what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 20 of 20 RSS Feed

Files

issetugid() + rsh + libmalloc OS X Local Root
Posted Oct 3, 2015
Authored by Philip Pettersson

The default root-suid binary /usr/bin/rsh on Mac OS X uses execv() in an insecure manner. /usr/bin/rsh will invoke /usr/bin/rlogin if launched with only a host argument, without dropping privileges or clearing the environment. This exploit will pass "MallocLogFile" to /usr/bin/rsh, which is then passed on to rlogin and interpreted by libmalloc to create a root-owned file with partially controlled contents at /etc/crontab which gives a rootshell via sudo. Tested on 10.9.5 / 10.10.5 but it most likely works on much older versions too.

tags | exploit, root
systems | apple, osx
advisories | CVE-2015-5889
SHA-256 | 57369dae3073aa171e586034196b70f67cf18695ca619dddcbe2f77bfce377a9

Related Files

macOS Gatekeeper Check Bypass
Posted May 7, 2021
Authored by timwr, Cedric Owens | Site metasploit.com

This Metasploit module serves an OSX app (as a zip) that contains no Info.plist, which bypasses gatekeeper in macOS versions prior to 11.3. If the user visits the site on Safari, the zip file is automatically extracted, and clicking on the downloaded file will automatically launch the payload. If the user visits the site in another browser, the user must click once to unzip the app, and click again in order to execute the payload.

tags | exploit
systems | apple
advisories | CVE-2021-30657
SHA-256 | 63462c2e64d7852458a439220123a2d9aea8f3c2506a1452879ec40fef583f4f
OS X x64 /bin/sh Shellcode
Posted Sep 2, 2015
Authored by Csaba Fitzl

34 bytes small NULL byte free OS X x64 /bin/sh shellcode.

tags | shellcode
systems | apple, osx
SHA-256 | 62604cfda35d5ea48e784d6b5bfb83d4ce2aa61f09505d7ee7a39833737dc0ef
OS X Keychain EXC_BAD_ACCESS Denial Of Service
Posted Aug 4, 2015
Authored by Juan Sacco

Mac OS X 10.10.4 (Yosemite) suffers from a keychain-related denial of service vulnerability.

tags | exploit, denial of service
systems | apple, osx
SHA-256 | 5e5264989ee711ea2cf1f4508b6d73169a2f88b72a97de4b2be4e77d5bfb3214
OS X 10.10 DYLD_PRINT_TO_FILE Privilege Escalation
Posted Jul 22, 2015
Authored by Stefan Esser

OS X version 10.10 DYLD_PRINT_TO_FILE local privilege escalation proof of concept exploit.

tags | exploit, local, proof of concept
systems | apple, osx
SHA-256 | 54d151a0576992acbdfc4330c685be0f33834016156eaf6b60eb50e760abfc0c
Mac OS X rootpipe Local Privilege Escalation
Posted Apr 9, 2015
Authored by Emil Kvarnhammar

Mac OS X rootpipe local proof of concept privilege escalation exploit.

tags | exploit, local, proof of concept
systems | apple, osx
advisories | CVE-2015-1130
SHA-256 | 146b64bdac5816f848302abe5d0ad8a8ac00a1ef2eb064fcfcdd3a63453c2ee0
OS X 10.9.5 IOKit IntelAccelerator NULL Pointer Dereference
Posted Jan 21, 2015
Authored by Google Security Research

OS X 10.9.5 IOKit IntelAccelerator suffers from a null pointer dereference vulnerability. This is the proof of concept exploit released by Google.

tags | exploit, proof of concept
systems | apple, osx
SHA-256 | 4eb96b629d8eab7927b29a5ec7a9f92753cd3f849943a9328dda80e152688d6a
OS X 10.10 IOKit IntelAccelerator NULL Pointer Dereference
Posted Jan 21, 2015
Authored by Google Security Research

OS X 10.10 IOKit IntelAccelerator suffers from a null pointer dereference vulnerability. This is the proof of concept exploit released by Google.

tags | exploit, proof of concept
systems | apple, osx
SHA-256 | 57e374097b155cf315fefccfe8009fda73846c7ab656b687d836fb54d450f253
OS X networkd Sandbox Escape
Posted Jan 20, 2015
Authored by Google Security Research

OS X networkd "effective_audit_token" XPC type confusion sandbox escape proof of concept exploit.

tags | exploit, proof of concept
systems | apple, osx
SHA-256 | 26000ca21e50478d63a5ca817398f053658a3693b62adac8eb4a3b8c6669b930
Viscosity OpenVPN OS X Local Root
Posted Aug 13, 2012
Authored by zx2c4

Viscosity OpenVPN client for Mac OS X suffers from a local root command execution vulnerability due to a suid binary executing site.py.

tags | exploit, local, root
systems | apple, osx
SHA-256 | bbed2f8bef6e98f9f906db21866f9556901fd2af1233ad2af5fa7f69e3f8af21
Universal OS X ROP Shellcode
Posted Jul 24, 2011
Authored by P. Kot

Universal OS X dyld ROP shellcode that spawns a shell on port 4444.

tags | shell, shellcode
systems | linux, apple, osx
SHA-256 | f90145d57b30a93c3b8950bb79484eec09621902be1ae67433d853c948efbc0c
Mac OS X / Intel Reverse TCP Shell Shellcode
Posted Apr 29, 2011
Authored by Jacob Hammack

131 bytes small Mac OS X / Intel reverse TCP shell shellcode for x86_64.

tags | shell, tcp, shellcode
systems | apple, osx
SHA-256 | 5bbb1086a1d5f4b19b20f5dc928fa031945f9bd33b9ca2d304044ad49918ddcc
UFO: Alien Invasion IRC Client Buffer Overflow Exploit
Posted Jul 2, 2010
Authored by Jason Geffner | Site metasploit.com

This Metasploit module exploits a buffer overflow in the IRC client component of UFO: Alien Invasion 2.2.1.

tags | exploit, overflow
advisories | CVE-2010-2309
SHA-256 | 0efd72a52f0a3217a18642d2b292cb7590c04518e472422e8a05956140bcbe33
Samba trans2open Overflow (Mac OS X)
Posted Dec 31, 2009
Authored by H D Moore | Site metasploit.com

This exploits the buffer overflow found in Samba versions 2.2.0 to 2.2.8. This particular module is capable of exploiting the bug on Mac OS X PowerPC systems.

tags | exploit, overflow
systems | apple, osx
advisories | CVE-2003-0201
SHA-256 | 0a81c70c55c5b626382aa3846753c3ac0bbcbc83db3ba6ea2a26b8367e01106c
Finding sysent On OS X 10.6.1
Posted Oct 19, 2009
Authored by boecke

Small write up called finding sysent on OS X 10.6.1. Good information for Mac OS X rootkit writers.

tags | paper
systems | apple, osx
SHA-256 | 1a5b60643b2f08891db208c8e184461731b58a2d29562a6b083d3c69964404f4
osx32bytes.txt
Posted May 2, 2006
Authored by hophet | Site nlabs.com.br

MacOSX/PowerPC 32 byte shellcode for sync(), reboot().

tags | shellcode
SHA-256 | 5351c8b944368ba099bd46cb47915aa7e0786ff4351bf5533f14b4df81c31cac
osx72bytes.txt
Posted May 2, 2006
Authored by hophet | Site nlabs.com.br

MacOSX/PowerPC 72 byte shellcode for execve /bin/sh.

tags | shellcode
SHA-256 | ac91044711def1684cd5a9b2453d14c329e8a338863ce7e44ec4589f10d91bde
osx104Dash.txt
Posted Aug 14, 2005
Authored by Jonathan Zdziarski

The Apple OSX 10.4 Dashboard widgets allow system commands to be executed, which is normally not considered a vulnerability in itself as they run with the user's permissions. If the user has recently authenticated to perform a super-user function, however, Dashboard widgets can hijack these credentials by calling the system's built-in sudo command and execute arbitrary functions with full administrative privileges.

tags | advisory, arbitrary
systems | apple
SHA-256 | a50c6951f75d23dfbeceb299ee744c63c29ccd29bc3eed02301998c3ff432d0d
osx102.txt
Posted Feb 25, 2005
Site netsec.net

NetSec Security Advisory - Due to multiple vulnerabilities resulting from the use of Apple OSX HFS+, remote users may be able to view arbitrary file data, including the source code of server side documents, such as PHP JSP documents.

tags | advisory, remote, arbitrary, php, vulnerability
systems | apple
SHA-256 | 590bb7808f716931c412c8a8e612a7a356747b4be22319b4a1247d4f86744067
osx86_mmdfdeliver.c
Posted Oct 26, 2004
Authored by Ramon de C Valle

MMDF deliver local root exploit for SCO OpenServer 5.0.7 x86.

tags | exploit, x86, local, root
advisories | CVE-2004-0510
SHA-256 | 5a32e0e43ec0a91696cd2732619706797117d91a12166e0b705430b2a2d691a5
osxrk-0.2.1.tbz
Posted Sep 10, 2004
Authored by gapple

MAC OS-X rootkit that has a lot of standard tools included, adds a TCP backdoor via inetd, does data recon, and more.

tags | tool, tcp, rootkit
systems | unix, apple, osx
SHA-256 | 21e6ef5bbf484ae909d8e4ab55e0e47d82f7478c4941f5cca236f04306b9f98e
Page 1 of 1
Back1Next

File Archive:

February 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    11 Files
  • 2
    Feb 2nd
    9 Files
  • 3
    Feb 3rd
    0 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    0 Files
  • 6
    Feb 6th
    0 Files
  • 7
    Feb 7th
    0 Files
  • 8
    Feb 8th
    0 Files
  • 9
    Feb 9th
    0 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    0 Files
  • 13
    Feb 13th
    0 Files
  • 14
    Feb 14th
    0 Files
  • 15
    Feb 15th
    0 Files
  • 16
    Feb 16th
    0 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close