Mirrors/hacktricks
2
0
Fork 0
mirror of https://github.com/carlospolop/hacktricks synced 2024-11-15 01:17:36 +00:00
Code Issues Projects Releases Packages Wiki Activity

GITBOOK-4284: change request with no subject merged in GitBook

Browse source
This commit is contained in:
CPol 2024-03-28 11:28:47 +00:00 committed by gitbook-bot
parent 7764639a50
commit 1aa47d369e
No known key found for this signature in database
GPG key ID: 07D2180C7B12D0FF
1 changed files with 13 additions and 19 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

32
macos-hardening/macos-security-and-privilege-escalation/macos-files-folders-and-binaries/macos-bundles.md
View file

@ -9,7 +9,7 @@ Other ways to support HackTricks:
* If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
* Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
* Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks\_live)**.**
* **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
</details>
@ -22,28 +22,22 @@ Bundles in macOS serve as containers for a variety of resources including applic
Within a bundle, particularly within the `<application>.app/Contents/` directory, a variety of important resources are housed:
- **_CodeSignature**: This directory stores code-signing details vital for verifying the integrity of the application. You can inspect the code-signing information using commands like:
%%%bash
openssl dgst -binary -sha1 /Applications/Safari.app/Contents/Resources/Assets.car | openssl base64
%%%
- **MacOS**: Contains the executable binary of the application that runs upon user interaction.
- **Resources**: A repository for the application's user interface components including images, documents, and interface descriptions (nib/xib files).
- **Info.plist**: Acts as the application's main configuration file, crucial for the system to recognize and interact with the application appropriately.
* **\_CodeSignature**: This directory stores code-signing details vital for verifying the integrity of the application. You can inspect the code-signing information using commands like: %%%bash openssl dgst -binary -sha1 /Applications/Safari.app/Contents/Resources/Assets.car | openssl base64 %%%
* **MacOS**: Contains the executable binary of the application that runs upon user interaction.
* **Resources**: A repository for the application's user interface components including images, documents, and interface descriptions (nib/xib files).
* **Info.plist**: Acts as the application's main configuration file, crucial for the system to recognize and interact with the application appropriately.
#### Important Keys in Info.plist
The `Info.plist` file is a cornerstone for application configuration, containing keys such as:
- **CFBundleExecutable**: Specifies the name of the main executable file located in the `Contents/MacOS` directory.
- **CFBundleIdentifier**: Provides a global identifier for the application, used extensively by macOS for application management.
- **LSMinimumSystemVersion**: Indicates the minimum version of macOS required for the application to run.
* **CFBundleExecutable**: Specifies the name of the main executable file located in the `Contents/MacOS` directory.
* **CFBundleIdentifier**: Provides a global identifier for the application, used extensively by macOS for application management.
* **LSMinimumSystemVersion**: Indicates the minimum version of macOS required for the application to run.
### Exploring Bundles
To explore the contents of a bundle, such as `Safari.app`, the following command can be used:
%%%bash
ls -lR /Applications/Safari.app/Contents
%%%
To explore the contents of a bundle, such as `Safari.app`, the following command can be used: `bash ls -lR /Applications/Safari.app/Contents`
This exploration reveals directories like `_CodeSignature`, `MacOS`, `Resources`, and files like `Info.plist`, each serving a unique purpose from securing the application to defining its user interface and operational parameters.
@ -51,9 +45,9 @@ This exploration reveals directories like `_CodeSignature`, `MacOS`, `Resources`
Beyond the common directories, bundles may also include:
- **Frameworks**: Contains bundled frameworks used by the application.
- **PlugIns**: A directory for plug-ins and extensions that enhance the application's capabilities.
- **XPCServices**: Holds XPC services used by the application for out-of-process communication.
* **Frameworks**: Contains bundled frameworks used by the application. Frameworks are like dylibs with extra resources.
* **PlugIns**: A directory for plug-ins and extensions that enhance the application's capabilities.
* **XPCServices**: Holds XPC services used by the application for out-of-process communication.
This structure ensures that all necessary components are encapsulated within the bundle, facilitating a modular and secure application environment.
@ -68,7 +62,7 @@ Other ways to support HackTricks:
* If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
* Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
* Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks\_live)**.**
* **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
</details>