mirror of
https://github.com/carlospolop/hacktricks
synced 2024-12-20 18:14:15 +00:00
176 lines
6.7 KiB
Markdown
176 lines
6.7 KiB
Markdown
# macOS Useful Commands
|
||
|
||
{% hint style="success" %}
|
||
Learn & practice AWS Hacking:<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\
|
||
Learn & practice GCP Hacking: <img src="/.gitbook/assets/grte.png" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)
|
||
|
||
<details>
|
||
|
||
<summary>Support HackTricks</summary>
|
||
|
||
* Check the [**subscription plans**](https://github.com/sponsors/carlospolop)!
|
||
* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
|
||
* **Share hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
|
||
|
||
</details>
|
||
{% endhint %}
|
||
|
||
### MacOS Automatic Enumeration Tools
|
||
|
||
* **MacPEAS**: [https://github.com/carlospolop/PEASS-ng/tree/master/linPEAS](https://github.com/carlospolop/PEASS-ng/tree/master/linPEAS)
|
||
* **Metasploit**: [https://github.com/rapid7/metasploit-framework/blob/master/modules/post/osx/gather/enum\_osx.rb](https://github.com/rapid7/metasploit-framework/blob/master/modules/post/osx/gather/enum\_osx.rb)
|
||
* **SwiftBelt**: [https://github.com/cedowens/SwiftBelt](https://github.com/cedowens/SwiftBelt)
|
||
|
||
### Specific MacOS Commands
|
||
|
||
```bash
|
||
#System info
|
||
date
|
||
cal
|
||
uptime #show time from starting
|
||
w #list users
|
||
whoami #this user
|
||
finger username #info about user
|
||
uname -a #sysinfo
|
||
cat /proc/cpuinfo #processor
|
||
cat /proc/meminfo #memory
|
||
free #check memory
|
||
df #check disk
|
||
|
||
launchctl list #List services
|
||
atq #List "at" tasks for the user
|
||
sysctl -a #List kernel configuration
|
||
diskutil list #List connected hard drives
|
||
nettop #Monitor network usage of processes in top style
|
||
|
||
system_profiler SPSoftwareDataType #System info
|
||
system_profiler SPPrintersDataType #Printer
|
||
system_profiler SPApplicationsDataType #Installed Apps
|
||
system_profiler SPFrameworksDataType #Instaled framework
|
||
system_profiler SPDeveloperToolsDataType #Developer tools info
|
||
system_profiler SPStartupItemDataType #Startup Items
|
||
system_profiler SPNetworkDataType #Network Capabilities
|
||
system_profiler SPFirewallDataType #Firewall Status
|
||
system_profiler SPNetworkLocationDataType #Known Network
|
||
system_profiler SPBluetoothDataType #Bluetooth Info
|
||
system_profiler SPEthernetDataType #Ethernet Info
|
||
system_profiler SPUSBDataType #USB info
|
||
system_profiler SPAirPortDataType #Airport Info
|
||
|
||
|
||
#Searches
|
||
mdfind password #Show all the files that contains the word password
|
||
mfind -name password #List all the files containing the word password in the name
|
||
|
||
|
||
#Open any app
|
||
open -a <Application Name> --hide #Open app hidden
|
||
open some.doc -a TextEdit #Open a file in one application
|
||
|
||
|
||
#Computer doesn't go to sleep
|
||
caffeinate &
|
||
|
||
|
||
#Screenshot
|
||
# This will ask for permission to the user
|
||
screencapture -x /tmp/ss.jpg #Save screenshot in that file
|
||
|
||
|
||
#Get clipboard info
|
||
pbpaste
|
||
|
||
|
||
#system_profiler
|
||
system_profiler --help #This command without arguments take lot of memory and time.
|
||
system_profiler -listDataTypes
|
||
system_profiler SPSoftwareDataType SPNetworkDataType
|
||
|
||
|
||
#Network
|
||
arp -i en0 -l -a #Print the macOS device's ARP table
|
||
lsof -i -P -n | grep LISTEN
|
||
smbutil statshares -a #View smb shares mounted to the hard drive
|
||
|
||
#networksetup - set or view network options: Proxies, FW options and more
|
||
networksetup -listallnetworkservices #List network services
|
||
networksetup -listallhardwareports #Hardware ports
|
||
networksetup -getinfo Wi-Fi #Wi-Fi info
|
||
networksetup -getautoproxyurl Wi-Fi #Get proxy URL for Wifi
|
||
networksetup -getwebproxy Wi-Fi #Wifi Web proxy
|
||
networksetup -getftpproxy Wi-Fi #Wifi ftp proxy
|
||
|
||
|
||
#Brew
|
||
brew list #List installed
|
||
brew search <text> #Search package
|
||
brew info <formula>
|
||
brew install <formula>
|
||
brew uninstall <formula>
|
||
brew cleanup #Remove older versions of installed formulae.
|
||
brew cleanup <formula> #Remove older versions of specified formula.
|
||
|
||
|
||
#Make the machine talk
|
||
say hello -v diego
|
||
#spanish: diego, Jorge, Monica
|
||
#mexican: Juan, Paulina
|
||
#french: Thomas, Amelie
|
||
|
||
########### High privileges actions
|
||
sudo purge #purge RAM
|
||
#Sharing preferences
|
||
sudo launchctl load -w /System/Library/LaunchDaemons/ssh.plist (enable ssh)
|
||
sudo launchctl unload /System/Library/LaunchDaemons/ssh.plist (disable ssh)
|
||
#Start apache
|
||
sudo apachectl (start|status|restart|stop)
|
||
##Web folder: /Library/WebServer/Documents/
|
||
#Remove DNS cache
|
||
dscacheutil -flushcache
|
||
sudo killall -HUP mDNSResponder
|
||
```
|
||
|
||
### Installed Software & Services
|
||
|
||
Check for **suspicious** applications installed and **privileges** over the.installed resources:
|
||
|
||
```
|
||
system_profiler SPApplicationsDataType #Installed Apps
|
||
system_profiler SPFrameworksDataType #Instaled framework
|
||
lsappinfo list #Installed Apps
|
||
launchctl list #Services
|
||
```
|
||
|
||
### User Processes
|
||
|
||
```bash
|
||
# will print all the running services under that particular user domain.
|
||
launchctl print gui/<users UID>
|
||
|
||
# will print all the running services under root
|
||
launchctl print system
|
||
|
||
# will print detailed information about the specific launch agent. And if it’s not running or you’ve mistyped, you will get some output with a non-zero exit code: Could not find service “com.company.launchagent.label” in domain for login
|
||
launchctl print gui/<user's UID>/com.company.launchagent.label
|
||
```
|
||
|
||
### Create a user
|
||
|
||
Without prompts
|
||
|
||
<figure><img src="../.gitbook/assets/image (79).png" alt=""><figcaption></figcaption></figure>
|
||
|
||
{% hint style="success" %}
|
||
Learn & practice AWS Hacking:<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\
|
||
Learn & practice GCP Hacking: <img src="/.gitbook/assets/grte.png" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)
|
||
|
||
<details>
|
||
|
||
<summary>Support HackTricks</summary>
|
||
|
||
* Check the [**subscription plans**](https://github.com/sponsors/carlospolop)!
|
||
* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
|
||
* **Share hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
|
||
|
||
</details>
|
||
{% endhint %}
|