Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2015-1130 PoC — Apple OS X Admin Framework 安全漏洞

Source
https://github.com/Shmoopi/RootPipe-Demo
Associated Vulnerability
Title:Apple OS X Admin Framework 安全漏洞 (CVE-2015-1130)
Description:The XPC implementation in Admin Framework in Apple OS X before 10.10.3 allows local users to bypass authentication and obtain admin privileges via unspecified vectors.
Description
Proof of Concept OS X Application for RootPipe Privilege Escalation Vulnerability (CVE-2015-1130)
Readme
# RootPipe-Demo

This is a Proof-of-Concept Mac Application that demonstrates the RootPipe Privilege Escalation Vulnerability (CVE-2015-1130) identified by Emil Kvarnhammar from [TrueSec](https://truesecdev.wordpress.com/2015/04/09/hidden-backdoor-api-to-root-privileges-in-apple-os-x/)

This demo was written in Objective-C, ported from the Python PoC here:  [RootPipe](https://github.com/hiburn8/rootpipe)

![Demo Mac Application](RootPipeDemo/Image/RootPipe-Demo.png)

## Usage

To use, simply give a path to a file that you want to have escalated permissions, then provide the path where you want the file to be copied to with the escalated permissions, then provide your permissions in octal format (i.e. 04777), and (optionally) provide the file owner name and group.  

## OS Support

Mac OS X 10.9 - Mac OS X 10.10.2

## License
MIT license. Copyright © 2015 [Shmoopi LLC](http://shmoopi.net/).
File Snapshot

 [4.0K]  /data/pocs/abd719f8fa7f337a90c42214924a4a2327801ae3
├── [ 903]  README.md
└── [4.0K]  RootPipeDemo
    ├── [4.0K]  Image
    │   └── [ 44K]  RootPipe-Demo.png
    ├── [4.0K]  RootPipeDemo
    │   ├── [ 761]  AppDelegate.h
    │   ├── [ 10K]  AppDelegate.m
    │   ├── [4.0K]  Base.lproj
    │   │   └── [ 56K]  MainMenu.xib
    │   ├── [4.0K]  Images.xcassets
    │   │   └── [4.0K]  AppIcon.appiconset
    │   │       ├── [ 937]  Contents.json
    │   │       └── [ 16K]  mac_red.png
    │   ├── [1.1K]  Info.plist
    │   └── [ 240]  main.m
    └── [4.0K]  RootPipeDemo.xcodeproj
        ├── [9.7K]  project.pbxproj
        ├── [4.0K]  project.xcworkspace
        │   ├── [ 157]  contents.xcworkspacedata
        │   └── [4.0K]  xcuserdata
        │       └── [4.0K]  kramer.xcuserdatad
        │           └── [ 21K]  UserInterfaceState.xcuserstate
        └── [4.0K]  xcuserdata
            └── [4.0K]  kramer.xcuserdatad
                └── [4.0K]  xcschemes
                    ├── [4.2K]  RootPipeDemo.xcscheme
                    └── [ 574]  xcschememanagement.plist

13 directories, 14 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →