Sneed-Reactivity/yara-mikesxrs/AirBnB/hacktool_macos_exploit_cve_2015_5889.yara

17 lines
558 B
Text
Raw Normal View History

rule hacktool_macos_exploit_cve_5889
{
meta:
description = "http://www.cvedetails.com/cve/cve-2015-5889"
reference = "https://www.exploit-db.com/exploits/38371/"
author = "@mimeframe"
strings:
$a1 = "/etc/sudoers" fullword wide ascii
$a2 = "/etc/crontab" fullword wide ascii
$a3 = "* * * * * root echo" wide ascii
$a4 = "ALL ALL=(ALL) NOPASSWD: ALL" wide ascii
$a5 = "/usr/bin/rsh" fullword wide ascii
$a6 = "localhost" fullword wide ascii
condition:
all of ($a*)
}