Kaseya Community

Install program silently

Posted by LegacyPoster

on Oct 17, 2008 3:16 AM

Hi community!

One of our customers got two of their PowerBook G4's stolen after a break-in last week. Their not much worth, of course (4 years old), but it's annoying anyway, and would be fun if we could help them and the police to track down the persons in possession of the computers at the moment.

They have not reinstalled the system on any of them yet, which means that we are in contact with the Kaseya-agents every time they log on to internet.

The Kaseya-icon are hidden, and we have been watching their screen with remote control. Unfortunately they have not exposed themselves so far, other than a MSN e-mail account.

What we need, and i know some of this is somewhat controversial, is:
1) Build a script which fetches the serial number from the machines. (this would not be necessary if we had done our job properly in the first place ...)

2) Upload and silently install a keylogger

The computers are running MAC OSX 10.3.9 and 10.4.11

Norway is a small country but police resources are tight so it would be a great overstatement to claim that these cases has high priority.

Great gratitude and respect will be awarded to those who can shed some light on these issues for us! Smile

Legacy Forum Name: Install program silently,
Legacy Posted By Username: ckb

Posted by LegacyPoster

on Oct 17, 2008 4:11 AM

I don't know from Macs, but since there's that nice *NIX-y underpinning, could you script a 'wget' and some other commands to install something at the command-line level?

Legacy Forum Name: Macintosh,
Legacy Posted By Username: GreyDuck

Posted by LegacyPoster

on Oct 17, 2008 4:54 AM

Doesn't the user's IP address give you enough info for the police to be able to track them down?

Legacy Forum Name: Macintosh,
Legacy Posted By Username: leeevans

Posted by LegacyPoster

on Oct 17, 2008 5:38 AM

There are lots of IP to location utilities/sites that you can use, they are not 100% accurate but can provide some usefull information. Try

http://whatismyipaddress.com/staticpages/index.php/lookup-ip
http://locateip.co.uk/index.php

But there are hundreds of others out there

At the very least you can get the ISP information that the IP relates to, you may even get a map showing the location.

Legacy Forum Name: Macintosh,
Legacy Posted By Username: PeterS

Posted by LegacyPoster

on Oct 17, 2008 5:58 AM

do a google search for keyloggers for mac, and then find out what kind of installer it uses and you can script the install silently by finding the /flags to use with that particular installer ...

Legacy Forum Name: Macintosh,
Legacy Posted By Username: TBK Consulting

Posted by LegacyPoster

on Oct 22, 2008 9:29 PM

PeterS
There are lots of IP to location utilities/sites that you can use, they are not 100% accurate but can provide some usefull information. Try

http://whatismyipaddress.com/staticpages/index.php/lookup-ip
http://locateip.co.uk/index.php

But there are hundreds of others out there

At the very least you can get the ISP information that the IP relates to, you may even get a map showing the location.

Thanks for your reply, but i'm afraid it's not that easy. The IP localization-tools are not very accurate here in Norway due to some very complex infrastructure.
And, secondly, and most important, the user is connecting through a mobile phone Smile

Legacy Forum Name: Macintosh,
Legacy Posted By Username: ckb

Posted by LegacyPoster

on Oct 22, 2008 9:31 PM

TBK Consulting
do a google search for keyloggers for mac, and then find out what kind of installer it uses and you can script the install silently by finding the /flags to use with that particular installer ...

Thanks. I've tried, but it seems that keyloggers for osx-machines are not very good at silent installing, and all of them (which i've found at least) requires an additional system-setting to be changed to function.

Legacy Forum Name: Macintosh,
Legacy Posted By Username: ckb

Posted by LegacyPoster

on Oct 22, 2008 9:53 PM

Unfortunately then there is not much you can do but sit and wait and hopefully something will avail itself to you and give the crooks up for identification ... if you get a screen name for AIM, Facebook, o something like that have you tried looking up them on that site? Maybe if they do have one of those they are using it will shed some light or you can befriend them thru that service and get more info? Keep trying - I'm sure you will find something useful sooner or later!

Legacy Forum Name: Macintosh,
Legacy Posted By Username: TBK Consulting

Posted by LegacyPoster

on Oct 24, 2008 12:28 AM

http://www.juretta.com/log/2007/02/04/mac_os_x_command_line_goodies/

the system_profiler command should give you lots of goodies. how to suck that into kaseya, im not sure yet, as I just tested my first mac agent install yesterday.

Legacy Forum Name: Macintosh,
Legacy Posted By Username: mariaworld

Posted by LegacyPoster

on Oct 24, 2008 1:08 AM

a) If you know the credentials of any users on those stolen macs, wait til the kAgent shows noone logged in. Log in as a local user, run Photo Booth and take a picture!

b) I bet you could somehow write an applescript to take a picture with photobooth. Upload that applescript to the stolen machine, then execute it via shell command from kserver. Then youd never have to log in, but could get a photo of the guy who stole the laptops...

M

Legacy Forum Name: Macintosh,
Legacy Posted By Username: mariaworld

Posted by LegacyPoster

on Oct 24, 2008 1:20 AM

mariaworld: Option a) is a great idea, except that you can't remote into a Mac when nobody's logged in. Drat.

Legacy Forum Name: Macintosh,
Legacy Posted By Username: GreyDuck

IE 7 Silent Install

kvpn silent install

Winzip Silent Install

Install Symantec AV Silently

Installing AV Silently

Install program silently