Sneed-Reactivity/yara-mikesxrs/AirBnB/hacktool_macos_exploit_cve_2015_5889.yara

rule hacktool_macos_exploit_cve_5889
{
    meta:
        description = "http://www.cvedetails.com/cve/cve-2015-5889"
        reference = "https://www.exploit-db.com/exploits/38371/"
        author = "@mimeframe"
    strings:
        $a1 = "/etc/sudoers" fullword wide ascii
        $a2 = "/etc/crontab" fullword wide ascii
        $a3 = "* * * * * root echo" wide ascii
        $a4 = "ALL ALL=(ALL) NOPASSWD: ALL" wide ascii
        $a5 = "/usr/bin/rsh" fullword wide ascii
        $a6 = "localhost" fullword wide ascii
    condition:
        all of ($a*)
}
OMG ISTG PLS WORK RED PILL :red_circle: :pill: 2024-07-25 12:43:35 -05:00			`rule hacktool_macos_exploit_cve_5889`
			`{`
			`meta:`
			`description = "http://www.cvedetails.com/cve/cve-2015-5889"`
			`reference = "https://www.exploit-db.com/exploits/38371/"`
			`author = "@mimeframe"`
			`strings:`
			`$a1 = "/etc/sudoers" fullword wide ascii`
			`$a2 = "/etc/crontab" fullword wide ascii`
			`$a3 = "* * * * * root echo" wide ascii`
			`$a4 = "ALL ALL=(ALL) NOPASSWD: ALL" wide ascii`
			`$a5 = "/usr/bin/rsh" fullword wide ascii`
			`$a6 = "localhost" fullword wide ascii`
			`condition:`
			`all of ($a*)`
			`}`