what you don't know can hurt you
Showing 1 - 19 of 19 RSS Feed

Files

issetugid() + rsh + libmalloc OS X Local Root
Posted Oct 3, 2015
Authored by Philip Pettersson

The default root-suid binary /usr/bin/rsh on Mac OS X uses execv() in an insecure manner. /usr/bin/rsh will invoke /usr/bin/rlogin if launched with only a host argument, without dropping privileges or clearing the environment. This exploit will pass "MallocLogFile" to /usr/bin/rsh, which is then passed on to rlogin and interpreted by libmalloc to create a root-owned file with partially controlled contents at /etc/crontab which gives a rootshell via sudo. Tested on 10.9.5 / 10.10.5 but it most likely works on much older versions too.

tags | exploit, root
systems | apple, osx
advisories | CVE-2015-5889
MD5 | 81acf0e43a571e81418379cca28b84a9

Related Files

OS X x64 /bin/sh Shellcode
Posted Sep 2, 2015
Authored by Csaba Fitzl

34 bytes small NULL byte free OS X x64 /bin/sh shellcode.

tags | shellcode
systems | apple, osx
MD5 | a3acc83e3c82166d8beeb36642e5f233
OS X Keychain EXC_BAD_ACCESS Denial Of Service
Posted Aug 4, 2015
Authored by Juan Sacco

Mac OS X 10.10.4 (Yosemite) suffers from a keychain-related denial of service vulnerability.

tags | exploit, denial of service
systems | apple, osx
MD5 | bb693ce448af1ed7afa742b3e85b3867
OS X 10.10 DYLD_PRINT_TO_FILE Privilege Escalation
Posted Jul 22, 2015
Authored by Stefan Esser

OS X version 10.10 DYLD_PRINT_TO_FILE local privilege escalation proof of concept exploit.

tags | exploit, local, proof of concept
systems | apple, osx
MD5 | 756dd5d0ac3ee01ba77776f95053f131
Mac OS X rootpipe Local Privilege Escalation
Posted Apr 9, 2015
Authored by Emil Kvarnhammar

Mac OS X rootpipe local proof of concept privilege escalation exploit.

tags | exploit, local, proof of concept
systems | apple, osx
advisories | CVE-2015-1130
MD5 | b7341fe08ad8c839629b376ef02a5820
OS X 10.9.5 IOKit IntelAccelerator NULL Pointer Dereference
Posted Jan 21, 2015
Authored by Google Security Research

OS X 10.9.5 IOKit IntelAccelerator suffers from a null pointer dereference vulnerability. This is the proof of concept exploit released by Google.

tags | exploit, proof of concept
systems | apple, osx
MD5 | 1ae0774711afbf121c80129584461b87
OS X 10.10 IOKit IntelAccelerator NULL Pointer Dereference
Posted Jan 21, 2015
Authored by Google Security Research

OS X 10.10 IOKit IntelAccelerator suffers from a null pointer dereference vulnerability. This is the proof of concept exploit released by Google.

tags | exploit, proof of concept
systems | apple, osx
MD5 | 5101afae5f6148ea15c0034a88d441ce
OS X networkd Sandbox Escape
Posted Jan 20, 2015
Authored by Google Security Research

OS X networkd "effective_audit_token" XPC type confusion sandbox escape proof of concept exploit.

tags | exploit, proof of concept
systems | apple, osx
MD5 | 4050c0d6e9c3910083759e7b718c3818
Viscosity OpenVPN OS X Local Root
Posted Aug 13, 2012
Authored by zx2c4

Viscosity OpenVPN client for Mac OS X suffers from a local root command execution vulnerability due to a suid binary executing site.py.

tags | exploit, local, root
systems | apple, osx
MD5 | 310eead57ed8a1879d25cfaf62404d5b
Universal OS X ROP Shellcode
Posted Jul 24, 2011
Authored by P. Kot

Universal OS X dyld ROP shellcode that spawns a shell on port 4444.

tags | shell, shellcode
systems | linux, apple, osx
MD5 | 889e668c6fc7ae93dedcdf6e543ad687
Mac OS X / Intel Reverse TCP Shell Shellcode
Posted Apr 29, 2011
Authored by Jacob Hammack

131 bytes small Mac OS X / Intel reverse TCP shell shellcode for x86_64.

tags | shell, tcp, shellcode
systems | apple, osx
MD5 | 01de685f8e9a7ce64746376e0578c5f0
UFO: Alien Invasion IRC Client Buffer Overflow Exploit
Posted Jul 2, 2010
Authored by Jason Geffner | Site metasploit.com

This Metasploit module exploits a buffer overflow in the IRC client component of UFO: Alien Invasion 2.2.1.

tags | exploit, overflow
advisories | CVE-2010-2309
MD5 | 3bde84ff63ca733f53ee374ec82205a3
Samba trans2open Overflow (Mac OS X)
Posted Dec 31, 2009
Authored by H D Moore | Site metasploit.com

This exploits the buffer overflow found in Samba versions 2.2.0 to 2.2.8. This particular module is capable of exploiting the bug on Mac OS X PowerPC systems.

tags | exploit, overflow
systems | apple, osx
advisories | CVE-2003-0201
MD5 | e4ea02c3338a460353153d443eaff685
Finding sysent On OS X 10.6.1
Posted Oct 19, 2009
Authored by boecke

Small write up called finding sysent on OS X 10.6.1. Good information for Mac OS X rootkit writers.

tags | paper
systems | apple, osx
MD5 | 1f7a894ac48ac1a38127b27394425867
osx32bytes.txt
Posted May 2, 2006
Authored by hophet | Site nlabs.com.br

MacOSX/PowerPC 32 byte shellcode for sync(), reboot().

tags | shellcode
MD5 | 4f8a4be79a035ea123122a72c15f8a98
osx72bytes.txt
Posted May 2, 2006
Authored by hophet | Site nlabs.com.br

MacOSX/PowerPC 72 byte shellcode for execve /bin/sh.

tags | shellcode
MD5 | d59a0b83447393e784d3ee17aef8bc3b
osx104Dash.txt
Posted Aug 14, 2005
Authored by Jonathan Zdziarski

The Apple OSX 10.4 Dashboard widgets allow system commands to be executed, which is normally not considered a vulnerability in itself as they run with the user's permissions. If the user has recently authenticated to perform a super-user function, however, Dashboard widgets can hijack these credentials by calling the system's built-in sudo command and execute arbitrary functions with full administrative privileges.

tags | advisory, arbitrary
systems | apple
MD5 | 49f0141d32fe29e4e0a2957f4b811a09
osx102.txt
Posted Feb 25, 2005
Site netsec.net

NetSec Security Advisory - Due to multiple vulnerabilities resulting from the use of Apple OSX HFS+, remote users may be able to view arbitrary file data, including the source code of server side documents, such as PHP JSP documents.

tags | advisory, remote, arbitrary, php, vulnerability
systems | apple
MD5 | 5ac862db7ec3d451b2a8350382d2c5cc
osx86_mmdfdeliver.c
Posted Oct 26, 2004
Authored by Ramon de C Valle

MMDF deliver local root exploit for SCO OpenServer 5.0.7 x86.

tags | exploit, x86, local, root
advisories | CVE-2004-0510
MD5 | fb00af86ece2ed6422cdbc89c50c5b4c
osxrk-0.2.1.tbz
Posted Sep 10, 2004
Authored by gapple

MAC OS-X rootkit that has a lot of standard tools included, adds a TCP backdoor via inetd, does data recon, and more.

tags | tool, tcp, rootkit
systems | unix, apple, osx
MD5 | 4d88ce2a44718703f5de06a26c26349a
Page 1 of 1
Back1Next

File Archive:

January 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    4 Files
  • 2
    Jan 2nd
    3 Files
  • 3
    Jan 3rd
    3 Files
  • 4
    Jan 4th
    33 Files
  • 5
    Jan 5th
    31 Files
  • 6
    Jan 6th
    21 Files
  • 7
    Jan 7th
    15 Files
  • 8
    Jan 8th
    19 Files
  • 9
    Jan 9th
    1 Files
  • 10
    Jan 10th
    1 Files
  • 11
    Jan 11th
    33 Files
  • 12
    Jan 12th
    19 Files
  • 13
    Jan 13th
    27 Files
  • 14
    Jan 14th
    8 Files
  • 15
    Jan 15th
    16 Files
  • 16
    Jan 16th
    1 Files
  • 17
    Jan 17th
    2 Files
  • 18
    Jan 18th
    20 Files
  • 19
    Jan 19th
    32 Files
  • 20
    Jan 20th
    15 Files
  • 21
    Jan 21st
    10 Files
  • 22
    Jan 22nd
    16 Files
  • 23
    Jan 23rd
    1 Files
  • 24
    Jan 24th
    1 Files
  • 25
    Jan 25th
    36 Files
  • 26
    Jan 26th
    26 Files
  • 27
    Jan 27th
    28 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close