Showing 1 - 2 of 2

Files from CodeColorist

First Active	2019-05-22
Last Active	2019-07-01

Mac OS X TimeMachine (tmdiagnose) Command Injection Privilege Escalation: Posted Jul 1, 2019; Authored by timwr, CodeColorist | Site metasploit.com; This Metasploit module exploits a command injection in TimeMachine on macOS <= 10.14.3 in order to run a payload as root. The tmdiagnose binary on OSX <= 10.14.3 suffers from a command injection vulnerability that can be exploited by creating a specially crafted disk label. The tmdiagnose binary uses awk to list every mounted volume, and composes shell commands based on the volume labels. By creating a volume label with the backtick character, we can have our own binary executed with root privileges.; tags | exploit, shell, root; systems | apple; advisories | CVE-2019-8513; SHA-256 | 7eb0567032fbb9cfa6bb44edac50bb3c598c094fd089f1288cc6d474ba8add57; Download | Favorite | View

Mac OS X Feedback Assistant Race Condition: Posted May 22, 2019; Authored by timwr, CodeColorist | Site metasploit.com; This Metasploit module exploits a race condition vulnerability in Mac's Feedback Assistant. A successful attempt would result in remote code execution under the context of root.; tags | exploit, remote, root, code execution; advisories | CVE-2019-8565; SHA-256 | 177b5b62a07b473da68dffff7f74c282ae90ad2e298981c9578046603f9e403a; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days