Because everybody wants to know how to freeze the balls of a brass monkey.

(I was trying to search “freeze the system” haha)

I did a webserver for my debian vm and I wanted the server to be available within all the other machines on the lan, but the problem was that only I was able to see it (of course, it is on my mac). A easy solution can be switching the VM network adapter to bridge, but that’s an easy one c’mon!. VMware Fusion is capable of doing port forwarding on the NAT network adapter (that sounds yummy), so thats going to be my solution, doing port forwarding. Just look at the steps and learn.

1. Check for the ip address of the VM machine.
   1. Assuming that your VM machine is linux. You can get that ip by just writing “ifconfig” in your vm_machine terminal.
2. Open the Terminal.app
3. sudo vim “/Library/Application Support/VMware Fusion/vmnet8/nat.conf”
   • enter your password if is asked
   • scroll down until you see [tcpincome]
   • press ‘i’ to enter INSERT mode (that means, to write :p )
   • Write the following instruction
   • 80 = virtualmachineIP:80 (for example: 80 = 192.168.22.113:80)
   • press ‘esc’ to exit INSERT mode
   • write in the command :w! (this will save the file)
   • write in the command :q (this will quit vim)
   • $ sudo vim "/Library/Application Support/VMware Fusion/vmnet8/nat.conf"
...
[incomingtcp]
80 = 192.168.22.113:80
…

4. sudo “/Library/Application Support/VMware Fusion/boot.sh” –restart

You have done it man!.

Sources: Etechcetera | VMWare Communitie

I’m trying to free myself from GUI-Based text editors (a.k.a. textmate, bbedit), but sometimes it is kind of difficult to remember the commands and keyboard shorcuts. Thats why im using this wonderfull widget, hope you enjoy!.

Website: aranio | Direct download: VI Widget

Access was denied because I was from Mexico. According to the site, it was because of security reasons. WTF could a good security reason be, not to allow mexican users, perhaps swine flu? Lol.

1. Open the Terminal.app and type the following commands:
1. sudo launchctl unload -w /System/Library/LaunchDaemons/org.apache.httpd.plist
2. sudo mv /System/Library/LaunchDaemons/org.apache.httpd.plist /System/Library/LaunchDaemons/org.apache.httpd.plist.original
3. sudo httpd -k stop

So extreme that you need helmet! lol.

Via: Pablasso Blog

1. Charge your battery up to 100% or verify that the charger indicator is green.
2. Disconnect the macbook from the electricity
3. Let it discharge entirely
4. Connect the charger again to the electricity and charge it to the max.
5. Done!!

More info: Calibrating a MacBook/ MacBook Pro (apple)

Steps

1. Save the file in your USER folder (e.g /users/jose/ )
2. Edit the USERNAME and PASSWORD variables (obviously with the username and password you want)
3. In the Terminal.app write this command:
   • sudo sh ~/user.sh

When you finish you should be able to login in “Login Window …-> Others …”

user.sh

#!/bin/bash
 
#Important data
USERNAME=testuser
PASSWORD=123456
 
#You have to change this ID each time you want another username, just make sure its under 500
ID=432
 
/bin/echo "Creating hidden username :)"
 
/usr/bin/dscl -create /Users/$USERNAME
/usr/bin/dscl -create /Users/$USERNAME PrimaryGroupID 0
/usr/bin/dscl -create /Users/$USERNAME UniqueID $ID
/usr/bin/dscl -create /Users/$USERNAME UserShell /bin/bash
/usr/bin/dscl -passwd /Users/$USERNAME $PASSWORD
/usr/bin/dscl -append /Groups/admin GroupMembership $USERNAME
 
#We assign as default homedir /var/home/YOURUSER
/usr/bin/dscl -create /Users/$USERNAME NFSHomeDirectory /var/home/$USERNAME
 
#Creating and putting the defualts dirs in your homedir.
/bin/mkdir -p /var/home/$USERNAME
	/usr/bin/ditto -rsrc -V /System/Library/User Template/English.lproj/ /var/home/$USERNAME
	/usr/sbin/chown -Rf $USERNAME:admin /var/home/$USERNAME
 
/bin/echo "User folder is in /var/home/$USERNAME now"
 
defaults write /Library/Preferences/com.apple.loginwindow Hidden500Users -bool true
defaults write /Library/Preferences/com.apple.loginwindow HiddenUsersList -array $USERNAME
 
/bin/echo "We are done!."
 
exit 0;

Update: Sorry, it isn’t working in 10.5, i will make a new script thought, stay sharp :).

The work required to incrementally search a password grows
exponentially with each letter. In other words, to search for a password with
six letters, you do ninety five times as much work as searching for a password
with five letters (assuming you’re using the 95 printable ASCII characters only).
To search for a password with ten letters, you do 7.7 billion times more work than
searching for a password with five letters.

Why do you care?
This means your workload increases dramatically and rapidly depending on how many
letters are in the password.

2. Latency

In a nutshell, latency is the time it takes a message to go from your computer,
over the internet, to another computer. Latency is usually measured in
milliseconds (one thousandth of a second). For your local network, latency is
usually less than one millisecond. Latency on the Internet, however, is a whole
other story. For your typical wired connection, latency to a remote server
(another computer on the internet) which is reasonably close to you, is usually
bound to be under one hundred milliseconds. For a wireless connection, this jumps
up to usually be one hundred milliseconds or more, varying wildly due to the
nature of the medium.

Why do you care?
The longer it takes for a message (username and password) to get to another
computer, and the longer it takes for their reply to get back to you (access
granted, or denied) the longer you’re going to have to wait before sending
the next message.

3. Sysadmins are smarter than you

Exhaustive search is one of the oldest tricks in the book.
You aren’t the first one to try this, and any experienced sysadmin is going to
be prepared for this kind of attack. The fact that exhaustive search is anything
but subtle doesn’t help. Attempts at exhaustive search show up as a red, flaming
flag in logs. Filters like xinetd allow them to set the maximum connections
allowed to a certain port per second, and the delay between connections from the
same IP address. Online web forms are more often written to lock out specific IP
addresses after a number of incorrect passwords, etc. On top of all this, they’re
actually getting paid for it.

Why do you care?
There’s likely precautions in place to prevent against the very attack you are
scheming.

The bottom line is this: remote exhaustive search isn’t a magic solution to all
your hacking problems. Chances are if the password isn’t in a “common passwords”
list or an English dictionary, it’s simply not going to be practical to continue
in this method of attack.

Via: [T S F] The Shared Forums. Article by siph0n user.

• Safari code_execution.
• Remote shutdown.
• libxml code_execution.
• Kernel Privilege Scalation
• PDF code_execution
• many more..

If you want to see the whole list of bugs follow this link:
http://support.apple.com/kb/HT3549