How To: Perform a Local Privilege Escalation on Mac.

Perform a Local Privilege Escalation on Mac.

Hello null byte!! I found a local local privilege escalation exploit on Exploit-db known as CVE-2015-5889: issetugid() + rsh + libmalloc osx local root by rebel. You can visit the link here or find the code on pastebin here.

Step 1: Download the Script

If you don't know how then you are at the wrong place. Otherwise save it as and then move on to step 2.

Step 2: Run the Script.

Go into terminal and run it as python (whatever directory it is in) and run it. The output should include that it has created /etc/crontab and then waiting for sudoer file to change. Afterwards you should have a root shell!

Step 3: Post Exploitation!

Now if I were you I would change the root password with passwd root and then set the password but thats just me. From here do whatever you want

Step 4: End

Thank you all for reading! I hope you enjoyed this. Don't do anything bad and what you do with this information I am not responsible for.

Have fun! -August

Learn How To Code with Null Byte's Beginner's Python Course.

Buy Now for $99.99 >

Our Best Hacking & Security Guides

New Null Byte posts — delivered straight to your inbox.


Works on OS X 10.9.5 to 10.10.5 (patched on 10.11) ;D

meh changing the root password would give you away better to toss a keylogger and get the actual password. plus you get to see all their nasty porn preferences lol

Share Your Thoughts

  • Hot
  • Latest