.

OS X as a Pentest Platform

<<

SynJunkie

Jr. Member
Jr. Member

Posts: 71

Joined: Thu Apr 17, 2008 2:41 pm

Location: UK

Post Thu Feb 05, 2009 4:14 pm

OS X as a Pentest Platform

Hi guys,

i've recently gotten hold of a macbook and i gotta say that i'm totally lovin it.  Now I have it running pretty well with kismet (yes that's kismet), nmap, metasploiot, ettercap etc... and all seems to be working well.

My question is, do any of you pentesters out there use a mac as your main pentest platform? or  through experience have you found it to not be as flexible as Linux?

i've done a little testing in the week that i've had it and it seems to be working well but I just wondered if theres a "gotcha" just waiting to happen.

Any thoughts on this would be great.

Cheers

Syn

p.s Has anyone read Johnny Long's book on OS X Hacking and if so was it any good?
----------------------------------
http://synjunkie.blogspot.com
<<

geekyone

User avatar

Full Member
Full Member

Posts: 180

Joined: Fri Oct 26, 2007 12:45 pm

Location: Peoria, IL

Post Thu Feb 05, 2009 4:34 pm

Re: OS X as a Pentest Platform

Well I don't use Mac but that's mostly because I am poor.  I think Ed Skoudis uses a Mac for pentesting though.
CISSP, CEH, GPEN, GCIH, GCFA
<<

SynJunkie

Jr. Member
Jr. Member

Posts: 71

Joined: Thu Apr 17, 2008 2:41 pm

Location: UK

Post Thu Feb 05, 2009 4:38 pm

Re: OS X as a Pentest Platform

After getting the mac I too am poor, and my family are pretty hungry!
----------------------------------
http://synjunkie.blogspot.com
<<

Malware

Newbie
Newbie

Posts: 1

Joined: Thu Feb 05, 2009 4:38 pm

Post Thu Feb 05, 2009 4:47 pm

Re: OS X as a Pentest Platform

I use Mac to test, even tho I run linux on it, not its original Mac OS
<<

SynJunkie

Jr. Member
Jr. Member

Posts: 71

Joined: Thu Apr 17, 2008 2:41 pm

Location: UK

Post Thu Feb 05, 2009 5:20 pm

Re: OS X as a Pentest Platform

Malware

Why do you choose linux rather than OS X, is it familiarity or a shortcoming with OS X as a pentest platform?
----------------------------------
http://synjunkie.blogspot.com
<<

vijay2

Full Member
Full Member

Posts: 220

Joined: Wed Mar 28, 2007 6:22 am

Post Fri Feb 06, 2009 11:44 am

Re: OS X as a Pentest Platform

The people I have seen who uses MAC run VMware Fusion and VMs for pentesting. OS X can be a lil bit difficult to get all your fav tools working.

VJ
GPEN GCFA GCIH CISSP CISA GSEC OSCP C|EH Security+
<<

SynJunkie

Jr. Member
Jr. Member

Posts: 71

Joined: Thu Apr 17, 2008 2:41 pm

Location: UK

Post Thu Feb 12, 2009 8:18 am

Re: OS X as a Pentest Platform

After setting up macports the apps i use seem to download and work pretty good.  But i an see myself having a Linux VM to hand just in case.

Rather than VM Fusion i opted for Parallels though, being a total Mac newb could you tell me if VM Fusion is preffered and why?

Cheers

Syn
----------------------------------
http://synjunkie.blogspot.com
<<

vijay2

Full Member
Full Member

Posts: 220

Joined: Wed Mar 28, 2007 6:22 am

Post Thu Feb 12, 2009 9:16 am

Re: OS X as a Pentest Platform

Fusion Vs Parallel, umm i might not be the right person to answer that, though I think its matter of prefference.

I think one of the key to success is to be very confortable with the tools you use for pentesting.

I like to go with Fusion because I am comfortable with Vmware and it give me the ability to move around my VMs easily from different Hosts ( PC /  MAC)

VJ
GPEN GCFA GCIH CISSP CISA GSEC OSCP C|EH Security+
<<

Chan

Newbie
Newbie

Posts: 32

Joined: Thu Jun 05, 2008 4:38 am

Post Thu Feb 12, 2009 12:58 pm

Re: OS X as a Pentest Platform

I'm currently rocking a MBP. Mac Ports have most things, and I fall back to a Samurai/BT3 installation on VM Fusion if needed.

There's quite a Fusion Vs Parrallels argument on various different sites (also if it's a linux guest OS you're looking at, I've heard good things of VirtualBox) and with the current releases they're about neck and neck. I chose Fusion because of my familiarity with  VM products. There are some arguments about better video hardware acceleration, but if it that important go bootcamp and install whatever OS you want.

I've also got the OSX for Hackers book, it's good but it's starting to look a bit dated (there's a chapter on setting up kisMAC which is no longer needed as kismet works fine from ports), but if you're totally new to OSX it's worth a quick read.

I'm still with the "whatever you're most comfortable with" camp, I just happen to be comfortable with overpriced eyecandy :)
CCNA, 100m Swimming cert.
<<

Thegmandrive

Newbie
Newbie

Posts: 43

Joined: Tue Feb 17, 2009 8:34 pm

Post Tue Feb 17, 2009 9:23 pm

Re: OS X as a Pentest Platform

I love my Mac absolutely love it. I have a sweet setup, I have Mac Os X Server, Linux Red Hat, and Windows (I know, I know, it's a sin to have windows on my apple, Dont Ye Judge least ye be Judged... or something like that), All natively installed. I use Fusion for quick switching. For my wireless security testing I use AirCrack. I have a virtual machine I use just for that. I also have AirCrack installed on my Mac Via Macports but the linux version can do much more easier.

I have used both Parallels, and Fusion, I prefer Fusion.

I use Kismac NOT Kismet, to gather information about networks and import the findings into AirCrack, and use that to test my Wireless Security.

With a few easy work arounds, in my personal opinion, Macs are the way to go... If you can afford them of course... Im still paying for mine  ;D
<<

DrivinTin

User avatar

Jr. Member
Jr. Member

Posts: 51

Joined: Sat Feb 28, 2009 8:01 pm

Location: Houston, TX

Post Sat Mar 14, 2009 4:34 am

Re: OS X as a Pentest Platform

I also have a MacBook that i LOVE for pen testing.  The only thing i hated was i would have to reboot to BT to do packet injection, and a few other wireless tools, that is till i found this baby:

hxxps://shop.fon.com/FonShop/shop/US/Sh ... ct=PRD-001

Currently going for $29, but you can find promos and codes all the time to get them for $5 or sometimes free!  And the antenna comes right off to put something a bit bigger on it.  Then you take it and put this firmware on it:

hxxp://fonerahacks.com/index.php/Tutori ... onera.html

And now you have a little guy, that can do all kinds of fun things, running Airserv so that you can actually do the computing on your machine while the packets are grabbed via the Fon.  Man it works like a charm, and i even built a batter pack on mine out of 4 AAs so that I don't have to use a power adapter :)

Zac
Currently working on:
A UAV Project
Speaking and conferences
<<

Thegmandrive

Newbie
Newbie

Posts: 43

Joined: Tue Feb 17, 2009 8:34 pm

Post Tue Apr 07, 2009 4:41 pm

Re: OS X as a Pentest Platform

Sweeeeet, I'm going to have to try that.. its cheap enough :) Thanks for the info dude.
<<

decrypt_keeper

Post Tue May 12, 2009 7:15 pm

Re: OS X as a Pentest Platform

I'd get a Mac just for their physical design, but I'd probably just end up wiping out OS X and running Linux 100%.
<<

Ketchup

User avatar

Hero Member
Hero Member

Posts: 1021

Joined: Fri Jul 04, 2008 7:44 pm

Location: Philadelphia, PA

Post Tue May 12, 2009 9:29 pm

Re: OS X as a Pentest Platform

I don't get how people use a system where you still cannot right-click on something and you have to hold option+clover+shift+f8+scratch_your_butt+power to reboot the thing.
~~~~~~~~~~~~~~
Ketchup
<<

timmedin

User avatar

Sr. Member
Sr. Member

Posts: 469

Joined: Thu Feb 05, 2009 11:18 pm

Post Thu May 14, 2009 7:27 am

Re: OS X as a Pentest Platform

You can right click.
http://lifehacker.com/software/mac-tip/ ... 323322.php

Also, the one button looking mouse also senses your finger and will allow you to right click if you enable the options (I forget where it is and I don't have one in front of me).
twitter.com/timmedin | http://blog.securitywhole.com
Next

Return to Hardware

Who is online

Users browsing this forum: No registered users and 0 guests

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software