{"id":395,"date":"2006-08-04T23:27:21","date_gmt":"2006-08-04T16:27:21","guid":{"rendered":""},"modified":"2006-08-04T23:27:21","modified_gmt":"2006-08-04T16:27:21","slug":"johny-do-you-want-to-make-1000-cash","status":"publish","type":"post","link":"https:\/\/deepquest.code511.com\/blog\/2006\/08\/johny-do-you-want-to-make-1000-cash\/","title":{"rendered":"Johny: Do you want to make 1000$ cash?"},"content":{"rendered":"<p>After all this in security I&#8217;ve seen many media wh0re in Defcon or BlackHat but this year has been the most amazing  with the so called &#8220;Hijacking a Macbook in 60 Seconds or Less&#8221; exploit on OSX.<\/p>\n<p>There many things to say about this exploit which is not universal: I mean it WON&#8217;T work against any MacBook Pro out of the box.<br \/>\nIt&#8217;s a personnal message for <a href=\"http:\/\/www.802.11mercenary.net\/~johnycsh\" title=\"\"Johny Cache\"\">&#8220;Johny Cache&#8221;<\/a>, a challenge.<br \/>\nMake me a live demo against a MacBook pro in front of me and you&#8217;ll get <b>1,000USD<\/b> in cash.<!--more--><\/p>\n<p>[url=http:\/\/blog.washingtonpost.com\/securityfix\/2006\/08\/hijacking_a_macbook_in_60_seco.html] washington post[\/url] showed a video of the Ellch\/Maynor presentating on a new method they discovered for remotely circumventing the security of an Apple Macbook computer to seize total control over the machine.<\/p>\n<p>After few minutes watching the video, a bit of reflexion, a bit of experience more than 15 years pasted in the security business I came quickly to an easy conclusion: media wh0reing is officialy a national sport in Vegas during BH and Defcon.<\/p>\n<p>Let&#8217;s try to make this only based on facts:<br \/>\nThe target is a MacBook (aka new ibook with Intel proc.), Jon is using a 3rd party wireless card for not &#8220;targeting Apple&#8221;. Seriously have you ever seen a card of that size? Cash pretend the exploit works against the builtin airport card, fine show us. Which driver do you use?<br \/>\n<img loading=\"lazy\" decoding=\"async\" src=\"http:\/\/deepquest.code511.com\/blog\/images\/uploads\/3rdparty.png\" border=\"0\" alt=\"image\" name=\"image\" width=\"320\" height=\"236\" \/> <\/p>\n<p>Turning the Dell from the video as an Access Point, and using an exploit &#8220;badseed&#8221;. First your MacBook will ask first if an open network is found if you want to join it or not.<\/p>\n<p>There is a strange icone just under the macintosh HD that displays only when a network folder is connected. For eg an .Mac home folder. What is it?<br \/>\n<img loading=\"lazy\" decoding=\"async\" src=\"http:\/\/deepquest.code511.com\/blog\/images\/uploads\/code.png\" border=\"0\" alt=\"image\" name=\"image\" width=\"319\" height=\"235\" \/> <\/p>\n<p>Sorry Cash you didn&#8217;t convince the community, it&#8217;s not an apple geek stuff, no evidence, no (POC)Proof of Concept. I just remember that many journalists are rushing after the scoop of the year each time they are in Vegas. Maybe they should not follow the white rabbit&#8230;<\/p>\n<p>So Mr Cash and Mr Maynor, you want to get a real challenge? Ok make me a live demo on a Macbook or Macbook pro in exchange you&#8217;ll receive [b]1,000USD in cash[\/b] (sorry couldn&#8217;t prevent me). yes one thousand US dollars and [b]it&#8217;s not a joke.[\/b]<\/p>\n<p>Rules are simple tell me where ever you what to make the demo, earth is my playground \ud83d\ude42<\/p>\n","protected":false},"excerpt":{"rendered":"<p>1000 USD to Hijack a Macbook in 60 Seconds or Less<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_seopress_robots_primary_cat":"","_seopress_titles_title":"","_seopress_titles_desc":"","_seopress_robots_index":"","jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[4],"tags":[],"class_list":["post-395","post","type-post","status-publish","format-standard","hentry","category-apple"],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p4bBYZ-6n","_links":{"self":[{"href":"https:\/\/deepquest.code511.com\/blog\/wp-json\/wp\/v2\/posts\/395","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/deepquest.code511.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/deepquest.code511.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/deepquest.code511.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/deepquest.code511.com\/blog\/wp-json\/wp\/v2\/comments?post=395"}],"version-history":[{"count":0,"href":"https:\/\/deepquest.code511.com\/blog\/wp-json\/wp\/v2\/posts\/395\/revisions"}],"wp:attachment":[{"href":"https:\/\/deepquest.code511.com\/blog\/wp-json\/wp\/v2\/media?parent=395"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/deepquest.code511.com\/blog\/wp-json\/wp\/v2\/categories?post=395"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/deepquest.code511.com\/blog\/wp-json\/wp\/v2\/tags?post=395"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}