physical access to the machine, you own it. You can install another OS and read any unencrypted data, mess with the OS, or even just install a new one. Any idiot script kiddie can do that. And not just to Windows, they can do it to Linux or Mac OS just as easily.

If you really want to talk smack, then do something interesting, like:

1) Compromise EFS encrypted data

2) Retrieve a user's password (not reset it). Of course, that's not really possible unless the user actually types it in for you

3) Compromise a domain-joined machine's network credentials

4) Compromise a BitLocker'd machine

Of course, what everyone is really worried about are things like remote code execution and elevation of privilege attacks. Somehow I'm not too worried about you or your security class finding any of those.

[whocares78]

Right :rolleyes: and Vista and UAC is bulletproof too.

the issue with your comment, is that most people dont claim vista and UAC are bullletproof, yet a majority of mac users do make such claims about osx

not true.

and what system do you claim cannot be compromised with physical access??

clicked the damn wrong button.

as he said that is not a physical access hack. do you actually know what a physical access hack means?

Edited March 30, 2008 by whocares78

[whocares78]

You have to be on the same network as the machine, and have the Admin password to do that...

but he did a security class :) so he must be right, i am sure the class teacher has been hacking for years and knew everything about hacking(NOT)...

[Mordkanin]

Ah, good ol' adobe flash, MS couldn't have asked for a better ad for silverlight.

Ha! Perfect!

Side note: Have there been any Silverlight security vulnerabilities yet?

[whocares78]

you missed where i said "connect to a machine across the classroom"

and all passwords can be bypassed, or gotten

noone missed the point, they just stated the obvious, i think you may have missed the point. across the classroom is on the same network and you still needed the admin password or an administrative account to use.. e.g. i am domain admin on my lan and as a result can do whatever i like to any machine on the network.

p.s. not all passwords can necesarily be bypassed or gotten.. you may have used an elevated privelegde expliot or somethign to get the admin password which is totally different from what you described, but anyway i think i wil pass on using your great expertise to test my security...

Wouldn't help. I know people that have Bachelors in Computer Science that can hardly even use a computer.

i know people with MCSE's that have no idea how to change an IP address, anyone that knows IT knows all certs mean is that you can read books :)

[Miuku.]

the issue with your comment, is that most people dont claim vista and UAC are bullletproof, yet a majority of mac users do make such claims about osx

"Majority of americans are stupid". - See what I did there?

Don't make assumptions based on vocal people on the net - they don't represent more than a fraction of any OS user base, maybe even less. Just because you read a few blogs or forums where people claim this or that doesn't suddenly make "majority" agree with them.

Edited March 30, 2008 by daPhoenix

[sheer]

Simple fact of the matter is, whatever OS your using, if you don't visit the website in the spam email, you don't get compromised. Perhaps more should be done by ISPs and free email hosts etc in terms of detecting and closing down the machines which spew the endless streams of spam emails rather than just focusing on operating system and browser a, b or c having flaws.

[thugilex]

no more apple !

[REM2000]

I think it's good to know that Microsoft's efforts towards security has paid off with a now secure OS. Obviously all users operating a computer of any OS still need to maintain it (i.e. download updates)

Im a Mac user and i hope that Apple are quick to patch this hole in safari, as long as the holes are not too stupid ive never had a problem with them being discovered as i know that something as complex as an OS is bound to have holes in it here and there, what really shows me strength is the speed in which these hole are fixed.

It's also good to see the Linux distribution with the most attention (ubuntu) come through with flying colors, as a large share of ubuntu users are switchers coming from another OS (such as windows and Mac OS X) it's good to know that while they are learning there way around the OS they are being protected.

(on a slightly different note i am still not convinced with Vista, i use a dual boot XP/Vista Ultimate x86 SP1 machine at work P4 3.4GHZ 2GB RAM SATA HDD's nVidia 7600GT. My machine has a couple of niggles with Vista, the hard disks are always thrashing away, there is not many docs on my computer as they reside on the server, after a week i would have thought it would have subsided after a couple of weeks. I also have a niggle where Vista will lose network connectivity, it shows as connected but it won't talk to the network, ive tried updated drivers. My XP OS is much faster without any of the above issues.

The reason why i mention this long winded side note is that Vista's excellent performance through the hacking contest gives me a lot of hope for the next release of Windows.)

[wellofsouls]

No but vista is much more secure than OSX

statistical results prove it

shhhhhhhhh

I'd love to see your "statistical results".

Not said by the people who know,imagine all this vulnerabilities in Mac OSX with this tiny market share,then imagine if Mac OSX has 93% of market share (DANG!),now imagine that windows (Vista and XP) has lesser vulnerabilites with 750 million computers than OSX with 50 million pc at the most,and im being optimistic.

Can you see the breach?

Hope so,otherwise i'm so sorry :)

No one can see it unless you can tell us exactly how many vulnerablilities are in OS X and how many are in Windows.

[Hell-In-A-Handbasket]

on the MMC/Remote Registry NO Sh** when did i say i didnt have the PW, i wasnt an admin of that box though, slack*** part on the actual admin for having a week/widely known PW.

for your talk smack stuff

(1) Recovery ( not reset) of EFS passwords/hash's i personally dont use it as i dont need EFS recovery (found via link below) ( 2 for 1 special)

(2) see above, or This Thread i found this page trying to find the name of the program i actually use by the name of Petter N Hagen ( Linux based PW tool )

(3)as far as i know, the network credentials are authenticated against the server and not stored on the local machine, only the local PW is

(4)here is your bitlocker thing,, i knew about the Bitlocker/Filevault bypass, this is just a videoBitlocker Bypass Video

there is your requested info ( except 3 as i didnt really answer it )

You're describing things that are documented as supported features / functionality on Microsoft.com, not hacks. If you're connecting via MMC / remote registry, you already have admin permissions on the box. Of course you can screw with it, you're an admin.

If you have physical access to the machine, you own it. You can install another OS and read any unencrypted data, mess with the OS, or even just install a new one. Any idiot script kiddie can do that. And not just to Windows, they can do it to Linux or Mac OS just as easily.

If you really want to talk smack, then do something interesting, like:

1) Compromise EFS encrypted data

2) Retrieve a user's password (not reset it). Of course, that's not really possible unless the user actually types it in for you

3) Compromise a domain-joined machine's network credentials

4) Compromise a BitLocker'd machine

Of course, what everyone is really worried about are things like remote code execution and elevation of privilege attacks. Somehow I'm not too worried about you or your security class finding any of those.

FileVault Sucks

yet a majority of mac users do make such claims about osx

there are remote password retrieval tools, so yes they can, its just a matter of how long it will take a person to break it. so STFU and get off the bandwagon and go back to MickyD's your late for work

about my instructor/class he was CCNE as well MS, and it was not a hacking class moron

p.s. not all passwords can necesarily be bypassed or gotten.. you may have used an elevated privelegde expliot or somethign to get the admin password which is totally different from what you described, but anyway i think i wil pass on using your great expertise to test my security...

Edited March 31, 2008 by Hell-In-A-Handbasket

[rtk]

Ho boy...

on the MMC/Remote Registry NO Sh** when did i say i didnt have the PW, i wasnt an admin of that box though, slack*** part on the actual admin for having a week/widely known PW.

Guessing a weak password isn't really hacking of course.

(1) Recovery ( not reset) of EFS passwords/hash's i personally dont use it as i dont need EFS recovery (found via link below) ( 2 for 1 special)

Hopefully your instructor told you that uploading your sam to a questionable third party is about the worst thing you could do to a company.

(2) see above, or This Thread i found this page trying to find the name of the program i actually use by the name of Petter N Hagen ( Linux based PW tool )

These types of tools have been around more than 20 years now, it's nothing new to anybody.. We've all heard of or used L0pht, cain and able, pwreset.. the list goes on. None can help remotely crack a pc, they all need to get at the sam via an administrator password or boot disk. Not a remote hack.

(3)as far as i know, the network credentials are authenticated against the server and not stored on the local machine, only the local PW is

Research "cached credentials" Domain or AD or Active directory.

(4)here is your bitlocker thing,, i knew about the Bitlocker/Filevault bypass, this is just a videoBitlocker Bypass Video

We all knew about the new cold boot attack on encryption keys, now make it work... without downloading someone else's tool, otherwise you're the security equivalent of a script kiddie.

there are remote password retrieval tools, so yes they can, its just a matter of how long it will take a person to break it. so STFU and get off the bandwagon and go back to MickyD's your late for work.

Yup, there sure is... ALL require admin access to get the sam.

about my instructor/class he was CCNE as well MS, and it was not a hacking class moron

Hmmm, many of the posters (myself excluded) can be a source of incredible information, and many know far more about security than either myself, you or your instructor could hope to learn in a lifetime.

You'll gain no respect by calling knowledgeable people morons, you just make yourself look silly.

[Hell-In-A-Handbasket]

never said anywhere that i hacked anything, crack/hack are 2 different things

never said uploading sam anywhere, was talking about on the machine itself, or moving the sam to a different machine

i know those tools are old, never said they were new, and i don't remember saying anything about remotely attacking the sam ( if im wrong please quote that part )

im not a programmer, tried learning it but wasn't my thing, i don't do anything illegal, and everything is at request, and a script kiddie just uses the tools and doesnt know how it does it, that they just push a button and it does it, i actually know, so i doubt i qualify as a script kiddie, i don't do the bitlocker bypass and dont need to do it, it was listed because it was requested. and i didnt say any of those programs were for remote password retrieval, it wasn't asked for remote password retrieval, just for password retrieval, and i have said multiple times then i have access to the machine when asked to recover the password

found Cached AD/Domain, wasnt aware of the cache, and when required to change/get AD-Domain pass, we just changed it and had user change it to something else on next login, so thank you for pointing that out ( not said in anger ) as wasnt aware of it/forgot it if it was brought up in class as haven't messed with AD in over 3 years (Server 2003 was not even being deployed when i messed with AD, so it was all 2000 stuff)

about the gaining respect, i dont care, im not here in search of it, and in the thread i have given answers multiple times, so the person can alter what was asked, or totaly revoke the answer like it didnt exist because it wasnt good enough for them / didnt belive it. because they have it in their head that it doesnt exist, i know linux people that are the same way when their linux box crash's in front of their face, and they deny it crashed/locked, and when asked why it did it, they deny it doing it because " it cant", just like Windows/Mac users to the same extent.

this thread was made as nothing more then to flame mac like they were some sort of security wall of godness, thinking windows machines were somehow better because it wasnt attempted until after the Mac was won,, it was the Air,the flavor of the month, of course people are going to target that first, and of course the person that did the iPhone jailbreak could do it do fast, he probably used the same website. but somebody comes in to an anti-mac thread and not only Agreeing to the issues regarding Mac security and pointing out that its not only Mac but Windows,, people go apesh**. ok you win, Windows are impervious to all things, i dont know squat and my career in computers for 15 years is just a waste of my time i should go do trash collecting or something.

Peace Out

Ho boy...

Guessing a weak password isn't really hacking of course.

Hopefully your instructor told you that uploading your sam to a questionable third party is about the worst thing you could do to a company.

These types of tools have been around more than 20 years now, it's nothing new to anybody.. We've all heard of or used L0pht, cain and able, pwreset.. the list goes on. None can help remotely crack a pc, they all need to get at the sam via an administrator password or boot disk. Not a remote hack.

Research "cached credentials" Domain or AD or Active directory.

We all knew about the new cold boot attack on encryption keys, now make it work... without downloading someone else's tool, otherwise you're the security equivalent of a script kiddie.

Yup, there sure is... ALL require admin access to get the sam.

Hmmm, many of the posters (myself excluded) can be a source of incredible information, and many know far more about security than either myself, you or your instructor could hope to learn in a lifetime.

You'll gain no respect by calling knowledgeable people morons, you just make yourself look silly.

[whocares78]

"Majority of americans are stupid". - See what I did there?

Don't make assumptions based on vocal people on the net - they don't represent more than a fraction of any OS user base, maybe even less. Just because you read a few blogs or forums where people claim this or that doesn't suddenly make "majority" agree with them.

i make assumptions on what i know and hear from working in IT and uninformed users telling me what they think and the most common thing i hear about macs is they are bulletproof my old boss used to even try to tell me macs were bulletproof of course he was a draftsman who just happened to know the most about computers quite a few years before i came along so got the job as it manager, and believe me i dont just go on what LTD says and i do realise not all mac users are stupid enough to make such claims. p.s. from expierience i have to also agree with you that a vast majority of americans are stupid although there are some inteligent ones over there, as with anything there are majoritys and minoritys

[whocares78]

there are remote password retrieval tools, so yes they can, its just a matter of how long it will take a person to break it. so STFU and get off the bandwagon and go back to MickyD's your late for work

about my instructor/class he was CCNE as well MS, and it was not a hacking class moron

when it takes you more than a year to brute force a secure password then i aint worried and dont count that as cracking a password becasue i would have changed it by the time you can get it.. and there are also ways to avoid/ minimise the chance of someone even getting to your sams in the first place, but hey your security course should have covered that, hell pick up hacking for dummies and it will tell you (as well as all the stuff you have said in previous posts).

i am slightly worried your instructor of a security course (security/hacking/cracking its all basically the same thing really its all symantecs that i dont waste my time with that crap) had no security certifications e.g. Security+, CISSP, etc etc cisco and MS certs dont make you a security guru. and anyway i think i said earlier certs mean nothign when it comes to knowing what your talkign about and i have found the people that insist on getting more and more certs are the ones that have no clue. but thats just my opinion from my expierience dont take that as me bagging you in any way.

and honestly a job at maccyd's i am guessing that is mcdonalds, is honestly a tempting choice after 12 years working with computers, but i was leaning more towards a job as a lawnmower man, ahh not having to worry about servers going down and customers threatening to sue you cause your software doesnt work as they think it is supposed to.