Hacking a Mac in 20 Seconds Or Less - 2014
Tip: Highlight text to annotate itX
this segment a pack 5 is brought to you by fresh box
we all know that it's always a really really bad idea to just leave your
computer setting out somewhere
for somebody to easily get physical access to it so today I wanted to give
you a great example of this
using a Mac because yes I do own a Mac
not by choice it's for work so today I'm going to show you this
very simple way to actually get into root access on a Mac and under 10
seconds with the USB
rubber ducky and I apologize in advance I have a cold so I might be a little bit
sniffly
you can also do this with the USB flash drive no mention that at the very end of
the article
now first of I'm just gonna show you the USB rubber ducky side
its pretty easy to do but I'll give you the exact right now non
everything that you have to do from just downloading the and ducky encoder
all the way down to actually putting the script on your Mac
let's go ahead and get started with the first part and this is just simply
downloading data ducky decoder in the firmware for your USB rubber ducky
now the most up to date version is available via article in the show notes
so I can go ahead and skip over that part because it's pretty simple
now I'm gonna go ahead and grab my USB rubber ducky
this guy right here and the second thing I want to do is
I'm gonna hold down the button on here and then plug it into my Linux box so
that I can
Ryan the USB flash dot s ace process so I can get be ducking cutter
aren't you here some gonna go help like this on my computer
yeah I think my finger slipped
so once I have this plugged into my computer I already have the terminal
open
and I'm going to type in LS USB to make sure that I can
verify that it shows up LSU sp and at the very bottom you see
a.m. top court now that is the USB rubber ducky so I've already verified
that it does show up
and it's been flashed her it does show up correctly know what I can do is go
ahead and flash
the hex in Kotor onto the USB rubber ducky so to do so I type then
pseudo flash dot SH
space and then doc underscore
version 2 .1 dot
hex and I press enter and of course it's going I asked me for my password
wrong password know what this does is
it erases any original data on the USB rubber ducky then it flashes it
and it's going to validate and finish flashing the entire duck so
great your USB rubber ducky should be in working order now I'm going to pull out
the rubber ducky
and then make a new script for this segment called source doc txt
now this is the script that is going to be placed onto the Macintosh
to create this vulnerability saw be able to basically route into it from
anywhere super fun someone unplug the USB rubber ducky
and go
okay next thing I want to do is I'm going to change the directory into my
ducking colder
photo older
so I went ahead and change the directory into my duck in colder folder on my
Linux
machine and you can see in here that I've already created this thing called
source doc txt and that is that text script that I'm going to be using
now when you first create the script it's just a simple text document and you
can copy and paste it straight from
article I'm gonna go ahead and nano into it so I can show you exactly what's
going on in this script
stone nano source start txt
okay so we see a whole buncha stuff going on
I'm gonna just skip down to about here so the first thing that we do is make a
director in this is making a directory
and ahead and directory actually got hit in
after that we're going to echo this script
into this compact that s H file so once you've echoed that information into
connect dot s
H you're going to change it to be an execute a bull file
then we are going to make another directory called launched a man's
and under here we're going to echo another
command in this is going to be appeal est and I scroll down here
so this echoed information this QS tree here
is going to be what happens whenever you turn on your Mac
at the very beginning down at the bottom
we also noticed that it's going to restart the connection every 60 seconds
so if you disconnect
on your listener device it'll be able to reconnect to the
shell and at the very end after you've created this
P list in turn into this condo Apple stock services file
you're going to see each month at $2,600 this launch control load it means that
this condo Apple Store service is top US does going to start up whenever you
start up your Macintosh
and then at the very end it mean shut down
right now so right after its loaded all that information on to the Mac it's
going to shutdown the Mac again so it looks like nothing's ever really happen
to the Mac
you can walk away and pretend well nobody ever even touched
the computer so it's a very simple script you just copy and paste that
onto your micro SD card for your USB rubber ducky
and you're good to go so once you have all that information
ready in your source that txt file you can compile it and install the script by
doing the following:
this is going to be Java Akshar
encoder dots are
tak
II source start txt
so this is impending source doc txt and outputting
TECO it as inject dot
been tech L
which means language US so basically what this is doing is compiling the
inputted script called source not txtn outputting
it to create inject not been with the US language keyboard layout
so it for example if you're using a UK keyboard layout on your Mac you can
change the very last part attack
L space UK or vice versa or what have you
so once you have that diana now press Enter and it's going to tell me that
it's loading the file
it's loaded the keyboard file everything is OK language to keep script and the
ducky script is complete so I know that everything is okay and everything went
well in this inject often so fils now
I see I have inject up in here and I also have source that txt if I need to
change anything in there
now at this point I can go ahead and move on to the next step which is
moving that inject not been to my duckie SD card
this is very simple you just type in new Mb
inject up then to your USP so mine is
flash media flash I think it's start with ate something
I guess I should plug in and make this work huh yeah
870 ok their nest
okay someone move it over there press Enter
hoops speller
okay so that has been moved over so that should be all set to go
and then I can LS over to media and it should be there someone and make sure
that this is cracked
LS media slash
us a its okay
there's my inject on that and i also have the stuff folder
okay so that is all set and ready to go now I can take the st. car on my
computer and plug it into my USB rubber ducky
and I also want to go ahead and make sure that I'm setting up my listening PC
while I'm at it on my Linux does
device so what this is doing you're going to be using the same website
import that used in your source that txt document from earlier
now you'll notice in the article that I'm mentioning as well as in the text
document that I created
earlier that it says wifi pineapple dot com
and then the port 1337 of course whatever your server might be
and whatever your port maybe that you decide to listen in on you can use
whichever one you choose and you can also check out my neck at series and
hack tips to figure out how to do that
in netcat because we're going to be using netcat with this example
so very simple to do as well gonna go ahead and unplugged this
from my machine their ago and I'll put this into my duckie
wanna bite it easier to get out
anybody doesn't know how to get your USB Micro SD card outta there
that's what I do I just buy it okay so this should be all set to go
so now I'm gonna set up the listener computer on here
so I should be able to do this by typing in SSH snubs
at wifi pineapple
dot com
cannot resolve wifi pineapple dock on name or service not known
so that obviously didn't work because I don't have the internet point and
let's try that again with Ethernet actually plugged in okay
so 50 that again was associates snubs at wifi pineapple dot com
had a promise I plugged it in this time
%uh it says cannot resolve when it
is a turn on 0 wired connection monitor this
and I'll put in my password
okay so I've establish my connection with wifi pineapple dot com now what I
can do is go ahead and run
the neck at command actually start listening on port 1337
to do this you type in NC tak
well tak p so that's listen
tech p is port and then 1337 is the port number
and press Enter nation see anything after this
until it actually has a port that is listening on it
get some kind information coming back to it so at this point
pretty much done on your Linux machine into we actually built
onto the Macintosh so I'm going to get on here
yes I know I caught it mcintosh like an old-school person
and I'm gonna shut down this machine
and you should see everything happening behind me
shut down
let's just take a couple seconds than what I'm going to do
is plugged in this USB flash drive without holding down the button
when it boots up so wait for this for a few minutes
so now we're going to plug anger had to restart
and when you're restarting hold down command
s the entire time eric s
okay so you can see that we've gotten a new route
I can go ahead and let go now now let it continue
okay so at the very end of the screen
I see route pound s that basically means
I'm in route so I'm good to go so now what I can do is plug in the ducky when
I get to that command prompt inscription automatically run in there's a delay of
about 2,000
on there so that it has time to you recognized ducky
it turns green and then as soon as you see the computer shut down
that means that everything is good to go so
when done you should be able to catch your shell and
listening computer will tell you that it's connected to
route alright so after a few seconds after the
mcintosh's been booted up i'd I already put in the NC tackle tact P 1337 so it's
listening
and then ill take a little while but eventually you'll see
bash no job control initial and annual show you
bash cell we are now in roots so we can have some fun
so first thing I wanted to try out was typing and who am I to see who it says I
am so let's try it
treatise okay a route awesome so I'm
actually the easiest this is hilarious so now I can try to do you let's see
change directory all change it to you
a user their ego
tab completion does not work so
I can do you see the snobs what's in here
I can show my desktop so CD desktop
and I did mention this is my work computer so I have like
all my stuff on my Twitter star that's hilarious
let's see I can go into you see the shannon's
stuff I wonder if I have to pay its
now
I guess that won't work okay so we thought that I got disconnected because
I hate
control C but I can easily get reconnected by going back in the neck at
waiting a few seconds and then it'll just reconnect as long as the
Mac Book Air is online so it got me reconnected
and then I'll just two let's see where was I
and CD users was
okay CDs its and
just I know I'm doing it the slow way
Shannon stuff that's why I wanted to go so
CD share and backs last post:
us stuff
if that worked that courts I got on my backgrounds in here that I and uploaded
that's awesome so yeah I have root access to the Mac Book Air so now I can
play I can have all sorts of fun and I can do all sorts of nefarious things
I wanted to or I can teach people about how important it is
to not leave physical access available to your machine
al nope unlike don't leave it there at a coffee shop when you go to the bathroom
take it with you
please so I didn't mention you can also do this with the USB flash drive
it just takes a lot longer since you have to type everything in
yourself at the Mac you're not going to have that ability with the USB
Robert drug ducky who will just you can just plug it in and
run the code very quickly you can also do the same thing with Linex
with grub it only just requires a little bit a physical access and then all bets
are off
you can do whatever you want so that's the important thing to
hear about here's the moralist on the story is
the physical access that's so important and of course if you
accidentally disconnected anything like that you get reconnected every 60
seconds
so of course that doesn't matter now I did also want to mention that Patrick
Moscow
who is the writer of this article he said the only sure way to prevent
unwanted route accessed your system is by simply enabling
filed false full disk encryption not the home folder encryption
now since this encrypts the entire drive it will be impossible to access
single user mode without a very strong password and then your problem is solved
so it's a perfect example why encryption is important
and that physical access now I hope you enjoyed this
I did I have been a call and I apologize for that but
if you enjoy this or if you try to a yourself or if you have another way to
gain root access into your Mac
please email me be back act I dot org and we'll be right back in just a few
moments papers
a quick okay still using Word and Excel to do your invoices
a keeping your receipts in a shoebox I mean let me tell you
you can save so much time with press box and is the
easiest way to send invoices to manage expenses to track your time
press box is a very simple cloud accounting system that is helping
thousands of entrepreneurs and small businesses just like yourselves
you know same time billing and get paid faster what you want with press books
you can easily create invoices you can capture
expenses you can be a real time business data and reports in just a few clicks
it's so simple
and get this you can try Press books for free
today alright get press box dot com and here's the really delicious part
about what FreshBooks is doing for the hi-fi viewers
every day they're giving away someone who signs up for press box using a
referral
a birthday cake that the beer birthday so go over to get press box dot com and
when they
ask you how you hear about us ensuring hack five for your chance to win that's
sweet birthday cake
with fresh legs everyday could be your birthday sign up
get press books da comp
and we're back in now time for the taking less photo at the week in this
one comes from
Eli re pieces in this photo and send fell yeah I took this a few months ago
while I was watching videos on YouTube with cash pipeline
he wanted to watch videos to you used I want to take him home
we should because it's so adorable thank you for sharing your taking less photo
and of course
you want to share yours you can send them to feedback
hack 5.4 with the subject line teclast
just very upset this week's episode impact on the people get going
wanted to mention that we love you and we care about you and we care about you
that friends and what your friends might think I've you and if you share this
video with your friends help I think more awesome
love you so you should just do that spread the love it in the everyone
right everybody gets his act 5 scene and you will be an awesome workers
ship we would greatly appreciate it way yeah I thank you
rights spread to got ultimate soared
and be like you since or just
send the video the linker that the likey but I don't even know what
watching but hit the whatever the like button is yep share back
on the bloody but unbowed yes
with that said happened that I suppose where you can find other places too
you know stock is on the social media a and let us know what you think
at the back five-dollar forget where you can
emails and let us know you'd like to see on the show which is great big ***
gephardt
every has we have a store attack shocked you're saying
known only actually check a shop dot com is our store
and used you can support us directly
and you can get a pineapple or a doctor number two for iverson batteries game
other fun
all aggregate *** thing is and it keeps this show on the air which is
really good
told be calling quite like well
I all day it was me i hack pack
some people called PVC bag every day carry bag
so it really just depends at I like that name its
coats bag can you hack Skype yeah
actually alike I think there's one next time yeah
the big one is great for a panel in tennis you can put a big
Lake you know directional 12 debris directional panel attending a bag and
composition your body so it's like
point order target get like expand your must-see bi's
up into their you know what so with that said
thank you for supporting us directly and what have all the way to the end so
this rag you won the game all
used anyway until next time
I'm daring kitchen and Shannon Morse gesture technologist
ok
yes
said underworld
up
old
up we have a nearby
ok
you morning
yeah day
***
up
