what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 7 of 7 RSS Feed

Files from Todd C. Miller

First Active1999-08-17
Last Active2013-08-26
Mac OS X Sudo Password Bypass
Posted Aug 26, 2013
Authored by Todd C. Miller, juan vazquez, joev | Site metasploit.com

This Metasploit module gains a session with root permissions on versions of OS X with sudo binary vulnerable to CVE-2013-1775. Tested working on Mac OS 10.7-10.8.4, and possibly lower versions. If your session belongs to a user with Administrative Privileges (the user is in the sudoers file and is in the "admin group"), and the user has ever run the "sudo" command, it is possible to become the super user by running `sudo -k` and then resetting the system clock to 01-01-1970. This Metasploit module will fail silently if the user is not an admin or if the user has never run the sudo command.

tags | exploit, root
systems | apple, osx
advisories | CVE-2013-1775, OSVDB-90677
SHA-256 | 861501e9890ef0e4cff6780f3ce32dadf2038337f7e60f127a1275773d181e73
Download | Favorite | View
cu-sudo.v1.5.9p2.tar.gz
Posted Aug 17, 1999
Authored by Todd C. Miller

sudo 1.5.9p2 - Sudo (superuser do) allows a system administrator to give certain users (or groups of users) the ability to run some (or all) commands as root while logging all commands and arguments. Sudo operates on a per-command basis, it is not a replacement for the shell.

tags | shell, root
systems | unix
SHA-256 | cac0df69d54e7e99be16d095c59f938b16542351127fd08f965054b5957adf38
Download | Favorite | View
cu-sudo.v1.6beta4.tar.gz
Posted Aug 17, 1999
Authored by Todd C. Miller

Sudo (superuser do) allows a system administrator to give certain users (or groups of users) the ability to run some (or all) commands as root while logging all commands and arguments. Sudo operates on a per-command basis, it is not a replacement for the shell.

tags | shell, root
systems | unix
SHA-256 | 899bb649ae7de36549fa7be437cfb6723f4c4725bce6cc293d05e7291a5861ba
Download | Favorite | View
cu-sudo.v1.6beta3.tar.gz
Posted Aug 17, 1999
Authored by Todd C. Miller

Sudo (superuser do) allows a system administrator to give certain users (or groups of users) the ability to run some (or all) commands as root while logging all commands and arguments. Sudo operates on a per-command basis, it is not a replacement for the shell.

tags | shell, root
systems | unix
SHA-256 | de28426096190b68d96b6a2c0a0d5f6327cf3a5d451d12f26b2d2d0866203556
Download | Favorite | View
cu-sudo.v1.6beta2.tar.gz
Posted Aug 17, 1999
Authored by Todd C. Miller

sudo 1.6b2 - Sudo (superuser do) allows a system administrator to give certain users (or groups of users) the ability to run some (or all) commands as root while logging all commands and arguments. Sudo operates on a per-command basis, it is not a replacement for the shell.

tags | shell, root
systems | unix
SHA-256 | cea32d69ee6808f1cf2f5947ca57a7c4ce4b3421540de4bc960caf97cf0d1c34
Download | Favorite | View
cu-sudo.v1.5.9p1.patch.gz
Posted Aug 17, 1999
Authored by Todd C. Miller

This patch will upgrade CU Sudo version 1.5.9 to version 1.5.9 patchlevel 1.

systems | unix
SHA-256 | 02d149a898a858a8c0d32d34d486e5975a3e4e36ebbf44d4b4730606b460c62a
Download | Favorite | View
cu-sudo.v1.5.9p1.tar.gz
Posted Aug 17, 1999
Authored by Todd C. Miller

sudo 1.5.9p1 - Sudo (superuser do) allows a system administrator to give certain users (or groups of users) the ability to run some (or all) commands as root while logging all commands and arguments. Sudo operates on a per-command basis, it is not a replacement for the shell.

Changes: Added dirfd() macro for systems without it, better check for socket() in -lsocket -lnsl in configure, minor configure fixes, fixed a bug wrt quoting characters in command args, make --without-sendmail works, fixed a segv if HOST_IN_LOG defined and gethostbyname() fails, fixed a parse bug wrt the ! operator and runas specs, use new emalloc/erealloc/estrdup functions, new PAM code that should work on both Solaris and Linux, make sudo's usage info better when mutually exclusive args are given and don't rely on argument order to detect this, in visudo, shift return value of system() by 8 to get the real exit value.
tags | shell, root
systems | unix
SHA-256 | a40d252d0efdb3ef957060d47ef5143742240db3ed26edcc1991628e9ff755a6
Download | Favorite | View
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close