Hello null byte!! I found a local local privilege escalation exploit on Exploit-db known as CVE-2015-5889: issetugid() + rsh + libmalloc osx local root by rebel. You can visit the link here or find the code on pastebin here.
Step 1: Download the Script
If you don't know how then you are at the wrong place. Otherwise save it as exploit.py and then move on to step 2.
Step 2: Run the Script.
Go into terminal and run it as python (whatever directory it is in) and run it. The output should include that it has created /etc/crontab and then waiting for sudoer file to change. Afterwards you should have a root shell!
Step 3: Post Exploitation!
Now if I were you I would change the root password with passwd root and then set the password but thats just me. From here do whatever you want
Step 4: End
Thank you all for reading! I hope you enjoyed this. Don't do anything bad and what you do with this information I am not responsible for.
Have fun! -August
Want to start making money as a white hat hacker? Jump-start your white-hat hacking career with our 2020 Premium Ethical Hacking Certification Training Bundle from the new Null Byte Shop and get over 60 hours of training from ethical hacking professionals.
3 Comments
Works on OS X 10.9.5 to 10.10.5 (patched on 10.11) ;D
meh changing the root password would give you away better to toss a keylogger and get the actual password. plus you get to see all their nasty porn preferences lol
Noice... will try
Share Your Thoughts