MacOS Port 88 Brute Force

TL;DR

Port 88 is often left open on MacOS systems for Remote Desktop services (AppleScreen Sharing). This guide explains how to identify if it’s accessible and then demonstrates a basic brute-force attempt using common usernames and passwords. Warning: Attempting unauthorised access is illegal. This information is for educational purposes only, to understand security vulnerabilities.

Checking Port 88 Accessibility

1. Use `netstat` to check if port 88 is listening: Open Terminal and run the following command:

   netstat -an | grep .88

   If you see a line with `.88` in the ‘Local Address’ column, it means something is listening on that port.

2. Use `lsof` for more detail: This command shows which process is using port 88:

   lsof -i :88

   This will output the process ID (PID) and name of the application listening on port 88. Typically, this is `AppleScreenSharing`.

3. Test remote access: From another MacOS machine, try connecting to the target machine using Screen Sharing (Applications > Connect to Server…). Enter the IP address or hostname of the target machine. If it prompts for a password and you don’t know it, proceed with caution.

Basic Brute-Force Attempt

This section demonstrates a simple brute-force attempt using a list of common usernames and passwords. It is highly unlikely to succeed against any system with even basic security measures in place, but it illustrates the principle.

1. Create a username/password list: Create a text file (e.g., `credentials.txt`) containing common usernames and passwords, one pair per line separated by a space:

   admin password
   root toor
   test test
   guest guest

2. Use `ncrack` for brute-forcing: If you don’t have it, install ncrack using Homebrew:

   brew install ncrack

3. Run the ncrack command: This example attempts to connect to port 88 and tries each username/password combination from `credentials.txt`.

   ncrack -p 88  --user credentials.txt --pass credentials.txt

   Replace `` with the actual IP address of the target machine.

4. Interpret the results: ncrack will output whether each attempt was successful or not. Look for lines indicating a successful login. If you get a successful login, STOP IMMEDIATELY and report it to the system owner.

Important Considerations

• Rate Limiting: Most systems implement rate limiting, which will block further attempts after a certain number of failed logins.
• Account Lockout: Repeated failed login attempts may lock the account.
• Firewalls: Firewalls can block access to port 88 entirely.
• Strong Passwords: This method is ineffective against systems with strong, unique passwords.
• Legal Implications: Attempting unauthorised access to a computer system is illegal and unethical.