This would effectively make all domain users local admins on all of the affected Macs. When Active Directory backed authentication is used, newly logged in users can inherit the primary user role if system defaults are not changed. ![]() The default base install of Apple OSX will allow the primary user configured on that workstation to sudo to root. Since this blog is lacking any real reference material specifically for OSX, I figured I would detail the information gathering and attacks I preformed during the assessment. All of these Macs were authenticating to Active Directory and allowed all logged in users local admin rights via a misconfigured sudoers rule. Problem and Rationaleĭuring a recent assessment the client had close to 10,000 Mac OSX systems throughout their global presence. ![]() TL DR: There are several ways to enumerate information from a Mac shell and to collect encrypted credentials for OSX password cracking.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |