How To: Perform a Local Privilege Escalation on Mac.

Perform a Local Privilege Escalation on Mac.

Hello null byte!! I found a local local privilege escalation exploit on Exploit-db known as CVE-2015-5889: issetugid() + rsh + libmalloc osx local root by rebel. You can visit the link here or find the code on pastebin here.

Step 1: Download the Script

If you don't know how then you are at the wrong place. Otherwise save it as and then move on to step 2.

Step 2: Run the Script.

Go into terminal and run it as python (whatever directory it is in) and run it. The output should include that it has created /etc/crontab and then waiting for sudoer file to change. Afterwards you should have a root shell!

Step 3: Post Exploitation!

Now if I were you I would change the root password with passwd root and then set the password but thats just me. From here do whatever you want

Step 4: End

Thank you all for reading! I hope you enjoyed this. Don't do anything bad and what you do with this information I am not responsible for.

Have fun! -August

Never Miss a Hacking or Security Guide

Get new Null Byte guides every week.


Works on OS X 10.9.5 to 10.10.5 (patched on 10.11) ;D

meh changing the root password would give you away better to toss a keylogger and get the actual password. plus you get to see all their nasty porn preferences lol

Share Your Thoughts

  • Hot
  • Latest