Mirrors/hacktricks
2
0
Fork 0
mirror of https://github.com/carlospolop/hacktricks synced 2024-11-22 04:33:28 +00:00
Code Issues Projects Releases Packages Wiki Activity

GitBook: [master] one page modified

Browse source
This commit is contained in:
CPol 2021-07-05 10:17:10 +00:00 committed by gitbook-bot
parent 5d5023a96f
commit 1a216ec66a
No known key found for this signature in database
GPG key ID: 07D2180C7B12D0FF
1 changed files with 16 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
linux-unix/privilege-escalation/README.md
View file

@ -286,6 +286,22 @@ Typically, `/dev/mem` is only readable by **root** and **kmem** group.
strings /dev/mem -n10 | grep -i PASS
```
#### osxpmem
In order to dump the memory in a MacOS machine you can use [**osxpmem**](https://github.com/google/rekall/releases/download/v1.5.1/osxpmem-2.1.post4.zip).
```bash
sudo osxpmem.app/osxpmem --format raw -o /tmp/dump_mem
```
If you find this error: `osxpmem.app/MacPmem.kext failed to load - (libkern/kext) authentication failure (file ownership/permissions); check the system/kernel logs for errors or try kextutil(8)` You can fix it doing:
```bash
sudo cp -r osxpmem.app/MacPmem.kext "/tmp/"
sudo kextutil "/tmp/MacPmem.kext"
sudo osxpmem.app/osxpmem --format raw -o /tmp/dump_mem
```
#### Tools
To dump a process memory you could use: