GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → A2nkF → Macos Kernel Exploit

A2nkF / Macos Kernel Exploit

macOS Kernel Exploit for CVE-2019-8781. Credit for the bug goes to @LinusHenze :)

Programming Languages

c
50402 projects - #5 most used programming language

Labels

macosexploit

Projects that are alternatives of or similar to Macos Kernel Exploit

external-protocol-flooding
Scheme flooding vulnerability: how it works and why it is a threat to anonymous browsing
Stars: ✭ 603 (+116.13%)
Mutual labels:  exploit
FlameCord
Patch for Waterfall to improve performance during attacks and fix memory issues.
Stars: ✭ 103 (-63.08%)
Mutual labels:  exploit
Webcgi Exploits
Multi-language web CGI interfaces exploits.
Stars: ✭ 268 (-3.94%)
Mutual labels:  exploit
moonwalk
Cover your tracks during Linux Exploitation by leaving zero traces on system logs and filesystem timestamps. 👻🐚
Stars: ✭ 544 (+94.98%)
Mutual labels:  exploit
Exploit-Development
Exploit Development - Weaponized Exploit and Proof of Concepts (PoC)
Stars: ✭ 84 (-69.89%)
Mutual labels:  exploit
Shellver
Reverse Shell Cheat Sheet TooL
Stars: ✭ 258 (-7.53%)
Mutual labels:  exploit
SQL Injection Payload
SQL Injection Payload List
Stars: ✭ 62 (-77.78%)
Mutual labels:  exploit
Keylogger
Keylogger is 100% invisible keylogger not only for users, but also undetectable by antivirus software. Blackcat keylogger Monitors all keystokes, Mouse clicks. It has a seperate process which continues capture system screenshot and send to ftp server in given time.
Stars: ✭ 271 (-2.87%)
Mutual labels:  exploit
CVE-2018-7750
an RCE (remote command execution) approach of CVE-2018-7750
Stars: ✭ 18 (-93.55%)
Mutual labels:  exploit
Jenkins Rce
😈 Jenkins RCE PoC. From unauthenticated user to remote code execution, it's a hacker's dream!
Stars: ✭ 262 (-6.09%)
Mutual labels:  exploit
awesome-list-of-secrets-in-environment-variables
🦄🔒 Awesome list of secrets in environment variables 🖥️
Stars: ✭ 538 (+92.83%)
Mutual labels:  exploit
Eternalblue
Eternalblue written in CSharp. Contains version detection, vulnerability scanner and exploit of MS17-010
Stars: ✭ 150 (-46.24%)
Mutual labels:  exploit
Remot3d
Remot3d: is a simple tool created for large pentesters as well as just for the pleasure of defacers to control server by backdoors
Stars: ✭ 263 (-5.73%)
Mutual labels:  exploit
Exploits
Real world and CTFs exploiting web/binary POCs.
Stars: ✭ 69 (-75.27%)
Mutual labels:  exploit
Commodity Injection Signatures
Commodity Injection Signatures, Malicious Inputs, XSS, HTTP Header Injection, XXE, RCE, Javascript, XSLT
Stars: ✭ 267 (-4.3%)
Mutual labels:  exploit
Chimay-Red-tiny
This is a minified exploit for mikrotik routers. It does not require any aditional modules to run.
Stars: ✭ 25 (-91.04%)
Mutual labels:  exploit
Shiro exploit
Apache Shiro 反序列化漏洞检测与利用工具
Stars: ✭ 252 (-9.68%)
Mutual labels:  exploit
Penetration testing poc
渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss penetration-testing-poc csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms
Stars: ✭ 3,858 (+1282.8%)
Mutual labels:  exploit
Cve 2019 1003000 Jenkins Rce Poc
Jenkins RCE Proof-of-Concept: SECURITY-1266 / CVE-2019-1003000 (Script Security), CVE-2019-1003001 (Pipeline: Groovy), CVE-2019-1003002 (Pipeline: Declarative)
Stars: ✭ 270 (-3.23%)
Mutual labels:  exploit
Exploit Cve 2017 7494
SambaCry exploit and vulnerable container (CVE-2017-7494)
Stars: ✭ 265 (-5.02%)
Mutual labels:  exploit
View All Similar Projects ➔

macOS-Kernel-Exploit

DISCLAIMER

You need to know the KASLR slide to use the exploit. Also SMAP needs to be disabled which means that it's not exploitable on Macs after 2015. These limitations make the exploit pretty much unusable for in-the-wild exploitation but still helpful for security researchers in a controlled lab environment.

This exploit is intended for security research purposes only.

General

macOS Kernel Exploit for CVE-2019-8781 (currently a 0day. I'll add the CVE# once it is published ;) ).

Thanks to @LinusHenze for this cool bug and his support ;P.

Writeup

Probably coming soon. If you want to try and exploit it yourself, here are a few things to get you started:

Build

I recommend setting the bootargs to: debug=0x44 kcsuffix=development -v

⚠️ Note: SMAP needs to be disabled on macs after 2015 (-pmap_smap_disable)

You will need XCODE <= 9.4.1 to build the exploit. (It needs to be 32bit) Downloading Xcode 9.4.1 Commandline Tools should be enough ;) Download: https://developer.apple.com/download/more/

make

Execution

./exploit <KASLR slide>

Tested on macOS Mojave: Darwin Kernel-Mac.local 18.7.0 Darwin Kernel Version 18.7.0: Thu Jun 20 18:42:21 PDT 2019; root:xnu-4903.270.47~4/DEVELOPMENT_X86_64 x86_64

Demo:

asciicast

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].