Skip to content
Open
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 6 additions & 1 deletion modules/exploits/osx/local/packagekit_zshenv_privesc.rb
Original file line number Diff line number Diff line change
Expand Up @@ -81,7 +81,7 @@ def initialize(info = {})

def check
version = Rex::Version.new(get_system_version)

if version >= Rex::Version.new('14.5')
CheckCode::Safe("macOS #{version} is patched (fixed in 14.5)")
elsif version >= Rex::Version.new('14.0')
Expand All @@ -95,6 +95,9 @@ def check
elsif version >= Rex::Version.new('12.0')
CheckCode::Appears("macOS #{version} is vulnerable")
else
if version < Rex::Version.new("10.14")
return CheckCode::Detected("macOS #{version} detected, but zsh does not exists") unless executable?("/bin/zsh")
end
CheckCode::Appears("macOS #{version} (11 and older) is vulnerable")
end
end
Expand All @@ -106,6 +109,8 @@ def exploit
home_dir = create_process('printenv', args: ['HOME']).strip
fail_with(Failure::BadConfig, 'Unable to determine home directory') if home_dir.blank?
zshenv_path = "#{home_dir}/.zshenv"

fail_with(Failure::Unknown, "The .zshenv is not writable") if exist?(zshenv_path) && !writable?(zshenv_path)

# Preserve original .zshenv so we can restore it after root execution
original_zshenv = file?(zshenv_path) ? read_file(zshenv_path) : ''
Expand Down
Loading