coelner/hacktricks
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

GITBOOK-3890: change request with no subject merged in GitBook

Browse Source
This commit is contained in:
CPol 2023-05-04 19:22:41 +00:00 committed by gitbook-bot
parent 7daae334b5
commit 41e73ca3fd
No known key found for this signature in database
GPG Key ID: 07D2180C7B12D0FF
1 changed files with 22 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
macos-hardening/macos-security-and-privilege-escalation/README.md
View File

@ -40,7 +40,9 @@ First of all, please note that **most of the tricks about privilege escalation a
* Can be XML or binary. Binary ones can be read with:
* `defaults read config.plist`
* `/usr/libexec/PlistBuddy -c print config.plsit`
* `plutil -p config.plist`
* `plutil -p ~/Library/Preferences/com.apple.screensaver.plist`
* `plutil -convert xml1 ~/Library/Preferences/com.apple.screensaver.plist -o -`
* `plutil -convert json ~/Library/Preferences/com.apple.screensaver.plist -o -`
* **`.app`**: Apple applications that follows directory structure.
* **`.dylib`**: Dynamic libraries (like Windows DLL files)
* **`.pkg`**: Are the same as xar (eXtensible Archive format). The installer command can be use to install the contents of these files.
@ -106,6 +108,25 @@ On the **left**, there is the directory path on the **System volume**, and on th
* **`/private/var/db/launchd.db/com.apple.launchd/overrides.plist`**: List of daemons deactivated.
* **`/private/etc/kcpassword`**: If autologin is enabled this file will contain the users login password XORed with a key.
### macOS Bundles
The goal of a **bundle** is to have **all the resources** the application needs in a **single location**: executables, resource files, metadata, and unique dylibs or custom frameworks. \
The **common** frequent bundle we will encounter is the **`.app` bundle**, but many other executables are also packaged as bundles, such as **`.framework`** and **`.systemextension`**.
```shell-session
% ls /Applications/Signal.app
Contents
% ls /Applications/Signal.app/Contents
CodeResources Frameworks Info.plist MacOS PkgInfo Resources _CodeSignature
% ls /Applications/Signal.app/Contents/MacOS #Here is the executable
Signal
% # You can find a .framework bundle example in:
% ls -l /System/Library/Frameworks/AVFoundation.framework
```
### Common users
* **Daemon**: User reserved for system daemons. The default daemon account names usually start with a "\_":