sudo kextunload /System/Library/DriverExtensions/AppleUserECM.dext
sudo kextunload -v -c com.apple.driver.usb.cdc.ecm
#Virtual Machine->Bluetooth and USB
menu option in Fusion. Run the autorun.bat file as an Administrator and it should flash successfully.#sudo kextunload com.apple.driver.usb.cdc.ecm
#sudo kextunload /System/Library/DriverExtensions/AppleUserECM.dext
# ./ghost
should produce either “not vulnerable” with an exit code of 0, or “vulnerable” with an exit code of 1.#ghost.c
to a directory on your master and compile it as describe above. Then put the executable in your /srv/salt
directory (or wherever your file_roots points). Put this sls file in the same directory:#/srv
directory (/srv/salt/OSXUpd10.9.2.pkg
).#wireunlurk.py
in /srv/salt/_modules
(or equivalent directory if you have customized it) and run the following on your Salt master:#clean=True
if you want to clean up the infection as well. This saved me a significant amount of time scanning my Macs just at home—we have 7 Macs on my home network and rather than ssh’ing to each one, or using a tool like csshX
, as soon as I got the script running and ‘saltified’ I executed the above command and could sleep with peace of mind knowing none of our above command and could sleep with peace of mind knowing none of our devices were infected.#sudo kextunload /System/Library/DriverExtensions/AppleUserECM.dext
sudo kextunload -v -c com.apple.driver.usb.cdc.ecm
#Virtual Machine->Bluetooth and USB
menu option in Fusion. Run the autorun.bat file as an Administrator and it should flash successfully.#sudo kextunload com.apple.driver.usb.cdc.ecm
#sudo kextunload /System/Library/DriverExtensions/AppleUserECM.dext
# ./ghost
should produce either “not vulnerable” with an exit code of 0, or “vulnerable” with an exit code of 1.#ghost.c
to a directory on your master and compile it as describe above. Then put the executable in your /srv/salt
directory (or wherever your file_roots points). Put this sls file in the same directory:#/srv
directory (/srv/salt/OSXUpd10.9.2.pkg
).#wireunlurk.py
in /srv/salt/_modules
(or equivalent directory if you have customized it) and run the following on your Salt master:#clean=True
if you want to clean up the infection as well. This saved me a significant amount of time scanning my Macs just at home—we have 7 Macs on my home network and rather than ssh’ing to each one, or using a tool like csshX
, as soon as I got the script running and ‘saltified’ I executed the above command and could sleep with peace of mind knowing none of our above command and could sleep with peace of mind knowing none of our devices were infected.#