Hello null byte!! I found a local local privilege escalation exploit on Exploit-db known as CVE-2015-5889: issetugid() + rsh + libmalloc osx local root by rebel. You can visit the link here or find the code on pastebin here.
Step 1: Download the Script
If you don't know how then you are at the wrong place. Otherwise save it as exploit.py and then move on to step 2.
Step 2: Run the Script.
Go into terminal and run it as python (whatever directory it is in) and run it. The output should include that it has created /etc/crontab and then waiting for sudoer file to change. Afterwards you should have a root shell!
Step 3: Post Exploitation!
Now if I were you I would change the root password with passwd root and then set the password but thats just me. From here do whatever you want
Step 4: End
Thank you all for reading! I hope you enjoyed this. Don't do anything bad and what you do with this information I am not responsible for.
Have fun! -August
- Follow Null Byte on Twitter, Flipboard, and YouTube
- Sign up for Null Byte's weekly newsletter
3 Comments
Works on OS X 10.9.5 to 10.10.5 (patched on 10.11) ;D
meh changing the root password would give you away better to toss a keylogger and get the actual password. plus you get to see all their nasty porn preferences lol
Noice... will try
Share Your Thoughts