How To: Perform a Local Privilege Escalation on Mac.

Perform a Local Privilege Escalation on Mac.

Hello null byte!! I found a local local privilege escalation exploit on Exploit-db known as CVE-2015-5889: issetugid() + rsh + libmalloc osx local root by rebel. You can visit the link here or find the code on pastebin here.

Step 1: Download the Script

If you don't know how then you are at the wrong place. Otherwise save it as exploit.py and then move on to step 2.

Step 2: Run the Script.

Go into terminal and run it as python (whatever directory it is in) and run it. The output should include that it has created /etc/crontab and then waiting for sudoer file to change. Afterwards you should have a root shell!

Step 3: Post Exploitation!

Now if I were you I would change the root password with passwd root and then set the password but thats just me. From here do whatever you want

Step 4: End

Thank you all for reading! I hope you enjoyed this. Don't do anything bad and what you do with this information I am not responsible for.

Have fun! -August

Want to start making money as a white hat hacker? Jump-start your white-hat hacking career with our 2020 Premium Ethical Hacking Certification Training Bundle from the new Null Byte Shop and get over 60 hours of training from ethical hacking professionals.

Buy Now (90% off) >

Our Best Hacking & Security Guides

New Null Byte posts — delivered straight to your inbox.

3 Comments

Works on OS X 10.9.5 to 10.10.5 (patched on 10.11) ;D

meh changing the root password would give you away better to toss a keylogger and get the actual password. plus you get to see all their nasty porn preferences lol

Share Your Thoughts

  • Hot
  • Latest