Bigphish - privilege escalation in OSX through systemwide root for all PID on sudo.

Bigphish – privilege escalation in OSX through systemwide root for all PID on sudo.

Bigphish is aEasy to use exploit crafter for privilege escalation in OSX through systemwide root for all PID on sudo
For whatever reason OSX hand out root privs to all PID any time sudo is run… This is an example of weaponizing for gaining a reverse root shell in one line of bash on an otherwise unmodified system. Great for a driveby attack with ducky or teensy on power users where simply providing the user with a fake prompt to enter their password won’t work.

bigphish v1.2

bigphish v1.2

TODO:
+ eliminate false positives of unsuccessful sudo attempts triggering the exploit prematurely
+ add more payloads
+ tor support for reverse shell??

Current Version:
+ V1.2 adds an exploit crafter for building process kill loops in OSX, even for processes owned by root or by other users along with an easy option to add custom commands from the interactive shell

Solution:
Assign passwordless root only to the PID of that shell

Usage:

Source: https://github.com/Psychotrope37