GitHub - kpwn/vpwn: xnu local privilege escalation via cve-2015-1140 IOHIDSecurePromptClient injectStringGated heap overflow

Branches Tags

Name		Name	Last commit message	Last commit date
Latest commit History 9 Commits
Makefile		Makefile
README.txt		README.txt
import.h		import.h
lsym.h		lsym.h
lsym.m		lsym.m
lsym_gadgets.h		lsym_gadgets.h
lsym_payload.m		lsym_payload.m
lsym_priv.h		lsym_priv.h
lsym_priv.m		lsym_priv.m
main.m		main.m
patch.c		patch.c
unpatch.c		unpatch.c

Repository files navigation

~vpwn by qwertyoruiop

generic xnu heap overflow exploitation.


demo output:

$ ./pwn
[i] Preparing payload...
[i] broke out of kaslr, kaslr_slide = 0000000001a00000
[+] Payload successfully crafted.
[i] Manipulating the heap...
[i] Exploit loaded.
[+] got r00t
sh-3.2# uname -a
Darwin qwertyoruiops-iMac.local 14.3.0 Darwin Kernel Version 14.3.0: Sat Mar  7 14:01:18 PST 2015; root:xnu-2782.20.39.0.1~1/RELEASE_X86_64 x86_64
sh-3.2#

About

xnu local privilege escalation via cve-2015-1140 IOHIDSecurePromptClient injectStringGated heap overflow | poc||gtfo

Readme

Activity

68 stars

15 watching

28 forks

Report repository

Releases

No releases published

Packages

No packages published

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Makefile

Makefile

README.txt

README.txt

import.h

import.h

lsym.h

lsym.h

lsym.m

lsym.m

lsym_gadgets.h

lsym_gadgets.h

lsym_payload.m

lsym_payload.m

lsym_priv.h

lsym_priv.h

lsym_priv.m

lsym_priv.m

main.m

main.m

patch.c

patch.c

unpatch.c

unpatch.c

Repository files navigation

About

Releases

Packages

Languages

Navigation Menu

kpwn/vpwn

Folders and files

Latest commit

History

Repository files navigation

About

Resources

Stars

Watchers

Forks

Languages