Re: [PEN-TEST] MAC Vulnerability Scanner

From: Vitaly Osipov (vosipovat_private)
Date: Thu Apr 26 2001 - 02:01:09 PDT

  • Next message: Chris Tobkin: "Re: [PEN-TEST] Solaris"

    If your macs are running MacOS X, which is pretty much BSD-based, you can at
    least try to scan it as a BSD box and then based on the results try some bsd
    exploits for 68k processor or whatever... at least it gives some clues...
    
    it seems that default install is very unprotected, somewhat like default
    redhat install - it even has portmapper running there - I attached here
    results of "netstat -a" and "ps -aux" of a PowerBook (not mine, I don't know
    much about Mac, I asked a friend to run those commands on his machine). I
    guess soon we'll have lots of bsd exploits ported to mac with a mac-specific
    shellcodes :)))
    
    Btw, I heard about Macs being heavily used by US government - is that true?
    :)))
    
    regards,
    Vitaly Osipov
    Security Consultant
    
    Wolfe Group
    Phone: +353 1 6238311
    Fax: +353 1 6238312
    Mobile: +353 87 9370088
    http://www.wolfegroup.com
    
    ----- Original Message -----
    From: "Kimberly Novobilsky" <kmnovoat_private>
    To: <PEN-TESTat_private>
    Sent: Monday, April 23, 2001 9:01 PM
    Subject: [PEN-TEST] MAC Vulnerability Scanner
    
    
    > Does anyone know of a good freeware or commercial product that will scan
    > Mac's for vulnerabilities?
    > --
    > /-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/
    > Kimberly M. Novobilsky                      Voice 216.433.2524
    > Network Security Analyst                Fax   216.433.8000
    > Verizon, Federal Network Systems    Pager 216.549.3834
    > NASA Glenn Research Center
    > 21000 Brookpark Rd. MS 142-1
    > Cleveland, OH 44135
    
    
    



    This archive was generated by hypermail 2b30 : Thu Apr 26 2001 - 08:06:46 PDT