Created
March 1, 2024 13:52
-
-
Save BomberFish/0a1c158205918eb7455ca77ac04ce8be to your computer and use it in GitHub Desktop.
Find XPC Services vulnerable to CVE-2023-42942
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| isMachO() { | |
| if [[ $(file "$1") == *Mach-O* ]]; then | |
| return 0 | |
| else | |
| return 1 | |
| fi | |
| } | |
| echo "[*] XPC Service Finder 5000" | |
| if [[ $EUID -ne 0 ]]; then | |
| echo "Warning: This needs root! Run with sudo!" | |
| fi | |
| find /rootfs -name "*.xpc" -print0 | while read -d $'\0' file | |
| do | |
| echo "[*] Found XPC service at $file! Checking for valid binaries..." | |
| if [[ -f $file ]]; then | |
| echo "[!] $file is not a directory, skipping..." | |
| continue | |
| fi | |
| for subfile in $file/*; do | |
| if isMachO "$subfile"; then | |
| echo "[*] Found Mach-O binary at $subfile! Checking for entitlement we can exploit..." | |
| ENTS=$(ldid -e "$subfile") | |
| case "$ENTS" in | |
| *com.apple.private.xpc.role-account*) | |
| echo "[√] Found our entitlement for XPC service at $subfile!" | |
| ;; | |
| esac | |
| fi | |
| done | |
| done |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment