- #Macos malware years runonly applescripts avoid install#
- #Macos malware years runonly applescripts avoid free#
- #Macos malware years runonly applescripts avoid mac#
A better approach might be uploading a tempting. I like the email idea but it requires that your friend be using Apple Mail. This part requires some action from the thief. Now you should have a port on the thief's external IP (that you got from Dropbox) which will get you directly to the port SSH should be bound to on the MacBook. Many routers have SSH access turned on, so accessing the thief's IP port 22 might get you to the router shell rather than the machine shell. Use some external port other than 22, (port 2222 for example) and forward that to port 22 of the MacBook's IP.
#Macos malware years runonly applescripts avoid mac#
A lot of routers will show MAC (hardware) Adress, assigned internal IP address (192.168.1.x most often) and most importantly, the machine name.įigure out which IP is assigned to the MacBook and then set up a port forward to it in the router's settings. Once inside, check the DHCP client listing on the router and see if you can find the MacBook. It's amazing how many people leave their default router/modem passwords in place, and there are lists online where you can find default passwords for most major manufacturers. If I were in your position, holding the thief's IP, I'd first try to log in to the web interface of their router and see what I can do from there. The upside of a broadband connection is that the IP address will almost definitely change less often than with dialup. Unlike his situation, where the thief was using a dialup modem, it's almost certain, since newer Macs don't do dialup, that the thief is using a broadband connection, and is behind some kind of NAT router.Įven if SSH were enabled on the machine, port forwarding would have to be set up on the router for you to access the machine's SSH listening port from the outside. The key to doing something similar to what Zoz did is getting SSH access. It sounds like you're competent with shell scripting and just need an attack vector. We'll make sure to check with the police before we do anything to ensure we don't break any laws. I know this question is basically about writing a form of malware, but I'd love to be able to emulate my hero from the What Happens When You Steal a Hacker’s Computer DEF CON lecture. Applescript? Has anybody got any better ideas than pushing a Dropbox file to it? Is there a way to do this without user accepting security popups?ĭoes anybody have any tips here? I've written plenty of shell scripts, but was wondering if other OS X options might be better, e.g.
#Macos malware years runonly applescripts avoid free#
It sounds like I might be able to use the mail command (to a free e-mail account of course)? I'm not sure of the best way to send this info back though. browser history, look for iPhone backups, etc. Make the file a shell script to slurp up as much useful info as possible, e.g.Is there any way to do this without the user being made aware?
#Macos malware years runonly applescripts avoid install#
Install some sort of key logger to send all the info back to the owner.I'm guessing I'll only get one shot at this, so wanted some ideas on the best thing to do. I was considering pushing an enticing file into Dropbox to get the user to click on it. The original owner isn't a techie, so she's very unlikely to have turned on any of the remote control features like SSH, VNC etc (I've e-mailed her to ask).The original owner's Dropbox is still synchronizing, which gives us the IP address each time it comes online.
0 kommentar(er)
