Mirrors/hacktricks
2
0
Fork 0
mirror of https://github.com/carlospolop/hacktricks synced 2024-12-18 17:16:10 +00:00
Code Issues Projects Releases Packages Wiki Activity
hacktricks/macos-hardening/macos-security-and-privilege-escalation/README.md

166 lines
10 KiB
Markdown
Raw Normal View History

Translated to Portuguese
2023-06-06 18:56:34 +00:00
# Segurança e Escalada de Privilégios no macOS
Ad hacktricks sponsoring
2022-04-28 16:01:33 +00:00
<details>
update twitter
2023-04-25 18:35:28 +00:00
<summary><a href="https://cloud.hacktricks.xyz/pentesting-cloud/pentesting-cloud-methodology"><strong>☁️ HackTricks Cloud ☁️</strong></a> -<a href="https://twitter.com/hacktricks_live"><strong>🐦 Twitter 🐦</strong></a> - <a href="https://www.twitch.tv/hacktricks_live/schedule"><strong>🎙️ Twitch 🎙️</strong></a> - <a href="https://www.youtube.com/@hacktricks_LIVE"><strong>🎥 Youtube 🎥</strong></a></summary>
Ad hacktricks sponsoring
2022-04-28 16:01:33 +00:00
Translated ['README.md', 'generic-methodologies-and-resources/pentesting
2023-07-14 14:49:16 +00:00
* Você trabalha em uma **empresa de cibersegurança**? Você quer ver sua **empresa anunciada no HackTricks**? ou você quer ter acesso à **última versão do PEASS ou baixar o HackTricks em PDF**? Verifique os [**PLANOS DE ASSINATURA**](https://github.com/sponsors/carlospolop)!
Translated ['macos-hardening/macos-red-teaming/README.md', 'macos-harden
2023-06-13 00:34:54 +00:00
* Descubra [**A Família PEASS**](https://opensea.io/collection/the-peass-family), nossa coleção exclusiva de [**NFTs**](https://opensea.io/collection/the-peass-family)
Translated ['macos-hardening/macos-red-teaming/README.md', 'macos-harden
2023-06-17 14:40:12 +00:00
* Adquira o [**swag oficial do PEASS & HackTricks**](https://peass.creator-spring.com)
Translated ['README.md', 'generic-methodologies-and-resources/pentesting
2023-07-30 23:05:44 +00:00
* **Junte-se ao** [**💬**](https://emojipedia.org/speech-balloon/) [**grupo Discord**](https://discord.gg/hRep4RUj7f) ou ao [**grupo telegram**](https://t.me/peass) ou **siga-me** no **Twitter** [**🐦**](https://github.com/carlospolop/hacktricks/tree/7af18b62b3bdc423e11444677a6a73d4043511e9/\[https:/emojipedia.org/bird/README.md)[**@carlospolopm**](https://twitter.com/hacktricks\_live)**.**
Translated ['linux-hardening/privilege-escalation/README.md', 'macos-har
2023-12-20 02:30:55 +00:00
* **Compartilhe suas técnicas de hacking enviando PRs para o** [**repositório hacktricks**](https://github.com/carlospolop/hacktricks) **e para o** [**repositório hacktricks-cloud**](https://github.com/carlospolop/hacktricks-cloud).
Ad hacktricks sponsoring
2022-04-28 16:01:33 +00:00
GitBook: [#3633] No subject
2022-10-27 23:22:18 +00:00
</details>
Ad hacktricks sponsoring
2022-04-28 16:01:33 +00:00
Translated ['README.md', 'generic-methodologies-and-resources/pentesting
2023-07-31 17:51:15 +00:00
<figure><img src="../../.gitbook/assets/image (1) (3) (1).png" alt=""><figcaption></figcaption></figure>
Ad hacktricks sponsoring
2022-04-28 16:01:33 +00:00
Translated ['linux-hardening/privilege-escalation/README.md', 'macos-har
2023-12-20 02:30:55 +00:00
Junte-se ao servidor [**HackenProof Discord**](https://discord.com/invite/N3FrSbmwdy) para se comunicar com hackers experientes e caçadores de recompensas por bugs!
hp
2023-02-27 09:28:45 +00:00
Translated ['linux-hardening/privilege-escalation/README.md', 'macos-har
2023-12-20 02:30:55 +00:00
**Percepções de Hacking**\
Envolver-se com conteúdo que explora a emoção e os desafios do hacking
hp
2023-02-27 09:28:45 +00:00
Translated ['linux-hardening/privilege-escalation/README.md', 'macos-har
2023-12-20 02:30:55 +00:00
**Notícias de Hacking em Tempo Real**\
Mantenha-se atualizado com o mundo acelerado do hacking através de notícias e percepções em tempo real
hp
2023-02-27 09:28:45 +00:00
Translated ['linux-hardening/privilege-escalation/README.md', 'macos-har
2023-12-20 02:30:55 +00:00
**Últimos Anúncios**\
Fique informado sobre os mais recentes programas de recompensas por bugs lançados e atualizações cruciais das plataformas
Translated ['README.md', 'generic-methodologies-and-resources/pentesting
2023-07-14 14:49:16 +00:00
Translated ['linux-hardening/privilege-escalation/README.md', 'macos-har
2023-12-20 02:30:55 +00:00
**Junte-se a nós no** [**Discord**](https://discord.com/invite/N3FrSbmwdy) e comece a colaborar com os melhores hackers hoje!
Translated ['README.md', 'generic-methodologies-and-resources/pentesting
2023-07-14 14:49:16 +00:00
Translated ['linux-hardening/privilege-escalation/README.md', 'macos-har
2023-12-20 02:30:55 +00:00
## Conceitos Básicos do MacOS
Ad hacktricks sponsoring
2022-04-28 16:01:33 +00:00
Translated ['linux-hardening/privilege-escalation/README.md', 'macos-har
2023-12-20 02:30:55 +00:00
Se você não está familiarizado com o macOS, você deve começar aprendendo os conceitos básicos do macOS:
GitBook: [master] 508 pages modified
2021-08-14 18:01:10 +00:00
Translated ['linux-hardening/privilege-escalation/README.md', 'macos-har
2023-12-20 02:30:55 +00:00
* **Arquivos e permissões especiais** do macOS:
GITBOOK-3958: change request with no subject merged in GitBook
2023-05-29 20:18:06 +00:00
GITBOOK-3960: change request with no subject merged in GitBook
2023-06-01 11:07:04 +00:00
{% content-ref url="macos-files-folders-and-binaries/" %}
[macos-files-folders-and-binaries](macos-files-folders-and-binaries/)
GITBOOK-3892: change request with no subject merged in GitBook
2023-05-04 23:22:39 +00:00
{% endcontent-ref %}
GITBOOK-3890: change request with no subject merged in GitBook
2023-05-04 19:22:41 +00:00
Translated to Portuguese
2023-06-06 18:56:34 +00:00
* Usuários comuns do macOS
GitBook: [master] 508 pages modified
2021-08-14 18:01:10 +00:00
GITBOOK-3960: change request with no subject merged in GitBook
2023-06-01 11:07:04 +00:00
{% content-ref url="macos-users.md" %}
[macos-users.md](macos-users.md)
{% endcontent-ref %}
GitBook: [master] 508 pages modified
2021-08-14 18:01:10 +00:00
Translated ['linux-hardening/privilege-escalation/README.md', 'macos-har
2023-12-20 02:30:55 +00:00
* **AppleFS**
GitBook: [master] 2 pages modified
2021-08-18 16:50:47 +00:00
GITBOOK-3960: change request with no subject merged in GitBook
2023-06-01 11:07:04 +00:00
{% content-ref url="macos-applefs.md" %}
[macos-applefs.md](macos-applefs.md)
{% endcontent-ref %}
GitBook: [master] 2 pages modified
2021-08-18 16:50:47 +00:00
Translated ['linux-hardening/privilege-escalation/README.md', 'macos-har
2023-12-20 02:30:55 +00:00
* A **arquitetura** do **kernel**
GitBook: [master] 508 pages modified
2021-08-14 18:01:10 +00:00
GITBOOK-3892: change request with no subject merged in GitBook
2023-05-04 23:22:39 +00:00
{% content-ref url="mac-os-architecture/" %}
[mac-os-architecture](mac-os-architecture/)
GitBook: [#2777] gitbookissooooo slow I cannot write
2021-10-18 11:21:18 +00:00
{% endcontent-ref %}
GitBook: [master] 508 pages modified
2021-08-14 18:01:10 +00:00
Translated to Portuguese
2023-06-06 18:56:34 +00:00
* Serviços e protocolos de rede comuns do macOS
GitBook: [master] 508 pages modified
2021-08-14 18:01:10 +00:00
GITBOOK-3960: change request with no subject merged in GitBook
2023-06-01 11:07:04 +00:00
{% content-ref url="macos-protocols.md" %}
[macos-protocols.md](macos-protocols.md)
GitBook: [#2777] gitbookissooooo slow I cannot write
2021-10-18 11:21:18 +00:00
{% endcontent-ref %}
GitBook: [master] 508 pages modified
2021-08-14 18:01:10 +00:00
Translated ['linux-hardening/privilege-escalation/README.md', 'macos-har
2023-12-20 02:30:55 +00:00
* **macOS** de **código aberto**: [https://opensource.apple.com/](https://opensource.apple.com/)
Translated ['macos-hardening/macos-security-and-privilege-escalation/REA
2023-09-25 17:47:02 +00:00
* Para baixar um `tar.gz`, altere uma URL como [https://opensource.apple.com/**source**/dyld/](https://opensource.apple.com/source/dyld/) para [https://opensource.apple.com/**tarballs**/dyld/**dyld-852.2.tar.gz**](https://opensource.apple.com/tarballs/dyld/dyld-852.2.tar.gz)
Translated ['macos-hardening/macos-security-and-privilege-escalation/REA
2023-09-11 00:05:15 +00:00
GitBook: [#3160] No subject
2022-05-01 13:25:53 +00:00
### MacOS MDM
GitBook: [master] 508 pages modified
2021-08-14 18:01:10 +00:00
Translated ['README.md', 'generic-methodologies-and-resources/pentesting
2023-07-14 14:49:16 +00:00
Nas empresas, os sistemas **macOS** provavelmente serão **gerenciados com um MDM**. Portanto, do ponto de vista de um atacante, é interessante saber **como isso funciona**:
GITBOOK-3960: change request with no subject merged in GitBook
2023-06-01 11:07:04 +00:00
Translated ['macos-hardening/macos-red-teaming/README.md', 'macos-harden
2023-06-13 00:34:54 +00:00
{% content-ref url="../macos-red-teaming/macos-mdm/" %}
[macos-mdm](../macos-red-teaming/macos-mdm/)
GitBook: [#2777] gitbookissooooo slow I cannot write
2021-10-18 11:21:18 +00:00
{% endcontent-ref %}
GitBook: [master] 508 pages modified
2021-08-14 18:01:10 +00:00
Translated to Portuguese
2023-06-06 18:56:34 +00:00
### MacOS - Inspeção, Depuração e Fuzzing
GitBook: [master] 8 pages modified
2021-08-15 22:40:36 +00:00
GITBOOK-3916: change request with no subject merged in GitBook
2023-05-12 16:36:21 +00:00
{% content-ref url="macos-apps-inspecting-debugging-and-fuzzing/" %}
[macos-apps-inspecting-debugging-and-fuzzing](macos-apps-inspecting-debugging-and-fuzzing/)
GitBook: [#2777] gitbookissooooo slow I cannot write
2021-10-18 11:21:18 +00:00
{% endcontent-ref %}
GitBook: [master] 508 pages modified
2021-08-14 18:01:10 +00:00
Translated to Portuguese
2023-06-06 18:56:34 +00:00
## Proteções de Segurança do MacOS
GitBook: [master] one page modified
2021-07-17 00:28:18 +00:00
GITBOOK-3965: change request with no subject merged in GitBook
2023-06-01 21:44:32 +00:00
{% content-ref url="macos-security-protections/" %}
[macos-security-protections](macos-security-protections/)
GITBOOK-3962: change request with no subject merged in GitBook
2023-06-01 20:34:49 +00:00
{% endcontent-ref %}
GitBook: [master] 2 pages modified
2021-07-27 10:55:02 +00:00
Translated to Portuguese
2023-06-06 18:56:34 +00:00
## Superfície de Ataque
GitBook: [master] 500 pages modified
2021-07-26 11:22:19 +00:00
Translated to Portuguese
2023-06-06 18:56:34 +00:00
### Permissões de Arquivo
GitBook: [master] one page modified
2021-07-22 14:43:04 +00:00
Translated ['macos-hardening/macos-security-and-privilege-escalation/REA
2023-09-25 17:47:02 +00:00
Se um **processo em execução como root escreve** um arquivo que pode ser controlado por um usuário, o usuário pode abusar disso para **elevar privilégios**.\
Translated to Portuguese
2023-06-06 18:56:34 +00:00
Isso pode ocorrer nas seguintes situações:
GitBook: [master] one page modified
2021-07-22 14:43:04 +00:00
Translated ['README.md', 'generic-methodologies-and-resources/pentesting
2023-07-14 14:49:16 +00:00
* O arquivo usado já foi criado por um usuário (pertence ao usuário)
Translated to Portuguese
2023-06-06 18:56:34 +00:00
* O arquivo usado é gravável pelo usuário por causa de um grupo
* O arquivo usado está dentro de um diretório de propriedade do usuário (o usuário pode criar o arquivo)
* O arquivo usado está dentro de um diretório de propriedade do root, mas o usuário tem acesso de gravação sobre ele por causa de um grupo (o usuário pode criar o arquivo)
GitBook: [master] 6 pages and one asset modified
2021-08-10 14:04:23 +00:00
Translated to Portuguese
2023-06-06 18:56:34 +00:00
Ser capaz de **criar um arquivo** que será **usado pelo root**, permite que um usuário **aproveite seu conteúdo** ou até mesmo crie **symlinks/hardlinks** para apontá-lo para outro lugar.
GitBook: [master] 6 pages and one asset modified
2021-08-10 14:04:23 +00:00
Translated ['README.md', 'generic-methodologies-and-resources/pentesting
2023-07-14 14:49:16 +00:00
Para esse tipo de vulnerabilidade, não se esqueça de **verificar instaladores `.pkg` vulneráveis**:
Translated ['macos-hardening/macos-security-and-privilege-escalation/REA
2023-06-08 00:36:07 +00:00
Translated ['macos-hardening/macos-security-and-privilege-escalation/REA
2023-06-08 10:14:57 +00:00
{% content-ref url="macos-files-folders-and-binaries/macos-installers-abuse.md" %}
[macos-installers-abuse.md](macos-files-folders-and-binaries/macos-installers-abuse.md)
Translated ['macos-hardening/macos-security-and-privilege-escalation/REA
2023-06-08 00:36:07 +00:00
{% endcontent-ref %}
Translated ['linux-hardening/privilege-escalation/README.md', 'macos-har
2023-12-20 02:30:55 +00:00
### Manipuladores de aplicativos de extensão de arquivo e esquema de URL
GitBook: [master] 6 pages and one asset modified
2021-08-10 14:04:23 +00:00
Translated ['macos-hardening/macos-red-teaming/README.md', 'macos-harden
2023-06-17 14:40:12 +00:00
Aplicativos estranhos registrados por extensões de arquivo podem ser abusados e diferentes aplicativos podem ser registrados para abrir protocolos específicos.
GitBook: [master] 6 pages and one asset modified
2021-08-10 14:04:23 +00:00
GITBOOK-3965: change request with no subject merged in GitBook
2023-06-01 21:44:32 +00:00
{% content-ref url="macos-file-extension-apps.md" %}
[macos-file-extension-apps.md](macos-file-extension-apps.md)
GITBOOK-3949: change request with no subject merged in GitBook
2023-05-26 15:11:27 +00:00
{% endcontent-ref %}
GitBook: [master] 6 pages and one asset modified
2021-08-10 14:04:23 +00:00
Translated ['linux-hardening/privilege-escalation/README.md', 'macos-har
2023-12-20 02:30:55 +00:00
## Escalação de privilégios do macOS TCC / SIP
GitBook: [master] 498 pages modified
2021-07-19 23:13:08 +00:00
Translated ['linux-hardening/privilege-escalation/README.md', 'macos-har
2023-12-20 02:30:55 +00:00
No macOS, **aplicativos e binários podem ter permissões** para acessar pastas ou configurações que os tornam mais privilegiados do que outros.
GitBook: [master] 498 pages modified
2021-07-19 23:13:08 +00:00
Translated ['linux-hardening/privilege-escalation/README.md', 'macos-har
2023-12-20 02:30:55 +00:00
Portanto, um invasor que deseja comprometer com sucesso uma máquina macOS precisará **escalar seus privilégios do TCC** (ou até mesmo **burlar o SIP**, dependendo de suas necessidades).
GitBook: [master] 498 pages modified
2021-07-19 23:13:08 +00:00
Translated ['linux-hardening/privilege-escalation/README.md', 'macos-har
2023-12-20 02:30:55 +00:00
Esses privilégios geralmente são concedidos na forma de **direitos** com os quais o aplicativo é assinado, ou o aplicativo pode solicitar alguns acessos e, após o **usuário aprová-los**, eles podem ser encontrados nos **bancos de dados do TCC**. Outra maneira de um processo obter esses privilégios é ser um **filho de um processo** com esses **privilégios**, pois eles geralmente são **herdados**.
GitBook: [master] 498 pages modified
2021-07-19 23:13:08 +00:00
Translated ['linux-hardening/privilege-escalation/README.md', 'macos-har
2023-12-20 02:30:55 +00:00
Siga estes links para encontrar diferentes maneiras de [**escalar privilégios no TCC**](macos-security-protections/macos-tcc/#tcc-privesc-and-bypasses), [**burlar o TCC**](macos-security-protections/macos-tcc/macos-tcc-bypasses/) e como no passado o [**SIP foi burlado**](macos-security-protections/macos-sip.md#sip-bypasses).
GitBook: [master] 498 pages modified
2021-07-19 23:13:08 +00:00
Translated ['linux-hardening/privilege-escalation/README.md', 'macos-har
2023-12-20 02:30:55 +00:00
## Escalação de privilégios tradicional do macOS
GitBook: [master] 498 pages modified
2021-07-19 23:13:08 +00:00
Translated ['linux-hardening/privilege-escalation/README.md', 'macos-har
2023-12-20 02:30:55 +00:00
É claro que, do ponto de vista de uma equipe de red team, você também deve estar interessado em escalar para root. Confira o seguinte post para algumas dicas:
GitBook: [master] 498 pages modified
2021-07-19 23:13:08 +00:00
Translated ['linux-hardening/privilege-escalation/README.md', 'macos-har
2023-12-20 02:30:55 +00:00
{% content-ref url="macos-privilege-escalation.md" %}
[macos-privilege-escalation.md](macos-privilege-escalation.md)
GITBOOK-3924: change request with no subject merged in GitBook
2023-05-15 08:11:15 +00:00
{% endcontent-ref %}
Translated to Portuguese
2023-06-06 18:56:34 +00:00
## Referências
GitBook: [master] one page modified
2021-07-29 00:18:11 +00:00
fix bad chars
2022-04-05 22:24:52 +00:00
* [**OS X Incident Response: Scripting and Analysis**](https://www.amazon.com/OS-Incident-Response-Scripting-Analysis-ebook/dp/B01FHOHHVS)
* [**https://taomm.org/vol1/analysis.html**](https://taomm.org/vol1/analysis.html)
* [**https://github.com/NicolasGrimonpont/Cheatsheet**](https://github.com/NicolasGrimonpont/Cheatsheet)
* [**https://assets.sentinelone.com/c/sentinal-one-mac-os-?x=FvGtLJ**](https://assets.sentinelone.com/c/sentinal-one-mac-os-?x=FvGtLJ)
GITBOOK-3946: change request with no subject merged in GitBook
2023-05-26 00:05:25 +00:00
* [**https://www.youtube.com/watch?v=vMGiplQtjTY**](https://www.youtube.com/watch?v=vMGiplQtjTY)
Ad hacktricks sponsoring
2022-04-28 16:01:33 +00:00
Translated ['README.md', 'generic-methodologies-and-resources/pentesting
2023-07-31 17:51:15 +00:00
<figure><img src="../../.gitbook/assets/image (1) (3) (1).png" alt=""><figcaption></figcaption></figure>
Ad hacktricks sponsoring
2022-04-28 16:01:33 +00:00
Translated ['linux-hardening/privilege-escalation/README.md', 'macos-har
2023-12-20 02:30:55 +00:00
Junte-se ao servidor [**HackenProof Discord**](https://discord.com/invite/N3FrSbmwdy) para se comunicar com hackers experientes e caçadores de recompensas por bugs!
hp
2023-02-27 09:28:45 +00:00
Translated ['linux-hardening/privilege-escalation/README.md', 'macos-har
2023-12-20 02:30:55 +00:00
**Hacking Insights**\
Engaje-se com conteúdo que explora a emoção e os desafios do hacking
hp
2023-02-27 09:28:45 +00:00
Translated ['linux-hardening/privilege-escalation/README.md', 'macos-har
2023-12-20 02:30:55 +00:00
**Notícias de Hacking em Tempo Real**\
Mantenha-se atualizado com o mundo acelerado do hacking por meio de notícias e insights em tempo real
Translated ['README.md', 'generic-methodologies-and-resources/pentesting
2023-07-14 14:49:16 +00:00
Translated ['linux-hardening/privilege-escalation/README.md', 'macos-har
2023-12-20 02:30:55 +00:00
**Últimos Anúncios**\
Fique informado sobre os mais recentes programas de recompensas por bugs lançados e atualizações cruciais na plataforma
Translated ['README.md', 'generic-methodologies-and-resources/pentesting
2023-07-14 14:49:16 +00:00
Translated ['linux-hardening/privilege-escalation/README.md', 'macos-har
2023-12-20 02:30:55 +00:00
**Junte-se a nós no** [**Discord**](https://discord.com/invite/N3FrSbmwdy) e comece a colaborar com os melhores hackers hoje!
Ad hacktricks sponsoring
2022-04-28 16:01:33 +00:00
GitBook: [#3633] No subject
2022-10-27 23:22:18 +00:00
<details>
update twitter
2023-04-25 18:35:28 +00:00
<summary><a href="https://cloud.hacktricks.xyz/pentesting-cloud/pentesting-cloud-methodology"><strong>☁️ HackTricks Cloud ☁️</strong></a> -<a href="https://twitter.com/hacktricks_live"><strong>🐦 Twitter 🐦</strong></a> - <a href="https://www.twitch.tv/hacktricks_live/schedule"><strong>🎙️ Twitch 🎙️</strong></a> - <a href="https://www.youtube.com/@hacktricks_LIVE"><strong>🎥 Youtube 🎥</strong></a></summary>
Ad hacktricks sponsoring
2022-04-28 16:01:33 +00:00
Translated ['README.md', 'generic-methodologies-and-resources/pentesting
2023-07-14 14:49:16 +00:00
* Você trabalha em uma **empresa de cibersegurança**? Você quer ver sua **empresa anunciada no HackTricks**? ou você quer ter acesso à **última versão do PEASS ou baixar o HackTricks em PDF**? Verifique os [**PLANOS DE ASSINATURA**](https://github.com/sponsors/carlospolop)!
Translated ['macos-hardening/macos-security-and-privilege-escalation/REA
2023-06-08 00:36:07 +00:00
* Descubra [**The PEASS Family**](https://opensea.io/collection/the-peass-family), nossa coleção exclusiva de [**NFTs**](https://opensea.io/collection/the-peass-family)
Translated to Portuguese
2023-06-06 18:56:34 +00:00
* Adquira o [**swag oficial do PEASS & HackTricks**](https://peass.creator-spring.com)
Translated ['README.md', 'generic-methodologies-and-resources/pentesting
2023-07-14 14:49:16 +00:00
* **Junte-se ao** [**💬**](https://emojipedia.org/speech-balloon/) [**grupo Discord**](https://discord.gg/hRep4RUj7f) ou ao [**grupo telegram**](https://t.me/peass) ou **siga-me** no **Twitter** [**🐦**](https://github.com/carlospolop/hacktricks/tree/7af18b62b3bdc423e11444677a6a73d4043511e9/\[https:/emojipedia.org/bird/README.md)[**@carlospolopm**](https://twitter.com/hacktricks\_live)**.**
Translated ['macos-hardening/macos-security-and-privilege-escalation/REA
2023-09-25 17:47:02 +00:00
* **Compartilhe seus truques de hacking enviando PRs para o** [**repositório hacktricks**](https://github.com/carlospolop/hacktricks) **e para o** [**repositório hacktricks-cloud**](https://github.com/carlospolop/hacktricks-cloud).
Ad hacktricks sponsoring
2022-04-28 16:01:33 +00:00
</details>
Reference in a new issue Copy permalink