Gain Root without Password- macOS Sierra

Exploiting Browsers using PasteJacking and XSSJacking Vulnerability

November 15, 2017

Cryptocurrency Mining Scripts Harnessing your cpu memory via Browsers

December 1, 2017

Published by Samrat Das at December 1, 2017

A critical vulnerability has been discovered in macOS High Sierra allowing any user to get root access on a mac system without any passwords.

In order to perform this, you just need to type “root” into the username field, leave the password blank, and hit the Enter a few times ( two or more) and gain access immediately.

To carry out the exploit,

-> Open System Preferences-> Users & Groups -> Enter “root” in the username field-> Select Password field and hit enter multiple times.

Root access

What’s more, there’s no patch yet for this!

Make-shift fix to protect:

-> Enable the root user with a password.

Follow the below steps:

System Preferences -> Users & Groups -> Enter your admin name and password there
Go to Login Options -> Join -> Open Directory Utility”
Make changes and type your username and password -> Edit-> Enable Root User-> Set password
Additionally, disable Guest accounts on your Mac
System Preferences → Users & Groups-> Guest User-> Disable Allow guests to log in to this computer

Samrat Das

Samrat Das is an expert security consultant who deals with any problems given to him with ease. Ambitious about his goals, he always makes sure to solve the security issues he finds.

Gain Root without Password- macOS Sierra

Exploiting Browsers using PasteJacking and XSSJacking Vulnerability

Cryptocurrency Mining Scripts Harnessing your cpu memory via Browsers

Samrat Das

Related posts

How to Set Up a Comprehensive Penetration Testing Program?

The Top 5 Penetration Testing Service Companies

Does SOC 2 Type II Require Penetration Testing?

Leave a Reply Cancel reply