Hacking macOS: How to Perform Privilege Escalation, Part 2 (Password Phishing)

Locating and abusing files containing unsafe permissions is an easy and surefire way to elevate shell privileges on a backdoored macOS device. This time around, we’ll be more aggressive and attempt to phish a user’s login password by prompting a convincing popup message merely asking the target for their password.
This privilege escalation method consists of the attacker invoking a prompt that instructs the target users to enter their password into a convincing popup window. The Empire prompt module allows us to spoof which application is requesting the user’s login password. So, we can make… more

Link: https://null-byte.wonderhowto.com/how-to/hacking-macos-perform-privilege-escalation-part-2-password-phishing-0186332/