hacktricks/macos-hardening/macos-useful-commands.md

# Comandi Utili per macOS

{% hint style="success" %}
Impara e pratica l'Hacking su AWS:<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\
Impara e pratica l'Hacking su GCP: <img src="/.gitbook/assets/grte.png" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)

<details>

<summary>Sostieni HackTricks</summary>

* Controlla i [**piani di abbonamento**](https://github.com/sponsors/carlospolop)!
* **Unisciti al** 💬 [**gruppo Discord**](https://discord.gg/hRep4RUj7f) o al [**gruppo telegram**](https://t.me/peass) o **seguici** su **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
* **Condividi trucchi di hacking inviando PR ai** [**HackTricks**](https://github.com/carlospolop/hacktricks) e [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) repository di Github.

</details>
{% endhint %}

### Strumenti di Enumerazione Automatica per macOS

* **MacPEAS**: [https://github.com/carlospolop/PEASS-ng/tree/master/linPEAS](https://github.com/carlospolop/PEASS-ng/tree/master/linPEAS)
* **Metasploit**: [https://github.com/rapid7/metasploit-framework/blob/master/modules/post/osx/gather/enum\_osx.rb](https://github.com/rapid7/metasploit-framework/blob/master/modules/post/osx/gather/enum\_osx.rb)
* **SwiftBelt**: [https://github.com/cedowens/SwiftBelt](https://github.com/cedowens/SwiftBelt)

### Comandi Specifici per macOS
```bash
#System info
date
cal
uptime #show time from starting
w #list users
whoami #this user
finger username #info about user
uname -a #sysinfo
cat /proc/cpuinfo #processor
cat /proc/meminfo #memory
free #check memory
df #check disk

launchctl list #List services
atq #List "at" tasks for the user
sysctl -a #List kernel configuration
diskutil list #List connected hard drives
nettop #Monitor network usage of processes in top style

system_profiler SPSoftwareDataType #System info
system_profiler SPPrintersDataType #Printer
system_profiler SPApplicationsDataType #Installed Apps
system_profiler SPFrameworksDataType #Instaled framework
system_profiler SPDeveloperToolsDataType #Developer tools info
system_profiler SPStartupItemDataType #Startup Items
system_profiler SPNetworkDataType #Network Capabilities
system_profiler SPFirewallDataType #Firewall Status
system_profiler SPNetworkLocationDataType #Known Network
system_profiler SPBluetoothDataType #Bluetooth Info
system_profiler SPEthernetDataType #Ethernet Info
system_profiler SPUSBDataType #USB info
system_profiler SPAirPortDataType #Airport Info


#Searches
mdfind password #Show all the files that contains the word password
mfind -name password #List all the files containing the word password in the name


#Open any app
open -a <Application Name> --hide #Open app hidden
open some.doc -a TextEdit #Open a file in one application


#Computer doesn't go to sleep
caffeinate &


#Screenshot
# This will ask for permission to the user
screencapture -x /tmp/ss.jpg #Save screenshot in that file


#Get clipboard info
pbpaste


#system_profiler
system_profiler --help #This command without arguments take lot of memory and time.
system_profiler -listDataTypes
system_profiler SPSoftwareDataType SPNetworkDataType


#Network
arp -i en0 -l -a #Print the macOS device's ARP table
lsof -i -P -n | grep LISTEN
smbutil statshares -a #View smb shares mounted to the hard drive

#networksetup - set or view network options: Proxies, FW options and more
networksetup -listallnetworkservices #List network services
networksetup -listallhardwareports #Hardware ports
networksetup -getinfo Wi-Fi #Wi-Fi info
networksetup -getautoproxyurl Wi-Fi #Get proxy URL for Wifi
networksetup -getwebproxy Wi-Fi #Wifi Web proxy
networksetup -getftpproxy Wi-Fi #Wifi ftp proxy


#Brew
brew list #List installed
brew search <text> #Search package
brew info <formula>
brew install <formula>
brew uninstall <formula>
brew cleanup #Remove older versions of installed formulae.
brew cleanup <formula> #Remove older versions of specified formula.


#Make the machine talk
say hello -v diego
#spanish: diego, Jorge, Monica
#mexican: Juan, Paulina
#french: Thomas, Amelie

########### High privileges actions
sudo purge #purge RAM
#Sharing preferences
sudo launchctl load -w /System/Library/LaunchDaemons/ssh.plist (enable ssh)
sudo launchctl unload /System/Library/LaunchDaemons/ssh.plist (disable ssh)
#Start apache
sudo apachectl (start|status|restart|stop)
##Web folder: /Library/WebServer/Documents/
#Remove DNS cache
dscacheutil -flushcache
sudo killall -HUP mDNSResponder
```
### Software e Servizi Installati

Controlla le applicazioni **sospette** installate e i **privilegi** sulle risorse installate:
```
system_profiler SPApplicationsDataType #Installed Apps
system_profiler SPFrameworksDataType #Instaled framework
lsappinfo list #Installed Apps
launchctl list #Services
```
### Processi Utente
```bash
# will print all the running services under that particular user domain.
launchctl print gui/<users UID>

# will print all the running services under root
launchctl print system

# will print detailed information about the specific launch agent. And if it’s not running or you’ve mistyped, you will get some output with a non-zero exit code: Could not find service “com.company.launchagent.label” in domain for login
launchctl print gui/<user's UID>/com.company.launchagent.label
```
### Crea un utente

Senza prompt

<figure><img src="../.gitbook/assets/image (79).png" alt=""><figcaption></figcaption></figure>

{% hint style="success" %}
Impara e pratica l'hacking su AWS:<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\
Impara e pratica l'hacking su GCP: <img src="/.gitbook/assets/grte.png" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)

<details>

<summary>Supporta HackTricks</summary>

* Controlla i [**piani di abbonamento**](https://github.com/sponsors/carlospolop)!
* **Unisciti al** 💬 [**gruppo Discord**](https://discord.gg/hRep4RUj7f) o al [**gruppo telegram**](https://t.me/peass) o **seguici** su **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
* **Condividi trucchi di hacking inviando PR a** [**HackTricks**](https://github.com/carlospolop/hacktricks) e [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.

</details>
{% endhint %}
-												Translated to Italian

											
										
										
											2024-02-10 13:03:23 +00:00
+								# Comandi Utili per macOS
-												GITBOOK-3965: change request with no subject merged in GitBook

											
										
										
											2023-06-01 21:44:32 +00:00
-												Translated ['README.md', 'backdoors/salseo.md', 'binary-exploitation/arb

											
										
										
											2024-07-18 17:35:13 +00:00
+								{% hint style="success" %}
 								Impara e pratica l'Hacking su AWS:<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\
 								Impara e pratica l'Hacking su GCP: <img src="/.gitbook/assets/grte.png" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)
-												GITBOOK-3965: change request with no subject merged in GitBook

											
										
										
											2023-06-01 21:44:32 +00:00
-												Translated ['README.md', 'backdoors/salseo.md', 'binary-exploitation/arb

											
										
										
											2024-07-18 17:35:13 +00:00
+								<details>
-												GITBOOK-3965: change request with no subject merged in GitBook

											
										
										
											2023-06-01 21:44:32 +00:00
-												Translated ['README.md', 'backdoors/salseo.md', 'binary-exploitation/arb

											
										
										
											2024-07-18 17:35:13 +00:00
+								<summary>Sostieni HackTricks</summary>
-												arte

											
										
										
											2023-12-30 20:49:49 +00:00
-												Translated ['README.md', 'backdoors/salseo.md', 'binary-exploitation/arb

											
										
										
											2024-07-18 17:35:13 +00:00
+								* Controlla i [**piani di abbonamento**](https://github.com/sponsors/carlospolop)!
 								* **Unisciti al** 💬 [**gruppo Discord**](https://discord.gg/hRep4RUj7f) o al [**gruppo telegram**](https://t.me/peass) o **seguici** su **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
 								* **Condividi trucchi di hacking inviando PR ai** [**HackTricks**](https://github.com/carlospolop/hacktricks) e [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) repository di Github.
-												GITBOOK-3965: change request with no subject merged in GitBook

											
										
										
											2023-06-01 21:44:32 +00:00
 								</details>
-												Translated ['README.md', 'backdoors/salseo.md', 'binary-exploitation/arb

											
										
										
											2024-07-18 17:35:13 +00:00
+								{% endhint %}
-												GITBOOK-3965: change request with no subject merged in GitBook

											
										
										
											2023-06-01 21:44:32 +00:00
-												Translated ['README.md', 'backdoors/salseo.md', 'binary-exploitation/arb

											
										
										
											2024-07-18 17:35:13 +00:00
+								### Strumenti di Enumerazione Automatica per macOS
-												GITBOOK-3965: change request with no subject merged in GitBook

											
										
										
											2023-06-01 21:44:32 +00:00
 								* **MacPEAS**: [https://github.com/carlospolop/PEASS-ng/tree/master/linPEAS](https://github.com/carlospolop/PEASS-ng/tree/master/linPEAS)
 								* **Metasploit**: [https://github.com/rapid7/metasploit-framework/blob/master/modules/post/osx/gather/enum\_osx.rb](https://github.com/rapid7/metasploit-framework/blob/master/modules/post/osx/gather/enum\_osx.rb)
 								* **SwiftBelt**: [https://github.com/cedowens/SwiftBelt](https://github.com/cedowens/SwiftBelt)
-												Translated ['README.md', 'backdoors/salseo.md', 'binary-exploitation/arb

											
										
										
											2024-07-18 17:35:13 +00:00
+								### Comandi Specifici per macOS
-												GITBOOK-3965: change request with no subject merged in GitBook

											
										
										
											2023-06-01 21:44:32 +00:00
+								```bash
 								#System info
 								date
 								cal
 								uptime #show time from starting
 								w #list users
 								whoami #this user
 								finger username #info about user
 								uname -a #sysinfo
 								cat /proc/cpuinfo #processor
 								cat /proc/meminfo #memory
 								free #check memory
 								df #check disk
 								launchctl list #List services
 								atq #List "at" tasks for the user
 								sysctl -a #List kernel configuration
 								diskutil list #List connected hard drives
 								nettop #Monitor network usage of processes in top style
 								system_profiler SPSoftwareDataType #System info
 								system_profiler SPPrintersDataType #Printer
 								system_profiler SPApplicationsDataType #Installed Apps
 								system_profiler SPFrameworksDataType #Instaled framework
 								system_profiler SPDeveloperToolsDataType #Developer tools info
 								system_profiler SPStartupItemDataType #Startup Items
 								system_profiler SPNetworkDataType #Network Capabilities
 								system_profiler SPFirewallDataType #Firewall Status
 								system_profiler SPNetworkLocationDataType #Known Network
 								system_profiler SPBluetoothDataType #Bluetooth Info
 								system_profiler SPEthernetDataType #Ethernet Info
 								system_profiler SPUSBDataType #USB info
 								system_profiler SPAirPortDataType #Airport Info
 								#Searches
 								mdfind password #Show all the files that contains the word password
 								mfind -name password #List all the files containing the word password in the name
 								#Open any app
 								open -a <Application Name> --hide #Open app hidden
 								open some.doc -a TextEdit #Open a file in one application
 								#Computer doesn't go to sleep
 								caffeinate &
 								#Screenshot
 								# This will ask for permission to the user
 								screencapture -x /tmp/ss.jpg #Save screenshot in that file
 								#Get clipboard info
 								pbpaste
 								#system_profiler
 								system_profiler --help #This command without arguments take lot of memory and time.
 								system_profiler -listDataTypes
 								system_profiler SPSoftwareDataType SPNetworkDataType
 								#Network
 								arp -i en0 -l -a #Print the macOS device's ARP table
 								lsof -i -P -n | grep LISTEN
 								smbutil statshares -a #View smb shares mounted to the hard drive
 								#networksetup - set or view network options: Proxies, FW options and more
 								networksetup -listallnetworkservices #List network services
 								networksetup -listallhardwareports #Hardware ports
 								networksetup -getinfo Wi-Fi #Wi-Fi info
 								networksetup -getautoproxyurl Wi-Fi #Get proxy URL for Wifi
 								networksetup -getwebproxy Wi-Fi #Wifi Web proxy
 								networksetup -getftpproxy Wi-Fi #Wifi ftp proxy
 								#Brew
 								brew list #List installed
 								brew search <text> #Search package
 								brew info <formula>
 								brew install <formula>
 								brew uninstall <formula>
 								brew cleanup #Remove older versions of installed formulae.
 								brew cleanup <formula> #Remove older versions of specified formula.
 								#Make the machine talk
 								say hello -v diego
 								#spanish: diego, Jorge, Monica
 								#mexican: Juan, Paulina
 								#french: Thomas, Amelie
 								########### High privileges actions
 								sudo purge #purge RAM
 								#Sharing preferences
 								sudo launchctl load -w /System/Library/LaunchDaemons/ssh.plist (enable ssh)
 								sudo launchctl unload /System/Library/LaunchDaemons/ssh.plist (disable ssh)
 								#Start apache
 								sudo apachectl (start|status|restart|stop)
-												Translated to Italian

											
										
										
											2024-02-10 13:03:23 +00:00
+								##Web folder: /Library/WebServer/Documents/
-												GITBOOK-3965: change request with no subject merged in GitBook

											
										
										
											2023-06-01 21:44:32 +00:00
+								#Remove DNS cache
 								dscacheutil -flushcache
 								sudo killall -HUP mDNSResponder
 								```
-												Translated to Italian

											
										
										
											2024-02-10 13:03:23 +00:00
+								### Software e Servizi Installati
-												GITBOOK-3965: change request with no subject merged in GitBook

											
										
										
											2023-06-01 21:44:32 +00:00
-												Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/aw2

											
										
										
											2024-05-05 22:09:41 +00:00
+								Controlla le applicazioni **sospette** installate e i **privilegi** sulle risorse installate:
-												GITBOOK-3965: change request with no subject merged in GitBook

											
										
										
											2023-06-01 21:44:32 +00:00
+								```
 								system_profiler SPApplicationsDataType #Installed Apps
 								system_profiler SPFrameworksDataType #Instaled framework
 								lsappinfo list #Installed Apps
-												Translated ['macos-hardening/macos-useful-commands.md'] to it

											
										
										
											2024-03-11 14:47:54 +00:00
+								launchctl list #Services
-												GITBOOK-3965: change request with no subject merged in GitBook

											
										
										
											2023-06-01 21:44:32 +00:00
+								```
-												Translated to Italian

											
										
										
											2024-02-10 13:03:23 +00:00
+								### Processi Utente
-												GITBOOK-3986: change request with no subject merged in GitBook

											
										
										
											2023-06-14 17:31:12 +00:00
+								```bash
-												GITBOOK-3965: change request with no subject merged in GitBook

											
										
										
											2023-06-01 21:44:32 +00:00
+								# will print all the running services under that particular user domain.
 								launchctl print gui/<users UID>
 								# will print all the running services under root
 								launchctl print system
 								# will print detailed information about the specific launch agent. And if it’s not running or you’ve mistyped, you will get some output with a non-zero exit code: Could not find service “com.company.launchagent.label” in domain for login
 								launchctl print gui/<user's UID>/com.company.launchagent.label
 								```
-												Translated ['macos-hardening/macos-useful-commands.md'] to it

											
										
										
											2024-03-11 14:47:54 +00:00
+								### Crea un utente
-												GITBOOK-3965: change request with no subject merged in GitBook

											
										
										
											2023-06-01 21:44:32 +00:00
-												Translated to Italian

											
										
										
											2024-02-10 13:03:23 +00:00
+								Senza prompt
-												GITBOOK-3986: change request with no subject merged in GitBook

											
										
										
											2023-06-14 17:31:12 +00:00
-												Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/aw2

											
										
										
											2024-05-05 22:09:41 +00:00
+								<figure><img src="../.gitbook/assets/image (79).png" alt=""><figcaption></figcaption></figure>
-												Translated ['README.md', 'backdoors/salseo.md', 'binary-exploitation/arb

											
										
										
											2024-07-18 17:35:13 +00:00
 								{% hint style="success" %}
 								Impara e pratica l'hacking su AWS:<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\
 								Impara e pratica l'hacking su GCP: <img src="/.gitbook/assets/grte.png" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)
 								<details>
 								<summary>Supporta HackTricks</summary>
 								* Controlla i [**piani di abbonamento**](https://github.com/sponsors/carlospolop)!
 								* **Unisciti al** 💬 [**gruppo Discord**](https://discord.gg/hRep4RUj7f) o al [**gruppo telegram**](https://t.me/peass) o **seguici** su **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
 								* **Condividi trucchi di hacking inviando PR a** [**HackTricks**](https://github.com/carlospolop/hacktricks) e [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
 								</details>
 								{% endhint %}