Vulnerability & Exploit Database

Back to search

Mac OS X APFS Encrypted Volume Password Disclosure

This module exploits a flaw in OSX 10.13 through 10.13.3 that discloses the passwords of encrypted APFS volumes. In OSX a normal user can use the 'log' command to view the system logs. In OSX 10.13 to 10.13.2 when a user creates an encrypted APFS volume the password is visible in plaintext within these logs.

Free Metasploit Download

Get your copy of the world's leading penetration testing tool

 Download Now

Module Name

post/osx/gather/apfs_encrypted_volume_passwd

Authors

  • Sarah Edwards
  • cbrnrd

References

Platforms

  • osx

Architectures

  • x86
  • x86_64
  • x64
  • mips
  • mipsle
  • mipsbe
  • mips64
  • mips64le
  • ppc
  • ppce500v2
  • ppc64
  • ppc64le
  • cbea
  • cbea64
  • sparc
  • sparc64
  • armle
  • armbe
  • aarch64
  • cmd
  • php
  • tty
  • java
  • ruby
  • dalvik
  • python
  • nodejs
  • firefox
  • zarch
  • r

Reliability

Development

Module Options

To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':

msf > use post/osx/gather/apfs_encrypted_volume_passwd msf post(apfs_encrypted_volume_passwd) > sessions ...sessions... msf post(apfs_encrypted_volume_passwd) > set SESSION <session-id> msf post(apfs_encrypted_volume_passwd) > show options ...show and set options... msf post(apfs_encrypted_volume_passwd) > run