Skip to content

Instantly share code, notes, and snippets.

@kitzy
kitzy / jamfPro10.15.1.txt
Created September 30, 2019 18:16
Details regarding the vulnerability patched in Jamf Pro 10.15.1 and 10.13.1
In order to help customers understand the severity of security vulnerabilities, Jamf uses the Common Vulnerability Scoring System (CVSS). For more information about CVSS, see https://www.first.org/cvss/.
The CVSS v3.1 score for PI-007507 in version 9.81 is 10.0 (Critical): https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Jamf Pro Version 10.14 through 10.15
A request containing specially crafted package could be sent to certain endpoints in Jamf Pro resulting in the deletion of files on the server.
Jamf Pro Version 9.4 through 10.13
### Keybase proof
I hereby claim:
* I am kitzy on github.
* I am kitzy (https://keybase.io/kitzy) on keybase.
* I have a public key whose fingerprint is F6DD 1BCC 34EA 2640 5138 4289 C3BD 2E94 C4B3 2F62
To claim this, I am signing this object:
@kitzy
kitzy / jamfProVersioner.sh
Created April 2, 2018 22:10
Expands the Jamf Pro ROOT.war, extracts the version number, and renames the ROOT.war file to include the version number.
#!/bin/bash
if [ -z $1 ]
then
echo "ROOT.war must be passed as the first arguement to this script!"
exit 1
fi
warFile=$1
@kitzy
kitzy / masCheck.sh
Created March 22, 2017 15:49
A simple script that can be used as a Jamf Extension Attribute to check if a file was installed from the Mac App Store or not.
#!/bin/bash
APP=""
if [ ! -e "/Applications/${APP}.app" ]
then
echo "<result>Not Installed</result>"
elif [ -e "/Applications/${APP}.app/Contents/_MASReceipt" ]
then
echo "<result>Mac App Store</result>"
#!/bin/bash
result=$(/usr/bin/defaults read /Library/Preferences/com.apple.commerce AutoUpdateRestartRequired)
if [ "$result" != 1 ]
then
defaults write /Library/Preferences/com.apple.commerce AutoUpdateRestartRequired -bool TRUE
result=$(/usr/bin/defaults read /Library/Preferences/com.apple.commerce AutoUpdateRestartRequired)
fi
#!/bin/bash
KNOWNHASH=""
FILEPATH=""
TESTHASH=$(md5 ${FILEPATH} | awk '{print $4}')
if [ ! -e "${FILEPATH}" ]
then
echo "<result>not found</result>"
<key>RECIPE_REPOS</key>
<dict>
<key>/Users/<user>/Library/AutoPkg/RecipeRepos/<your-repo-identifier></key>
<dict>
<key>URL</key>
<string>git@github.com:<your-github-org>/<your-private-repo>.git</string>
</dict>
</dict>
<key>RECIPE_SEARCH_DIRS</key>
<array>

Keybase proof

I hereby claim:

  • I am kitzy on github.
  • I am kitzy (https://keybase.io/kitzy) on keybase.
  • I have a public key whose fingerprint is 06BA 6DAD C99B 68D9 E1D7 804B CBB3 50B6 0A7D 053D

To claim this, I am signing this object:

@kitzy
kitzy / RemoveTransmissionVulnerablity.sh
Created August 30, 2016 17:54
A script to remove the OSX/Keydnap vulnerability distributed through Transmission.app
#!/bin/bash
#################
### Variables ###
#################
# Items at the system level to be removed
systemItems=(
/Applications/Transmission.app
/Library/Application\ Support/com.apple.iCloud.sync.daemon/
@kitzy
kitzy / Transmission Vulnerability.xml
Created August 30, 2016 17:51
A Casper extension attribute to detect OSX/Keydnap
<?xml version="1.0" encoding="UTF-8"?>
<extensionAttribute>
<displayName>Transmission Vulnerability</displayName>
<description>Detects the existence of OSX/Keydnap. Returns "VULNERABLE" if found and "NOT VULNERABLE" if not.</description>
<dataType>string</dataType>
<scriptContentsMac>#!/bin/bash&#13;
&#13;
#################&#13;
### Variables ###&#13;
#################&#13;