|
|
|
|
|
|
by trapexit
4884 days ago
|
|
|
Getting from local user access to root access on an interactively-used Mac is almost trivial. Inject something into the user's bashrc/zshrc that watches their commands and waits for them to successfully use sudo. Then run sudo again immediately and do arbitrary things as root. There are several tricks that can be used by JavaScript to connect to non-origin servers, in limited ways. To create a GET, inject an <img>, <script>, <iframe>, or <style> tag. (Or several others.) To create a POST, inject a <form> tag, and call form.submit() |
|
|