Mirrors/hacktricks
2
0
Fork 0
mirror of https://github.com/carlospolop/hacktricks synced 2024-11-26 06:30:37 +00:00
Code Issues Projects Releases Packages Wiki Activity

Translated ['macos-hardening/macos-security-and-privilege-escalation/REA

Browse source
This commit is contained in:
Translator 2024-09-13 09:41:11 +00:00
parent 27ef8011cc
commit d50626c071
1 changed files with 58 additions and 53 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

111
macos-hardening/macos-security-and-privilege-escalation/README.md
View file

@ -1,40 +1,40 @@
# Usalama na Kupandisha Madaraka kwa macOS
# macOS Usalama & Kuinua Privilege
{% hint style="success" %}
Jifunze na zoezi la Udukuzi wa AWS:<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[**Mafunzo ya HackTricks ya Mtaalam wa Timu Nyekundu ya AWS (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\
Jifunze na zoezi la Udukuzi wa GCP: <img src="/.gitbook/assets/grte.png" alt="" data-size="line">[**Mafunzo ya HackTricks ya Mtaalam wa Timu Nyekundu ya GCP (GRTE)**<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)
Jifunze & fanya mazoezi ya AWS Hacking:<img src="../../.gitbook/assets/arte.png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="../../.gitbook/assets/arte.png" alt="" data-size="line">\
Jifunze & fanya mazoezi ya GCP Hacking: <img src="../../.gitbook/assets/grte.png" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="../../.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)
<details>
<summary>Support HackTricks</summary>
* Angalia [**mpango wa usajili**](https://github.com/sponsors/carlospolop)!
* **Jiunge na** 💬 [**Kikundi cha Discord**](https://discord.gg/hRep4RUj7f) au [**kikundi cha telegram**](https://t.me/peass) au **tufuate** kwenye **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
* **Shiriki mbinu za udukuzi kwa kuwasilisha PRs kwa** [**HackTricks**](https://github.com/carlospolop/hacktricks) na [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
* **Jiunge na** 💬 [**kikundi cha Discord**](https://discord.gg/hRep4RUj7f) au [**kikundi cha telegram**](https://t.me/peass) au **tufuatilie** kwenye **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
* **Shiriki mbinu za hacking kwa kuwasilisha PRs kwa** [**HackTricks**](https://github.com/carlospolop/hacktricks) na [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) repos za github.
</details>
{% endhint %}
<figure><img src="../../.gitbook/assets/image (380).png" alt=""><figcaption></figcaption></figure>
Jiunge na [**HackenProof Discord**](https://discord.com/invite/N3FrSbmwdy) server ili kuwasiliana na wadukuzi wenye uzoefu na wawindaji wa zawadi za mdudu!
Jiunge na [**HackenProof Discord**](https://discord.com/invite/N3FrSbmwdy) server kuwasiliana na hackers wenye uzoefu na wawindaji wa bug bounty!
**Machapisho ya Udukuzi**\
Shiriki na yaliyomo yanayochimba kina katika msisimko na changamoto za udukuzi
**Uelewa wa Hacking**\
Shiriki na maudhui yanayoangazia msisimko na changamoto za hacking
**Taarifa za Udukuzi za Wakati Halisi**\
Kaa up-to-date na ulimwengu wa udukuzi wenye kasi kupitia habari za wakati halisi na ufahamu
**Habari za Hack kwa Wakati Halisi**\
Baki na habari za hivi punde katika ulimwengu wa hacking kupitia habari na uelewa wa wakati halisi
**Matangazo ya Karibuni**\
Baki mwelewa na zawadi mpya za mdudu zinazoanzishwa na sasisho muhimu za jukwaa
**Matangazo ya Hivi Punde**\
Baki na taarifa kuhusu bug bounties mpya zinazozinduliwa na masasisho muhimu ya jukwaa
**Jiunge nasi kwenye** [**Discord**](https://discord.com/invite/N3FrSbmwdy) na anza kushirikiana na wadukuzi bora leo!
**Jiunge nasi kwenye** [**Discord**](https://discord.com/invite/N3FrSbmwdy) na anza kushirikiana na hackers bora leo!
## Msingi wa MacOS
Ikiwa haujazoea macOS, unapaswa kuanza kujifunza misingi ya macOS:
Ikiwa hujafahamu kuhusu macOS, unapaswa kuanza kujifunza misingi ya macOS:
* **Faili na ruhusa za macOS:**
* Faili maalum za macOS **na ruhusa:**
{% content-ref url="macos-files-folders-and-binaries/" %}
[macos-files-folders-and-binaries](macos-files-folders-and-binaries/)
@ -52,87 +52,92 @@ Ikiwa haujazoea macOS, unapaswa kuanza kujifunza misingi ya macOS:
[macos-applefs.md](macos-applefs.md)
{% endcontent-ref %}
* **Mimaririko** ya **kernel**
* **muundo** wa k**ernel**
{% content-ref url="mac-os-architecture/" %}
[mac-os-architecture](mac-os-architecture/)
{% endcontent-ref %}
* Huduma na itifaki za mtandao za macOS
* Huduma za kawaida za macOS n**etwork & protokali**
{% content-ref url="macos-protocols.md" %}
[macos-protocols.md](macos-protocols.md)
{% endcontent-ref %}
* **Opensource** ya macOS: [https://opensource.apple.com/](https://opensource.apple.com/)
* **Opensource** macOS: [https://opensource.apple.com/](https://opensource.apple.com/)
* Ili kupakua `tar.gz` badilisha URL kama [https://opensource.apple.com/**source**/dyld/](https://opensource.apple.com/source/dyld/) kuwa [https://opensource.apple.com/**tarballs**/dyld/**dyld-852.2.tar.gz**](https://opensource.apple.com/tarballs/dyld/dyld-852.2.tar.gz)
### MDM ya MacOS
### MacOS MDM
Katika makampuni **mifumo ya macOS inaweza kuwa imepangiliwa kwa MDM**. Kwa hivyo, kutoka mtazamo wa mshambuliaji ni muhimu kujua **jinsi hiyo inavyofanya kazi**:
Katika kampuni **sistimu za macOS** zina uwezekano mkubwa kuwa **zinadhibitiwa na MDM**. Hivyo, kutoka mtazamo wa mshambuliaji ni muhimu kujua **jinsi hiyo inavyofanya kazi**:
{% content-ref url="../macos-red-teaming/macos-mdm/" %}
[macos-mdm](../macos-red-teaming/macos-mdm/)
{% endcontent-ref %}
### MacOS - Ukaguzi, Udukuzi na Fuzzing
### MacOS - Kukagua, Kurekebisha na Fuzzing
{% content-ref url="macos-apps-inspecting-debugging-and-fuzzing/" %}
[macos-apps-inspecting-debugging-and-fuzzing](macos-apps-inspecting-debugging-and-fuzzing/)
{% endcontent-ref %}
## Kinga ya Usalama ya MacOS
## Ulinzi wa Usalama wa MacOS
{% content-ref url="macos-security-protections/" %}
[macos-security-protections](macos-security-protections/)
{% endcontent-ref %}
## Eneo la Shambulizi
## Uso wa Shambulio
### Ruhusa za Faili
Ikiwa **mchakato unaoendeshwa kama root unahifadhi** faili ambayo inaweza kudhibitiwa na mtumiaji, mtumiaji anaweza kutumia hii kwa **kupandisha madaraka**.\
Ikiwa **mchakato unaotembea kama root unandika** faili ambayo inaweza kudhibitiwa na mtumiaji, mtumiaji anaweza kuitumia hii ili **kuinua ruhusa**.\
Hii inaweza kutokea katika hali zifuatazo:
* Faili iliyotumiwa tayari ilikuwa imeundwa na mtumiaji (inayomilikiwa na mtumiaji)
* Faili iliyotumiwa inaweza kuandikwa na mtumiaji kwa sababu ya kikundi
* Faili iliyotumiwa iko ndani ya saraka inayomilikiwa na mtumiaji (mtumiaji anaweza kuunda faili)
* Faili iliyotumiwa iko ndani ya saraka inayomilikiwa na root lakini mtumiaji ana ufikiaji wa kuandika juu yake kwa sababu ya kikundi (mtumiaji anaweza kuunda faili)
* Faili iliyotumika tayari iliumbwa na mtumiaji (inamilikiwa na mtumiaji)
* Faili iliyotumika inaweza kuandikwa na mtumiaji kwa sababu ya kundi
* Faili iliyotumika iko ndani ya directory inayomilikiwa na mtumiaji (mtumiaji anaweza kuunda faili hiyo)
* Faili iliyotumika iko ndani ya directory inayomilikiwa na root lakini mtumiaji ana ufaccess wa kuandika juu yake kwa sababu ya kundi (mtumiaji anaweza kuunda faili hiyo)
Uwezo wa **kuunda faili** ambayo itatumika na **root**, inaruhusu mtumiaji **kutumia maudhui yake** au hata kuunda **viungo vya ishara/viungo ngumu** kuielekeza mahali pengine.
Kuweza **kuunda faili** ambayo itatumika na **root**, inamruhusu mtumiaji **kunufaika na maudhui yake** au hata kuunda **symlinks/hardlinks** kuielekeza mahali pengine.
Kwa aina hii ya udhaifu usisahau kuchunguza **wasanidi wa `.pkg`** walio hatarini:
Kwa aina hii ya udhaifu usisahau **kuangalia waandishi wa `.pkg` walio hatarini**:
{% content-ref url="macos-files-folders-and-binaries/macos-installers-abuse.md" %}
[macos-installers-abuse.md](macos-files-folders-and-binaries/macos-installers-abuse.md)
{% endcontent-ref %}
### Ugani wa Faili na Wachakataji wa Programu za URL
### Upanuzi wa Faili & Wakala wa URL
Programu za ajabu zilizosajiliwa na ugani wa faili zinaweza kutumiwa vibaya na programu tofauti zinaweza kusajiliwa kufungua itifaki maalum
Programu za ajabu zilizosajiliwa na upanuzi wa faili zinaweza kutumiwa vibaya na programu tofauti zinaweza kuandikishwa kufungua protokali maalum
{% content-ref url="macos-file-extension-apps.md" %}
[macos-file-extension-apps.md](macos-file-extension-apps.md)
{% endcontent-ref %}
## Kupandisha Madaraka ya TCC / SIP ya macOS
## macOS TCC / SIP Kuinua Privilege
Katika macOS **programu na programu za binary zinaweza kuwa na ruhusa** za kufikia folda au mipangilio ambayo inawafanya wawe na haki zaidi kuliko wengine.
Katika macOS **programu na binaries zinaweza kuwa na ruhusa** za kufikia folda au mipangilio ambayo inawafanya kuwa na nguvu zaidi kuliko wengine.
Kwa hivyo, mshambuliaji anayetaka kudhoofisha kwa mafanikio kompyuta ya macOS atahitaji **kupandisha madaraka yake ya TCC** (au hata **kupuuza SIP**, kulingana na mahitaji yake).
Hivyo, mshambuliaji anayetaka kufanikiwa kuathiri mashine ya macOS atahitaji **kuinua ruhusa zake za TCC** (au hata **kupita SIP**, kulingana na mahitaji yake).
Ruhusa hizi kawaida hupewa kwa mfumo wa **ruhusa** programu imesainiwa nazo, au programu inaweza kuomba baadhi ya ufikiaji na baada ya **mtumiaji kuidhinisha** wanaweza kupatikana katika **databases za TCC**. Njia nyingine mchakato unaweza kupata ruhusa hizi ni kwa kuwa **mtoto wa mchakato** na ruhusa hizo kwani kawaida **zinarithiwa**.
Ruhusa hizi kwa kawaida hutolewa kwa njia ya **entitlements** ambayo programu imesainiwa nayo, au programu inaweza kuomba baadhi ya ufaccess na baada ya **mtumiaji kuidhinisha** zinaweza kupatikana katika **maktaba za TCC**. Njia nyingine mchakato unaweza kupata ruhusa hizi ni kwa kuwa **mtoto wa mchakato** wenye hizo **ruhusa** kwani kwa kawaida **zinarithiwa**.
Fuata viungo hivi kupata njia tofauti za [**kupandisha madaraka katika TCC**](macos-security-protections/macos-tcc/#tcc-privesc-and-bypasses), kwa [**kupuuza TCC**](macos-security-protections/macos-tcc/macos-tcc-bypasses/) na jinsi zamani [**SIP imepita**](macos-security-protections/macos-sip.md#sip-bypasses).
Fuata viungo hivi kupata njia tofauti za [**kuinua ruhusa katika TCC**](macos-security-protections/macos-tcc/#tcc-privesc-and-bypasses), [**kupita TCC**](macos-security-protections/macos-tcc/macos-tcc-bypasses/) na jinsi katika siku za nyuma [**SIP imepita**](macos-security-protections/macos-sip.md#sip-bypasses).
## Kupandisha Madaraka ya Kawaida ya macOS
## macOS Kuinua Privilege Kawaida
Bila shaka kutoka mtazamo wa timu nyekundu unapaswa pia kuwa na nia ya kupandisha hadi kufikia mizizi. Angalia chapisho lifuatalo kwa vidokezo:
Bila shaka kutoka mtazamo wa timu nyekundu unapaswa pia kuwa na hamu ya kuinua hadi root. Angalia chapisho lifuatalo kwa vidokezo vingine:
{% content-ref url="macos-privilege-escalation.md" %}
[macos-privilege-escalation.md](macos-privilege-escalation.md)
{% endcontent-ref %}
## Marejeo
## Uzingatiaji wa macOS
* [https://github.com/usnistgov/macos\_security](https://github.com/usnistgov/macos\_security)
## Marejeleo
* [**OS X Incident Response: Scripting and Analysis**](https://www.amazon.com/OS-Incident-Response-Scripting-Analysis-ebook/dp/B01FHOHHVS)
* [**https://taomm.org/vol1/analysis.html**](https://taomm.org/vol1/analysis.html)
@ -142,30 +147,30 @@ Bila shaka kutoka mtazamo wa timu nyekundu unapaswa pia kuwa na nia ya kupandish
<figure><img src="../../.gitbook/assets/image (380).png" alt=""><figcaption></figcaption></figure>
Jiunge na [**HackenProof Discord**](https://discord.com/invite/N3FrSbmwdy) server ili kuwasiliana na wadukuzi wenye uzoefu na wawindaji wa tuzo za udhaifu!
Jiunge na [**HackenProof Discord**](https://discord.com/invite/N3FrSbmwdy) server kuwasiliana na hackers wenye uzoefu na wawindaji wa bug bounty!
**Machapisho ya Udukuzi**\
Shiriki na maudhui yanayochimba kina katika msisimko na changamoto za udukuzi
**Uelewa wa Hacking**\
Shiriki na maudhui yanayoangazia msisimko na changamoto za hacking
**Taarifa za Udukuzi za Muda Halisi**\
Kaa sawa na ulimwengu wa udukuzi wenye kasi kupitia taarifa za muda halisi na ufahamu
**Habari za Hack kwa Wakati Halisi**\
Baki na habari za hivi punde katika ulimwengu wa hacking kupitia habari na uelewa wa wakati halisi
**Matangazo ya Karibuni**\
Baki mwelewa na tuzo za udhaifu zinazoanzishwa na sasisho muhimu za jukwaa
**Matangazo ya Hivi Punde**\
Baki na taarifa kuhusu bug bounties mpya zinazozinduliwa na masasisho muhimu ya jukwaa
**Jiunge nasi kwenye** [**Discord**](https://discord.com/invite/N3FrSbmwdy) na anza kushirikiana na wadukuzi bora leo!
**Jiunge nasi kwenye** [**Discord**](https://discord.com/invite/N3FrSbmwdy) na anza kushirikiana na hackers bora leo!
{% hint style="success" %}
Jifunze & jifanye Udukuzi wa AWS:<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[**Mafunzo ya HackTricks AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\
Jifunze & jifanye Udukuzi wa GCP: <img src="/.gitbook/assets/grte.png" alt="" data-size="line">[**Mafunzo ya HackTricks GCP Red Team Expert (GRTE)**<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)
Jifunze & fanya mazoezi ya AWS Hacking:<img src="../../.gitbook/assets/arte.png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="../../.gitbook/assets/arte.png" alt="" data-size="line">\
Jifunze & fanya mazoezi ya GCP Hacking: <img src="../../.gitbook/assets/grte.png" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="../../.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)
<details>
<summary>Support HackTricks</summary>
* Angalia [**mpango wa michango**](https://github.com/sponsors/carlospolop)!
* **Jiunge na** 💬 [**kikundi cha Discord**](https://discord.gg/hRep4RUj7f) au kikundi cha [**telegram**](https://t.me/peass) au **fuata** sisi kwenye **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
* **Shiriki mbinu za udukuzi kwa kuwasilisha PRs kwa** [**HackTricks**](https://github.com/carlospolop/hacktricks) na [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) repos za github.
* Angalia [**mpango wa usajili**](https://github.com/sponsors/carlospolop)!
* **Jiunge na** 💬 [**kikundi cha Discord**](https://discord.gg/hRep4RUj7f) au [**kikundi cha telegram**](https://t.me/peass) au **tufuatilie** kwenye **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
* **Shiriki mbinu za hacking kwa kuwasilisha PRs kwa** [**HackTricks**](https://github.com/carlospolop/hacktricks) na [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) repos za github.
</details>
{% endhint %}