hacktricks/macos-hardening/macos-security-and-privilege-escalation/macos-file-extension-apps.md

# Manipuladores de aplicativos de extensão de arquivo e esquema de URL do macOS

{% hint style="success" %}
Aprenda e pratique Hacking AWS: <img src="/.gitbook/assets/arte.png" alt="" data-size="line">[**Treinamento HackTricks AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\
Aprenda e pratique Hacking GCP: <img src="/.gitbook/assets/grte.png" alt="" data-size="line">[**Treinamento HackTricks GCP Red Team Expert (GRTE)**<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)

<details>

<summary>Apoie o HackTricks</summary>

* Verifique os [**planos de assinatura**](https://github.com/sponsors/carlospolop)!
* **Junte-se ao** 💬 [**grupo Discord**](https://discord.gg/hRep4RUj7f) ou ao [**grupo telegram**](https://t.me/peass) ou **siga-nos** no **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
* **Compartilhe truques de hacking enviando PRs para os repositórios** [**HackTricks**](https://github.com/carlospolop/hacktricks) e [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud).

</details>
{% endhint %}

## Banco de Dados do LaunchServices

Este é um banco de dados de todos os aplicativos instalados no macOS que podem ser consultados para obter informações sobre cada aplicativo instalado, como os esquemas de URL que ele suporta e os tipos MIME.

É possível despejar esse banco de dados com:

{% code overflow="wrap" %}
```
/System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/LaunchServices.framework/Versions/A/Support/lsregister -dump
```
{% endcode %}

Ou usando a ferramenta [**lsdtrip**](https://newosxbook.com/tools/lsdtrip.html).

**`/usr/libexec/lsd`** é o cérebro do banco de dados. Ele fornece **vários serviços XPC** como `.lsd.installation`, `.lsd.open`, `.lsd.openurl`, e mais. Mas também **requer algumas permissões** para que os aplicativos possam usar as funcionalidades XPC expostas, como `.launchservices.changedefaulthandler` ou `.launchservices.changeurlschemehandler` para alterar aplicativos padrão para tipos de mime ou esquemas de URL e outros.

**`/System/Library/CoreServices/launchservicesd`** reivindica o serviço `com.apple.coreservices.launchservicesd` e pode ser consultado para obter informações sobre aplicativos em execução. Pode ser consultado com a ferramenta do sistema /**`usr/bin/lsappinfo`** ou com [**lsdtrip**](https://newosxbook.com/tools/lsdtrip.html).

## Manipuladores de aplicativos de esquema de extensão de arquivo e URL

A linha a seguir pode ser útil para encontrar os aplicativos que podem abrir arquivos dependendo da extensão:

{% code overflow="wrap" %}
```bash
/System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/LaunchServices.framework/Versions/A/Support/lsregister -dump | grep -E "path:|bindings:|name:"
```
{% endcode %}

Ou use algo como [**SwiftDefaultApps**](https://github.com/Lord-Kamina/SwiftDefaultApps):
```bash
./swda getSchemes #Get all the available schemes
./swda getApps #Get all the apps declared
./swda getUTIs #Get all the UTIs
./swda getHandler --URL ftp #Get ftp handler
```
Você também pode verificar as extensões suportadas por um aplicativo fazendo:
```
cd /Applications/Safari.app/Contents
grep -A3 CFBundleTypeExtensions Info.plist  | grep string
<string>css</string>
<string>pdf</string>
<string>webarchive</string>
<string>webbookmark</string>
<string>webhistory</string>
<string>webloc</string>
<string>download</string>
<string>safariextz</string>
<string>gif</string>
<string>html</string>
<string>htm</string>
<string>js</string>
<string>jpg</string>
<string>jpeg</string>
<string>jp2</string>
<string>txt</string>
<string>text</string>
<string>png</string>
<string>tiff</string>
<string>tif</string>
<string>url</string>
<string>ico</string>
<string>xhtml</string>
<string>xht</string>
<string>xml</string>
<string>xbl</string>
<string>svg</string>
```
{% hint style="success" %}
Aprenda e pratique AWS Hacking: <img src="/.gitbook/assets/arte.png" alt="" data-size="line">[**Treinamento HackTricks AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\
Aprenda e pratique GCP Hacking: <img src="/.gitbook/assets/grte.png" alt="" data-size="line">[**Treinamento HackTricks GCP Red Team Expert (GRTE)**<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)

<details>

<summary>Suporte o HackTricks</summary>

* Verifique os [**planos de assinatura**](https://github.com/sponsors/carlospolop)!
* **Junte-se ao** 💬 [**grupo Discord**](https://discord.gg/hRep4RUj7f) ou ao [**grupo telegram**](https://t.me/peass) ou **siga-nos** no **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
* **Compartilhe truques de hacking enviando PRs para os repositórios** [**HackTricks**](https://github.com/carlospolop/hacktricks) e [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud).

</details>
{% endhint %}
Translated ['forensics/basic-forensic-methodology/specific-software-file 2024-02-07 05:33:07 +00:00			`# Manipuladores de aplicativos de extensão de arquivo e esquema de URL do macOS`
GITBOOK-3963: change request with no subject merged in GitBook 2023-06-01 20:53:50 +00:00
Translated ['README.md', 'backdoors/salseo.md', 'binary-exploitation/arb 2024-07-18 17:36:28 +00:00			`{% hint style="success" %}`
			`Aprenda e pratique Hacking AWS: <img src="/.gitbook/assets/arte.png" alt="" data-size="line">[Treinamento HackTricks AWS Red Team Expert (ARTE)](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\`
			`Aprenda e pratique Hacking GCP: <img src="/.gitbook/assets/grte.png" alt="" data-size="line">[Treinamento HackTricks GCP Red Team Expert (GRTE)<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)`
GITBOOK-3963: change request with no subject merged in GitBook 2023-06-01 20:53:50 +00:00
Translated ['README.md', 'backdoors/salseo.md', 'binary-exploitation/arb 2024-07-18 17:36:28 +00:00			`<details>`
GITBOOK-3963: change request with no subject merged in GitBook 2023-06-01 20:53:50 +00:00
Translated ['README.md', 'backdoors/salseo.md', 'binary-exploitation/arb 2024-07-18 17:36:28 +00:00			`<summary>Apoie o HackTricks</summary>`
Translated ['macos-hardening/macos-security-and-privilege-escalation/REA 2024-01-04 11:50:55 +00:00
Translated ['README.md', 'backdoors/salseo.md', 'binary-exploitation/arb 2024-07-18 17:36:28 +00:00			`* Verifique os [planos de assinatura](https://github.com/sponsors/carlospolop)!`
			`* Junte-se ao 💬 [grupo Discord](https://discord.gg/hRep4RUj7f) ou ao [grupo telegram](https://t.me/peass) ou siga-nos no Twitter 🐦 [@hacktricks\_live](https://twitter.com/hacktricks\_live).`
			`* Compartilhe truques de hacking enviando PRs para os repositórios [HackTricks](https://github.com/carlospolop/hacktricks) e [HackTricks Cloud](https://github.com/carlospolop/hacktricks-cloud).`
GITBOOK-3963: change request with no subject merged in GitBook 2023-06-01 20:53:50 +00:00
			`</details>`
Translated ['README.md', 'backdoors/salseo.md', 'binary-exploitation/arb 2024-07-18 17:36:28 +00:00			`{% endhint %}`
GITBOOK-3963: change request with no subject merged in GitBook 2023-06-01 20:53:50 +00:00
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2024-04-24 23:48:04 +00:00			`## Banco de Dados do LaunchServices`

			`Este é um banco de dados de todos os aplicativos instalados no macOS que podem ser consultados para obter informações sobre cada aplicativo instalado, como os esquemas de URL que ele suporta e os tipos MIME.`

			`É possível despejar esse banco de dados com:`

			`{% code overflow="wrap" %}`
			```
			`/System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/LaunchServices.framework/Versions/A/Support/lsregister -dump`
			```
			`{% endcode %}`

			`Ou usando a ferramenta [lsdtrip](https://newosxbook.com/tools/lsdtrip.html).`

			`/usr/libexec/lsd` é o cérebro do banco de dados. Ele fornece vários serviços XPC como `.lsd.installation`, `.lsd.open`, `.lsd.openurl`, e mais. Mas também requer algumas permissões para que os aplicativos possam usar as funcionalidades XPC expostas, como `.launchservices.changedefaulthandler` ou `.launchservices.changeurlschemehandler` para alterar aplicativos padrão para tipos de mime ou esquemas de URL e outros.

			`/System/Library/CoreServices/launchservicesd` reivindica o serviço `com.apple.coreservices.launchservicesd` e pode ser consultado para obter informações sobre aplicativos em execução. Pode ser consultado com a ferramenta do sistema /`usr/bin/lsappinfo` ou com [lsdtrip](https://newosxbook.com/tools/lsdtrip.html).

			`## Manipuladores de aplicativos de esquema de extensão de arquivo e URL`
GITBOOK-3963: change request with no subject merged in GitBook 2023-06-01 20:53:50 +00:00
Translated ['macos-hardening/macos-security-and-privilege-escalation/REA 2024-01-04 11:50:55 +00:00			`A linha a seguir pode ser útil para encontrar os aplicativos que podem abrir arquivos dependendo da extensão:`
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2024-04-24 23:48:04 +00:00
			`{% code overflow="wrap" %}`
Translated ['forensics/basic-forensic-methodology/specific-software-file 2024-02-07 05:33:07 +00:00			```bash
GITBOOK-3963: change request with no subject merged in GitBook 2023-06-01 20:53:50 +00:00			`/System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/LaunchServices.framework/Versions/A/Support/lsregister -dump \| grep -E "path:\|bindings:\|name:"`
			```
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2024-04-24 23:48:04 +00:00			`{% endcode %}`

Translated ['README.md', 'backdoors/salseo.md', 'binary-exploitation/arb 2024-07-18 17:36:28 +00:00			`Ou use algo como [SwiftDefaultApps](https://github.com/Lord-Kamina/SwiftDefaultApps):`
Translated ['macos-hardening/macos-security-and-privilege-escalation/REA 2023-06-10 11:14:53 +00:00			```bash
GITBOOK-3963: change request with no subject merged in GitBook 2023-06-01 20:53:50 +00:00			`./swda getSchemes #Get all the available schemes`
			`./swda getApps #Get all the apps declared`
			`./swda getUTIs #Get all the UTIs`
			`./swda getHandler --URL ftp #Get ftp handler`
			```
Translated to Portuguese 2023-06-06 18:56:34 +00:00			`Você também pode verificar as extensões suportadas por um aplicativo fazendo:`
GITBOOK-3963: change request with no subject merged in GitBook 2023-06-01 20:53:50 +00:00			```
			`cd /Applications/Safari.app/Contents`
			`grep -A3 CFBundleTypeExtensions Info.plist \| grep string`
Translated ['macos-hardening/macos-security-and-privilege-escalation/REA 2024-01-04 11:50:55 +00:00			`<string>css</string>`
			`<string>pdf</string>`
			`<string>webarchive</string>`
			`<string>webbookmark</string>`
			`<string>webhistory</string>`
			`<string>webloc</string>`
			`<string>download</string>`
			`<string>safariextz</string>`
			`<string>gif</string>`
			`<string>html</string>`
			`<string>htm</string>`
			`<string>js</string>`
			`<string>jpg</string>`
			`<string>jpeg</string>`
			`<string>jp2</string>`
			`<string>txt</string>`
			`<string>text</string>`
			`<string>png</string>`
			`<string>tiff</string>`
			`<string>tif</string>`
			`<string>url</string>`
			`<string>ico</string>`
			`<string>xhtml</string>`
			`<string>xht</string>`
			`<string>xml</string>`
			`<string>xbl</string>`
			`<string>svg</string>`
GITBOOK-3963: change request with no subject merged in GitBook 2023-06-01 20:53:50 +00:00			```
Translated ['README.md', 'backdoors/salseo.md', 'binary-exploitation/arb 2024-07-18 17:36:28 +00:00			`{% hint style="success" %}`
			`Aprenda e pratique AWS Hacking: <img src="/.gitbook/assets/arte.png" alt="" data-size="line">[Treinamento HackTricks AWS Red Team Expert (ARTE)](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\`
			`Aprenda e pratique GCP Hacking: <img src="/.gitbook/assets/grte.png" alt="" data-size="line">[Treinamento HackTricks GCP Red Team Expert (GRTE)<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)`
GITBOOK-3963: change request with no subject merged in GitBook 2023-06-01 20:53:50 +00:00
Translated ['README.md', 'backdoors/salseo.md', 'binary-exploitation/arb 2024-07-18 17:36:28 +00:00			`<details>`
Translated ['macos-hardening/macos-security-and-privilege-escalation/REA 2024-01-04 11:50:55 +00:00
Translated ['README.md', 'backdoors/salseo.md', 'binary-exploitation/arb 2024-07-18 17:36:28 +00:00			`<summary>Suporte o HackTricks</summary>`
GITBOOK-3963: change request with no subject merged in GitBook 2023-06-01 20:53:50 +00:00
Translated ['README.md', 'backdoors/salseo.md', 'binary-exploitation/arb 2024-07-18 17:36:28 +00:00			`* Verifique os [planos de assinatura](https://github.com/sponsors/carlospolop)!`
			`* Junte-se ao 💬 [grupo Discord](https://discord.gg/hRep4RUj7f) ou ao [grupo telegram](https://t.me/peass) ou siga-nos no Twitter 🐦 [@hacktricks\_live](https://twitter.com/hacktricks\_live).`
			`* Compartilhe truques de hacking enviando PRs para os repositórios [HackTricks](https://github.com/carlospolop/hacktricks) e [HackTricks Cloud](https://github.com/carlospolop/hacktricks-cloud).`
GITBOOK-3963: change request with no subject merged in GitBook 2023-06-01 20:53:50 +00:00
			`</details>`
Translated ['README.md', 'backdoors/salseo.md', 'binary-exploitation/arb 2024-07-18 17:36:28 +00:00			`{% endhint %}`