question about security

[untamedhysteria]

i'm not making a rootkit/trojan or anything, but just was thinking about security in general and was wondering if this could be implemented.

basically i have 2 ideas:
couldn't a website make a javascript script that opened up the terminal by calling a telnet connection, then interupting the connection, and using the rm -rf ~* command to erase a person's personal settings and saved docs, music, ect? this thought came from this thread after checking out the website that seemed kinda crazy: https://forums.macrumors.com/threads/146066/
or how about joining some scripts to an app that basically went like this: having john the ripper in there, and when somebody ran the app that they downloaded from p2p or a untrusted website, basically had the scripts say run john the ripper for sudo password and save as .password (so it'll be hidden) then have the script to install a startup item (using the password from .password by having the script look at it through textedit or something and copying line 1--the password) and basically install a command for the startup item like rm -rf /* with the password injected for sudo or something?

 

[untamedhysteria]

and since i'm talking about security, why is it that the mac firewall doesn't stealth ports 0 and 1 ?? it closes them, but you can still be seen on a network port scan... do you just have to install a 3rd party app to get these stealthed or is there another way of doing it using apples imbedded firewall?

 

[savar]

basically i have 2 ideas:
couldn't a website make a javascript script that opened up the terminal by calling a telnet connection, then interupting the connection, and using the rm -rf ~* command to erase a person's personal settings and saved docs, music, ect? this thought came from this thread after checking out the website that seemed kinda crazy: https://forums.macrumors.com/threads/146066/

I'm not sure exactly what you mean, something like this?

localhostmarks:~ mehaase$ telnet localhost
Trying ::1...
telnet: connect to address ::1: Connection refused
Trying 127.0.0.1...
telnet: connect to address 127.0.0.1: Connection refused
telnet: Unable to connect to remote host

OS X has telnet closed by default, so that attack wouldn't work. SSH is an option but has to have the user's password to make it work.

or how about joining some scripts to an app that basically went like this: having john the ripper in there, and when somebody ran the app that they downloaded from p2p or a untrusted website, basically had the scripts say run john the ripper for sudo password and save as .password (so it'll be hidden) then have the script to install a startup item (using the password from .password by having the script look at it through textedit or something and copying line 1--the password) and basically install a command for the startup item like rm -rf /* with the password injected for sudo or something?

Again, I'm not quite following you. What you're talking about sounds like a Trojan horse, a virus written into a regular program. On MacOS Classic, this of course was a real threat because you didnt need root access to erase the whole hard drive...you could just do it. On Mac OS X, obviously, you need a root password.

As for including a password cracker with a trojan horse, that is a good idea but it has been done before. The only problem is that even on a dual G5 it would take days to crack even a simple password. My root password is ten alphanumeric digits, so thats 36^10 possible permutations. Even in the event of hash collision that could easily take several months to crack.

No doubt many people have very simple passwords that could be dictionary-attacked in a few seconds. Hopefully these are not the same people who download random applications from P2P networks and run them, otherwise the scheme you mention above would devastate them.

Security certainly is not airtight, and luckily Mac users haven't been targeted much yet, because naive mac users are just as vulnerable (in a sense) as naive Windows users. One benefit mac users do have is that the holes in the OS are less blatant -- IE and OE for windows are like hanging a sign out for hackers that says "Come on in...we are always open!" And a mac user running a default install doesn't have to worry about anything. A Windows machine that is merely connected to the internet can be infected with a virus in under 20 minutes, even if the user has let the computer idle since being plugged in.

By the way, the command you're looking for doesn't need a wildcard.

rm -rf ~

will erase all user files that the user has write access to (note that not all the files in a user's directory are owned by the user) and

sudo rm -rf /

will erase all the files in the filesystem, except perhaps some weird files that actually have no privileges.

 

[untamedhysteria]

for the 1'st example, i was asking if you can simply call the terminal from a certain command (like telnet) from javascript, which the website i visited showed me you can, and simply cancel the command that was used to bring up the terminal, and then have it execute the rm -rf ~ command from there..thus, deleting the home directory.

for the 2'nd example, i think you pretty much got the idea of how i was presenting it. my question was to ask if it would be possible that way, say for a novice user of computers in general or someone with a dictionary-password.

for both examples, i was wanting to know basically if there was any security features that apple has included in OSX that anyone knew of that would prevent this from happening...i hope they have anyways...it does seem that the scripts to do these should work...and thus is why i don't understand why someone else hasn't tried to implement this for OSX unless there is a security feature...it only took me about 5 minutes to come up with the idea, so any natural trojan/rootkit writer should be able to come up with this and use it effeciantly...

as for the people using p2p or untrustworthy sites, i've seen many people use them that have basically no knowledge about computers...they simply use them for free expensive apps or whatnot..