Skip to content
master
Switch branches/tags
Code

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

rootOS

Tries to use various CVEs to gain sudo or root access. All exploits have an end goal of adding ALL ALL=(ALL) NOPASSWD: ALL to /etc/sudoers allowing any user to run sudo commands.

screenshot

Run

python root.py

Exploits

Name CVE Date Link(s)
ARDAgent CVE-2008-2830 06/23/2008 https://nvd.nist.gov/vuln/detail/CVE-2008-2830
DYLD_PRINT_TO_FILE CVE-2015-3760 08/16/2015 https://nvd.nist.gov/vuln/detail/CVE-2015-3760 https://twitter.com/i0n1c/status/623727538234368000
MallocLog CVE-2015-5889 0/09/2015 https://nvd.nist.gov/vuln/detail/CVE-2015-5889
Proxifier Sanitize CVE-2017-7643 04/14/2017 https://nvd.nist.gov/vuln/detail/CVE-2017-7643
Sera Local Pass 10/31/2017 https://m4.rkw.io/blog/cve201715918-sera-12-local-root-privesc-and-password-disclosure.html
NoPass CVE-2017-13872 11/29/2017 https://nvd.nist.gov/vuln/detail/CVE-2017-13872 https://objective-see.com/blog/blog_0x24.html
KeySteal CVE-2019-8526 06/01/2019 https://github.com/LinusHenze/Keysteal
AppleScript Dynamic Phishing https://github.com/thehappydinoa/rootOS/blob/master/apps.json
Sudo Piggyback https://www.n00py.io/2016/10/privilege-escalation-on-os-x-without-exploits/

Dynamic Phishing

phishing

Please note the dynamic icon and prompt

Additional Exploits

License

MIT