hacktricks/macos-hardening/macos-useful-commands.md

Amri za Kufaa za MacOS

Jifunze kuhusu kudukua AWS kutoka sifuri hadi shujaa na htARTE (Mtaalam wa Timu Nyekundu ya AWS ya HackTricks)!

Njia nyingine za kusaidia HackTricks:

• Ikiwa unataka kuona kampuni yako inatangazwa kwenye HackTricks au kupakua HackTricks kwa muundo wa PDF Angalia MPANGO WA KUJIUNGA!
• Pata swag rasmi wa PEASS & HackTricks
• Gundua Familia ya PEASS, mkusanyiko wetu wa NFTs ya kipekee
• Jiunge na 💬 Kikundi cha Discord au kikundi cha telegram au tufuate kwenye Twitter 🐦 @carlospolopm.
• Shiriki mbinu zako za kudukua kwa kuwasilisha PRs kwenye HackTricks na HackTricks Cloud repos za github.

Zana za Kuhesabu Otomatiki za MacOS

• MacPEAS: https://github.com/carlospolop/PEASS-ng/tree/master/linPEAS
• Metasploit: https://github.com/rapid7/metasploit-framework/blob/master/modules/post/osx/gather/enum_osx.rb
• SwiftBelt: https://github.com/cedowens/SwiftBelt

Amri Maalum za MacOS

#System info
date
cal
uptime #show time from starting
w #list users
whoami #this user
finger username #info about user
uname -a #sysinfo
cat /proc/cpuinfo #processor
cat /proc/meminfo #memory
free #check memory
df #check disk

launchctl list #List services
atq #List "at" tasks for the user
sysctl -a #List kernel configuration
diskutil list #List connected hard drives
nettop #Monitor network usage of processes in top style

system_profiler SPSoftwareDataType #System info
system_profiler SPPrintersDataType #Printer
system_profiler SPApplicationsDataType #Installed Apps
system_profiler SPFrameworksDataType #Instaled framework
system_profiler SPDeveloperToolsDataType #Developer tools info
system_profiler SPStartupItemDataType #Startup Items
system_profiler SPNetworkDataType #Network Capabilities
system_profiler SPFirewallDataType #Firewall Status
system_profiler SPNetworkLocationDataType #Known Network
system_profiler SPBluetoothDataType #Bluetooth Info
system_profiler SPEthernetDataType #Ethernet Info
system_profiler SPUSBDataType #USB info
system_profiler SPAirPortDataType #Airport Info


#Searches
mdfind password #Show all the files that contains the word password
mfind -name password #List all the files containing the word password in the name


#Open any app
open -a <Application Name> --hide #Open app hidden
open some.doc -a TextEdit #Open a file in one application


#Computer doesn't go to sleep
caffeinate &


#Screenshot
# This will ask for permission to the user
screencapture -x /tmp/ss.jpg #Save screenshot in that file


#Get clipboard info
pbpaste


#system_profiler
system_profiler --help #This command without arguments take lot of memory and time.
system_profiler -listDataTypes
system_profiler SPSoftwareDataType SPNetworkDataType


#Network
arp -i en0 -l -a #Print the macOS device's ARP table
lsof -i -P -n | grep LISTEN
smbutil statshares -a #View smb shares mounted to the hard drive

#networksetup - set or view network options: Proxies, FW options and more
networksetup -listallnetworkservices #List network services
networksetup -listallhardwareports #Hardware ports
networksetup -getinfo Wi-Fi #Wi-Fi info
networksetup -getautoproxyurl Wi-Fi #Get proxy URL for Wifi
networksetup -getwebproxy Wi-Fi #Wifi Web proxy
networksetup -getftpproxy Wi-Fi #Wifi ftp proxy


#Brew
brew list #List installed
brew search <text> #Search package
brew info <formula>
brew install <formula>
brew uninstall <formula>
brew cleanup #Remove older versions of installed formulae.
brew cleanup <formula> #Remove older versions of specified formula.


#Make the machine talk
say hello -v diego
#spanish: diego, Jorge, Monica
#mexican: Juan, Paulina
#french: Thomas, Amelie

########### High privileges actions
sudo purge #purge RAM
#Sharing preferences
sudo launchctl load -w /System/Library/LaunchDaemons/ssh.plist (enable ssh)
sudo launchctl unload /System/Library/LaunchDaemons/ssh.plist (disable ssh)
#Start apache
sudo apachectl (start|status|restart|stop)
##Web folder: /Library/WebServer/Documents/
#Remove DNS cache
dscacheutil -flushcache
sudo killall -HUP mDNSResponder

Programu na Huduma Zilizosakinishwa

Angalia programu tuhuma zilizosakinishwa na mamlaka juu ya rasilimali zilizosakinishwa:

system_profiler SPApplicationsDataType #Installed Apps
system_profiler SPFrameworksDataType #Instaled framework
lsappinfo list #Installed Apps
launchtl list #Services

Mchakato wa Mtumiaji

User processes are the programs and tasks that are executed by a user on a macOS system. These processes run in the background and are associated with a specific user account. They can include applications, scripts, and system utilities.

Mchakato wa mtumiaji ni programu na kazi ambazo hutekelezwa na mtumiaji kwenye mfumo wa macOS. Mchakato huu hufanya kazi nyuma ya pazia na unahusishwa na akaunti maalum ya mtumiaji. Unaweza kujumuisha programu, hati, na zana za mfumo.

To view the user processes running on a macOS system, you can use the following command:

Kuona mchakato wa mtumiaji unaoendelea kwenye mfumo wa macOS, unaweza kutumia amri ifuatayo:

ps aux

This command will display a list of all user processes along with their associated details, such as the process ID (PID), CPU usage, and memory usage.

Amri hii itaonyesha orodha ya mchakato wote wa mtumiaji pamoja na maelezo yao yanayohusiana, kama vile kitambulisho cha mchakato (PID), matumizi ya CPU, na matumizi ya kumbukumbu.

You can also filter the output to display only the processes associated with a specific user by using the grep command. For example, to display only the processes associated with the user "john", you can use the following command:

Unaweza pia kuchuja matokeo ili kuonyesha tu mchakato unaohusiana na mtumiaji maalum kwa kutumia amri ya grep. Kwa mfano, ili kuonyesha tu mchakato unaohusiana na mtumiaji "john", unaweza kutumia amri ifuatayo:

ps aux | grep john

This command will display only the user processes associated with the user "john".

Amri hii itaonyesha tu mchakato wa mtumiaji unaohusiana na mtumiaji "john".

# will print all the running services under that particular user domain.
launchctl print gui/<users UID>

# will print all the running services under root
launchctl print system

# will print detailed information about the specific launch agent. And if it’s not running or you’ve mistyped, you will get some output with a non-zero exit code: Could not find service “com.company.launchagent.label” in domain for login
launchctl print gui/<user's UID>/com.company.launchagent.label

Unda mtumiaji

Bila maombi

Jifunze kuhusu kudukua AWS kutoka sifuri hadi shujaa na htARTE (Mtaalam wa Timu Nyekundu ya HackTricks AWS)!

Njia nyingine za kusaidia HackTricks:

• Ikiwa unataka kuona kampuni yako inatangazwa kwenye HackTricks au kupakua HackTricks kwa muundo wa PDF Angalia MPANGO WA KUJIUNGA!
• Pata swag rasmi ya PEASS & HackTricks
• Gundua The PEASS Family, mkusanyiko wetu wa NFTs ya kipekee
• Jiunge na 💬 Kikundi cha Discord au kikundi cha telegram au tufuate kwenye Twitter 🐦 @carlospolopm.
• Shiriki mbinu zako za kudukua kwa kuwasilisha PR kwa HackTricks na HackTricks Cloud repos za github.