IT Need help finding exploits in school laptops

Discussion in 'OS X Yosemite (10.10)' started by Mason Dulemba, Mar 16, 2016.

Thread Status:
Not open for further replies.
  1. Mason Dulemba macrumors member

    Mason Dulemba

    Joined:
    Mar 16, 2016
    Location:
    Richmond, IN
    #1
    I am working on helping the IT at my school find ways around or filtering software.... Here is what we have for restricting settings, profiles, updates etc... we have Jamf, We have the efi locked and they are macbook airs so there is no removable ram, there is no single user mode, or way to change boot device without admin, for browser filtering we have zscaler, browser wise we have chrome, firefox, and safari, students have the applications folder locked and most of the other folders in the white list locked. students have access to terminal but not to admin commands They are unable to disconnect from the School wifi or turn wifi off but can connect to other networks and create P2P networks. The Apple remote desktop folder and process(screensharingd) which is used to remote control student computers is locked but is there any way to turn it off or block ARD? My question is there any other way to reset the admin password, make a new admin account, or make the current account admin, is there any way to install pkgs completely without admin, is there any other exploits that would still work with all the restrictions above ? Any comments are Greatly Appreciated Profiles listed below
    Thanks,
    Mason Dulemba
     

    Attached Files:

  2. vexorg macrumors 6502a

    Joined:
    Aug 4, 2009
    #2
    IF we were skeptical we would think you'd be encrypting files next and demanding money for the decryption codes.
     
  3. Mason Dulemba thread starter macrumors member

    Mason Dulemba

    Joined:
    Mar 16, 2016
    Location:
    Richmond, IN
    #3
    What do you mean ??? Ive already helped patch 2 exploits including the one that bypasses zscaler by turning off cookies, ive also found all the folders that users have read write and execute rights to and plan to patch them.. im not making this up
     
  4. vexorg macrumors 6502a

    Joined:
    Aug 4, 2009
    #4
    That might have gone over your head
     
  5. chrfr, Mar 17, 2016
    Last edited: Mar 17, 2016

    chrfr macrumors 603

    Joined:
    Jul 11, 2009
    #5
    No, this stuff all is legit systems management for institutions like schools. A skeptic would think that this is a student looking for ways around the existing management infrastructure. Even more particularly so since the screen captures are just what an end user would see on a managed Mac, not information a system admin would actually see in the tools used to manage the systems.
    Another edit: a Google search for the OP's name would make someone even more suspicious that this is a student trying to exploit a school-owned computer.
     
  6. Mason Dulemba thread starter macrumors member

    Mason Dulemba

    Joined:
    Mar 16, 2016
    Location:
    Richmond, IN
    #6
    I have found quite a few exploits already which im helping the IT at my school patch, im trying to find any other exploits you can think of that i should patch ......
    --- Post Merged, Mar 17, 2016 ---
    i understand what you are saying (i have worked with computers for a long time) just not how it connects to my question .......o_O
     
  7. AlliFlowers Contributor

    AlliFlowers

    Joined:
    Jan 1, 2011
    Location:
    L.A. (Lower Alabama)
    #7
    Apple vs. the FBI.
     
  8. maflynn Moderator

    maflynn

    Staff Member

    Joined:
    May 3, 2009
    Location:
    Boston
    #8
    [MOD NOTE]
    Bypassing security is not something that should be discussed here. Closing the thread down
     
Thread Status:
Not open for further replies.

Share This Page