OS X As A Pentesting OS
Apple’s OS X has been recieving a lot of flack lately, both in regard to security issues and as it’s worth as an OS. I used to be a long time Linux/BSD user, until one day I found an 12′ Apple Powerbook lying around. After playing around on it for a week or so, I really began to see the possibilities, which lead me to go and buy my own 15′ Powerbool and to see if this could replace my aging Dell laptop which was currently dual booting Debian and OpenBSD. As OS X is built on a FreeBSD microkernel, it has all the BSD bits under the hood, so I wanted to see how far I could push this baby, and see if I could end up using a Mac for my daily pen-testing work, and have a rock solid secure operating system to work on at the same time? The answer is a huge yes!
OS X may have it’s faults, but it is a damn site more secure than Windows, but then again, that doesn’t really take too much now does it? It ships with a built in firewall, which is the standard FreeBSD IPFW (IP Firewall),this really is an great firewall, and in my opinion blows the likes of IPchains/IPtables on Linux out of the water. It’s a lot easier to configure, and has a hell of a lot more options. I won’t argue that the interface that Apple gives you is really basic, and consists of options like, enable/disable SSH, SMB, VNC, etc, and whether or not you want logging turned on or off. As a security professional, and a UNIX geek, this really isn’t good enough at all, so we need to drop under the hood and really modify these rules to suit our everyday needs, and only allow the things in and out that we really want to, and to have some fun we’ll set it so certain rules only kick in at certain times of the day (using cron) or when our laptop is getting scanned/probed (portsentry). For info on how to lock down IPFW on OS X either read the IPFW man page (best way), or have a look at these links, as they will give you the basics:
Great! So now we’re got the firewall on our shiny new Mac configured, and we can move on to other things, before we start adding a load of tools and the like. OS X comes with a great utility called FileVault, what this little baby does is encrypt your entire home folder and everything in it with 128-bit AES encryption. The encryption and decryption happens in real time, and when you turn it on, there really isn’t any performance hit at all. So now we have a OS that after the few minutes we just spent tweaking it, is already a hell of a lot more secure than most other OS’s.
Now OS X has a load of cool applications already developed for it, especially for anything media related, but we’re not going to go down that route. We want a pen-testing box to play with. First things first, if you’ve ever used Free/Open/Net BSD or Debian/Gentoo Linux then you’re going to know how useful the ports and package collections are. OS X doesn’t ship with any form of ports collection, but you can just install one, and away you go. Currently you get two different ports trees for OS X Fink (http://fink.sourceforge.net/) and Darwin Ports (http://darwinports.opendarwin.org/), my personal favourite is Darwin ports, as it has a lot more security related ports. So get that installed, all the installation instructions are on the Darwin ports site, and it’s a pretty painless install.
Now on to adding some tools on our little beast, the tools that I most frequently used on Linux/BSD are listed below, all the ones with * next to them are able to be installed on OS X, most of them through the Darwin ports tree.
Cryptcat* (OS X has NetCat installed by default)
Perl (Installed by default)
So as you can see, I managed to get everything that I was using on Linux and BSD installed, I also have a load of other tools installed, but the ones listed above are the more popular tools. If you can install anything on BSD then it should be taken as a given that you’ll be able to install it on OS X (it may require a bit of extra work, but usually nothing major.) This does include window managers as well, as I’ve had Fluxbox and KDE running.
When it comes to wireless tools, you really can’t go wrong with KisMac, it’s a clone of Kismet, but yet is does a hell of a lot more than Kismet, for instance it has built in WEP cracking, which really is a nice added plus. I know that this sort of thing is planned for the next big release of Kismet, but still, on OS X it’s here now. One thing here though, you need to have a Powerbook to be able to use KisMac as the standard Apple airport card currently can’t do passive sniffing, and the Powerbooks are the only Macs with a PCMCIA slot. If your wireless PCMCIA card isn’t supported head over to http://wirelessdriver.sourceforge.net/ and see if there’s a driver listed for your card there. Wirelessdriver works like a charm for my Orinoco and Prism cards.
There’s also MacStumbler and iStumbler which are pretty much like NetStumbler, never been a great fan of NetStumbler, but useful for a quick look around.
Well that’s about it, but I’d seriously recommend a Mac with OS X for pen-testing, mine hasn’t let me down yet.