|
Bulgogi Hoagie posted:lol just reproduced this jesus loving christ
|
#
?
Nov 28, 2017 21:23
|
|
|
|
| # ? May 14, 2024 09:30 |
|
|
i just tried this and it definitely works laffo
|
|
#
?
Nov 28, 2017 21:25
|
|
|
Bulgogi Hoagie posted:lol just reproduced this https://twitter.com/snd_wagenseil/status/935603174093787136
|
|
#
?
Nov 28, 2017 21:26
|
|
|
how do you gently caress that up, how
|
|
#
?
Nov 28, 2017 21:28
|
|
|
if this works remotely (and it probably does) i’m screaming
|
|
#
?
Nov 28, 2017 21:29
|
|
|
I can't get the root thing to work  . I thought at first cause i'm just on sierra, but people are saying they can do it on older versions so idk
|
|
#
?
Nov 28, 2017 21:29
|
|
|
it uhhhh works from the login screen too if its set up to allow u/p fields instead of clicking the user.
|
|
#
?
Nov 28, 2017 21:32
|
|
|
lol worked for me as well. this is amazing.
|
|
#
?
Nov 28, 2017 21:33
|
|
|
if it's not working for you, see if you already have a root account, as the trick seems to be the creation of a new one
|
|
#
?
Nov 28, 2017 21:33
|
|
|
Bulgogi Hoagie posted:lol just reproduced this lol high Sierra is a loving hug riddled poo poo os
|
|
#
?
Nov 28, 2017 21:34
|
|
|
Bulgogi Hoagie posted:if this works remotely (and it probably does) i’m screaming i cant seem to get it to work for remote login via ssh. messing with remote management now.
|
|
#
?
Nov 28, 2017 21:35
|
|
|
every once in a while i think about things like the packet of death thing in windows 95 or AIMbot exploits and think "man i wish computers were easily exploitable like they were when i was a kid" because everything like fuzzing and diassembly and bytecode analysis is way over my head, so the kid in me is glad to know that everything is still impossibly insecure garbage that can be broken trivially by anyone willing to poke at it long enough.
|
|
#
?
Nov 28, 2017 21:40
|
|
|
geonetix posted:lol high Sierra is a loving hug riddled poo poo os wanna get some of those hugs
|
|
#
?
Nov 28, 2017 21:40
|
|
|
best typo
|
|
#
?
Nov 28, 2017 21:43
|
|
|
https://twitter.com/kateconger/status/935546501421395968 https://twitter.com/kateconger/status/935555868128452608 just read the whole thread
|
|
#
?
Nov 28, 2017 21:46
|
|
|
sierra=high,dumb
|
|
#
?
Nov 28, 2017 21:46
|
|
|
flakeloaf posted:sierra=high,dumb holy poo poo 5
|
|
#
?
Nov 28, 2017 21:49
|
|
|
Ulf posted:https://twitter.com/kateconger/status/935546501421395968 this is fantastic
|
|
#
?
Nov 28, 2017 21:50
|
|
|
flakeloaf posted:sierra=high,dumb
|
|
#
?
Nov 28, 2017 21:50
|
|
|
MacOS If You're Using This You Must Be High Sierra
|
|
#
?
Nov 28, 2017 21:52
|
|
|
HOLY FUCKIN poo poo IT WORKS WITH SCREEN SHARING TOO
|
|
#
?
Nov 28, 2017 21:57
|
|
|
rip in piss
|
|
#
?
Nov 28, 2017 21:57
|
|
|
High Sierra/root thing doesn't work on my system but my account for web/email is user with no sudo rights so whatever its doing can only happen from an account that can already elevate. I wonder if the people doing it with a text logon dialog already have an admin user logged in vs a clean boot with no active user sessions.
|
|
#
?
Nov 28, 2017 21:58
|
|
|
stebe...
|
|
#
?
Nov 28, 2017 21:58
|
|
|
BangersInMyKnickers posted:High Sierra/root thing doesn't work on my system but my account for web/email is user with no sudo rights so whatever its doing can only happen from an account that can already elevate. I wonder if the people doing it with a text logon dialog already have an admin user logged in vs a clean boot with no active user sessions.
|
|
#
?
Nov 28, 2017 22:01
|
|
|
BangersInMyKnickers posted:High Sierra/root thing doesn't work on my system but my account for web/email is user with no sudo rights so whatever its doing can only happen from an account that can already elevate. I wonder if the people doing it with a text logon dialog already have an admin user logged in vs a clean boot with no active user sessions. i can do it without an active user session (eg log in as admin-level user, log out, log in as root) but havent done it with a clean boot because id have to turn off filevault and 
|
|
#
?
Nov 28, 2017 22:03
|
|
|
my bitter bi rival posted:i can do it without an active user session (eg log in as admin-level user, log out, log in as root) but havent done it with a clean boot because id have to turn off filevault and https://twitter.com/jonp__/status/935607120208199682
|
|
#
?
Nov 28, 2017 22:09
|
|
|
Oh, I bet being bound to AD is stopping it. Auths to root are probably sent to the DC instead of handled locally. Microsoft saves the day again
|
|
#
?
Nov 28, 2017 22:12
|
|
|
BangersInMyKnickers posted:Oh, I bet being bound to AD is stopping it. Auths to root are probably sent to the DC instead of handled locally. Microsoft saves the day again our macs are bound to AD and thats not the case here.
|
|
#
?
Nov 28, 2017 22:12
|
|
|
well then I have no idea but clearly I am better at security than the normal Mac user
|
|
#
?
Nov 28, 2017 22:13
|
|
|
is it possible the root user is enabled/has a password set already? we don't do that here and that is apparently the mitigation for this
|
|
#
?
Nov 28, 2017 22:14
|
|
|
my bitter bi rival posted:every once in a while i think about things like the packet of death thing in windows 95 or AIMbot exploits and think "man i wish computers were easily exploitable like they were when i was a kid" because everything like fuzzing and diassembly and bytecode analysis is way over my head, so the kid in me is glad to know that everything is still impossibly insecure garbage that can be broken trivially by anyone willing to poke at it long enough. yeah this is some classic era poo poo username 'field' password 'service'
|
|
#
?
Nov 28, 2017 22:15
|
|
|
my bitter bi rival posted:is it possible the root user is enabled/has a password set already? we don't do that here and that is apparently the mitigation for this yep, that was it. it support nerds enabled root, hid it, and gave it a different displayname
|
|
#
?
Nov 28, 2017 22:19
|
|
|
I thought the mac thing was a hoax until I tried it. Took about 20 times but lmao.
|
|
#
?
Nov 28, 2017 22:22
|
|
|
I think it only works for logins if you reproduce it from the Users & Groups first. the first time you succeed it makes a root account with blank password that didn't exist before so don't reproduce or if you must, change your root password immediately
|
|
#
?
Nov 28, 2017 22:23
|
|
|
imagine the sinking feeling the programmer responsible for that bug is feeling right about now
|
|
#
?
Nov 28, 2017 22:24
|
|
|
CKyle posted:I think it only works for logins if you reproduce it from the Users & Groups first. the first time you succeed it makes a root account with blank password that didn't exist before I had that thought too and believe it. fortunately we only have a handful of high Sierra macs around so I couldn't try to reproduce it on another device.
|
|
#
?
Nov 28, 2017 22:25
|
|
|
MALE SHOEGAZE posted:imagine the sinking feeling the programmer responsible for that bug is feeling right about now And the initials on the comment on that line of code? SJobs
|
|
#
?
Nov 28, 2017 22:27
|
|
|
my bitter bi rival posted:I had that thought too and believe it. fortunately we only have a handful of high Sierra macs around so I couldn't try to reproduce it on another device. I did a little dance with disabling root, trying to log in as root, failing, reproducing the bug in prefs, succeeding at logging in as root. looks like some macrumors people figured out the same thing
|
|
#
?
Nov 28, 2017 22:28
|
|
|
|
| # ? May 14, 2024 09:30 |
|
|
Zil posted:And the initials on the comment on that line of code?
|
|
#
?
Nov 28, 2017 22:29
|
|
