人生在世，看得透，又看得远者prevail everywhere.

gg.gg/13nbnz gg.gg/13p5tj gg.gg/13p9s5 gg.gg/13tljl gg.gg/13xudz gg.gg/13xy3p gg.gg/143tqc linux.die.net linux.it.net.cn ostechnix.com unix.com gg.gg/19yv96 gg.gg/1bv5v3 man.linuxde.net gg.gg/148erg bit.ly/2vsM34J bit.ly/2EzoUDo gg.gg/1c3of3 bit.ly/2v6jGJi bit.ly/2tW6eYT gg.gg/1bzayz gg.gg/1bzazg bit.ly/2X6vadl bit.ly/2viLpHU linuxprobe.com linuxtechi.com systutorials.com ghacks.net linuxopsys.com reurl.cc/8W1x3X reurl.cc/NpzMWe reurl.cc/WrgYdx reurl.cc/Yv4Yvo reurl.cc/Lmy90K reurl.cc/Rr5aeG

Tuesday 12 May 2020

KeySteal, A macOS <= 10.14.3 Keychain exploit

KeySteal is a macOS <= 10.14.3 Keychain exploit that allows you to access passwords inside the Keychain without a user prompt. The vulnerability has been assigned CVE-2019-8526 number.
KeySteal consists of two parts:

KeySteal Daemon: This is a daemon that exploits securityd to get a session that is allowed to access the Keychain without a password prompt.
KeySteal Client: This is a library that can be injected into Apps. It will automatically apply a patch that forces the Security Framework to use the session of our keysteal daemon.

Building and Running

Open the KeySteal Xcode Project
Build the keystealDaemon and keystealClient
Open the directory which contains the built daemon and client (right cick on keystealDaemon -> Open in Finder)
Run dump-keychain.sh

from https://github.com/LinusHenze/Keysteal