Apple OS X Entitlements Rootpipe Privilege Escalation Exploit

This Metasploit module exploits the rootpipe vulnerability and bypasses Apple's initial fix for the issue by injecting code into a process with the 'admin.writeconfig' entitlement. This module requires Metasploit: http://metasploit.com/download Current source:...

Apple OS X DYLD_PRINT_TO_FILE Privilege Escalation

In Apple OS X 10.10.4 and prior, the DYLDPRINTTOFILE environment variable is used for redirecting logging data to a file instead of stderr. Due to a design error, this feature can be abused by a local attacker to write arbitrary files as root via restricted, SUID-root binaries. This module requir...

BSD x64 Execute Command

Execute an arbitrary command This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework Exec ---- Executes an arbitrary command. module MetasploitModule CachedSize = 31 include Msf::Payload::Single include Msf::Payload::Bsd def...

Mac OS X IOKit Keyboard Driver Root Privilege Escalation

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'rex' class Metasploit3 'Mac OS X IOKit Keyboard Driver Root Privilege Escalation', 'Description' = %q A heap overflow in...

Mac OS X VMWare Fusion Root Privilege Escalation Exploit

This abuses the bug in bash environment variables CVE-2014-6271 to get a suid binary inside of VMWare Fusion to launch our payload as root. This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'rex...

Get Simple CMS 3.3.3 CSRF / XSS / Clickjacking Vulnerabilities

Get Simple CMS version 3.3.3 suffers from cross site request forgery, clickjacking, and various cross site scripting vulnerabilities. Affected Vendor: http://get-simple.info/ Date: 23/09/2014 Discovered by: JoeV Type of vulnerability: CSRF, Click-jacking, DOM based XSS and XSS Tested on: Windows ...

Jenkins 1.578 - Multiple Vulnerabilities

Jenkins 1.578 - Multiple Vulnerabilities Affected Vendor: http://jenkins-ci.org/ Date: 03/09/2014 Discovered by: JoeV Type of vulnerability: CSRF and Command Execution Tested on: Windows 7 Version : 1.578 Description: Jenkins is susceptible to CSRF attack and command execution. Using groovy one c...

Mac OS X NFS Mount Privilege Escalation Exploit

This exploit leverages a stack buffer overflow vulnerability to escalate privileges. The vulnerable function nfsconvertoldnfsargs does not verify the size of a user-provided argument before copying it to the stack. As a result, by passing a large size as an argument, a local user can overwrite th...

Nodejs js-yaml load() Code Execution

This module can be used to abuse node.js applications that parse user-supplied YAML input using the load function from the 'js-yaml' package 'Nodejs js-yaml load Code Execution', 'Description' = %q This module can be used to abuse node.js applications that parse user-supplied YAML input using the...