Mac Security: Identifying Changes to the File System
Subject:   Mac OS X Rootkits
Date:   2005-10-12 16:38:18
From:   hard-mac
Response to: Mac OS X Rootkits

Opener never was a rootkit, very correct. Just a small POC to show what could happen on the OSX platform. It doesn't have to be installed locally as you say. NetCat was included because OS X never used to have a copy and the version it includes currently is still crippled.

peterhickman wrote: "So to install a rootkit to give you root access to a system you require root access, deeply flawed in my mind."

This is what a rootkit is, it is designed to keep root access on a box once you have it already. Not to get root, other exploits are used for this.

peterhickman wrote: "One day there will be a credible rootkit for OS X, but today I am not too worried."

As for real rootkits, Togroot is a pretty sad example. Have you looked at WeaponX yet. It's fairly powerful.

Cheers, hard-mac

Hardening Your Macintosh

1 to 1 of 1
  1. Mac OS X Rootkits
    2005-10-13 13:58:41  peterhickman [View]

1 to 1 of 1