Apple Mac OSX 10.9.5/10.10.5 - 'rsh/libmalloc' Local Privilege Escalation (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit4 'Mac OS X 10.9.5 / 10.10.5 - rsh/libmalloc Privilege Escalation', 'Description' = %q This module writes to the sudoers file without...

Mac OS X 10.9.5 / 10.10.5 - rsh/libmalloc Privilege Escalation

This module writes to the sudoers file without root access by exploiting rsh and malloc log files. Makes sudo require no password, giving access to su even if root is disabled. Works on OS X 10.9.5 to 10.10.5 patched on 10.11. This module requires Metasploit: https://metasploit.com/download Curre...

Immunity Canvas: OSX_RSH_LIBMALLOC

Name| osxrshlibmalloc ---|--- CVE| CVE-2015-5889 Exploit Pack| CANVAS Description| OS X rsh/libmalloc local privilege escalation Notes| Repeatability: Multiple Times Notes: Exploit should work on many different versions of MacOS X 64bit, but it has been specifically tested on: - 10.10.3 - 10.10.1...

issetugid() + rsh + libmalloc OS X Local Root Exploit

The default root-suid binary /usr/bin/rsh on Mac OS X uses execv in an insecure manner. /usr/bin/rsh will invoke /usr/bin/rlogin if launched with only a host argument, without dropping privileges or clearing the environment. This exploit will pass "MallocLogFile" to /usr/bin/rsh, which is then...

Mac OS X 10.9.5 / 10.10.5 - rsh/libmalloc Privilege Escalation

Exploit for macOS platform in category local exploits CVE-2015-5889: issetugid + rsh + libmalloc osx local root tested on osx 10.9.5 / 10.10.5 jul/2015 by rebel import os,time,sys env = s = os.stat"/etc/sudoers".stsize env'MallocLogFile' = '/etc/crontab' env'MallocStackLogging' = 'yes'...