9.2 KiB
Korisne komande za macOS
Naučite hakovanje AWS-a od nule do heroja sa htARTE (HackTricks AWS Red Team Expert)!
Drugi načini podrške HackTricks-u:
- Ako želite da vidite vašu kompaniju reklamiranu na HackTricks-u ili preuzmete HackTricks u PDF formatu proverite SUBSCRIPTION PLANS!
- Nabavite zvanični PEASS & HackTricks swag
- Otkrijte The PEASS Family, našu kolekciju ekskluzivnih NFT-ova
- Pridružite se 💬 Discord grupi ili telegram grupi ili nas pratite na Twitter-u 🐦 @carlospolopm.
- Podelite svoje trikove hakovanja slanjem PR-ova na HackTricks i HackTricks Cloud github repozitorijume.
Alati za automatsku enumeraciju na macOS-u
- MacPEAS: https://github.com/carlospolop/PEASS-ng/tree/master/linPEAS
- Metasploit: https://github.com/rapid7/metasploit-framework/blob/master/modules/post/osx/gather/enum_osx.rb
- SwiftBelt: https://github.com/cedowens/SwiftBelt
Specifične komande za macOS
#System info
date
cal
uptime #show time from starting
w #list users
whoami #this user
finger username #info about user
uname -a #sysinfo
cat /proc/cpuinfo #processor
cat /proc/meminfo #memory
free #check memory
df #check disk
launchctl list #List services
atq #List "at" tasks for the user
sysctl -a #List kernel configuration
diskutil list #List connected hard drives
nettop #Monitor network usage of processes in top style
system_profiler SPSoftwareDataType #System info
system_profiler SPPrintersDataType #Printer
system_profiler SPApplicationsDataType #Installed Apps
system_profiler SPFrameworksDataType #Instaled framework
system_profiler SPDeveloperToolsDataType #Developer tools info
system_profiler SPStartupItemDataType #Startup Items
system_profiler SPNetworkDataType #Network Capabilities
system_profiler SPFirewallDataType #Firewall Status
system_profiler SPNetworkLocationDataType #Known Network
system_profiler SPBluetoothDataType #Bluetooth Info
system_profiler SPEthernetDataType #Ethernet Info
system_profiler SPUSBDataType #USB info
system_profiler SPAirPortDataType #Airport Info
#Searches
mdfind password #Show all the files that contains the word password
mfind -name password #List all the files containing the word password in the name
#Open any app
open -a <Application Name> --hide #Open app hidden
open some.doc -a TextEdit #Open a file in one application
#Computer doesn't go to sleep
caffeinate &
#Screenshot
# This will ask for permission to the user
screencapture -x /tmp/ss.jpg #Save screenshot in that file
#Get clipboard info
pbpaste
#system_profiler
system_profiler --help #This command without arguments take lot of memory and time.
system_profiler -listDataTypes
system_profiler SPSoftwareDataType SPNetworkDataType
#Network
arp -i en0 -l -a #Print the macOS device's ARP table
lsof -i -P -n | grep LISTEN
smbutil statshares -a #View smb shares mounted to the hard drive
#networksetup - set or view network options: Proxies, FW options and more
networksetup -listallnetworkservices #List network services
networksetup -listallhardwareports #Hardware ports
networksetup -getinfo Wi-Fi #Wi-Fi info
networksetup -getautoproxyurl Wi-Fi #Get proxy URL for Wifi
networksetup -getwebproxy Wi-Fi #Wifi Web proxy
networksetup -getftpproxy Wi-Fi #Wifi ftp proxy
#Brew
brew list #List installed
brew search <text> #Search package
brew info <formula>
brew install <formula>
brew uninstall <formula>
brew cleanup #Remove older versions of installed formulae.
brew cleanup <formula> #Remove older versions of specified formula.
#Make the machine talk
say hello -v diego
#spanish: diego, Jorge, Monica
#mexican: Juan, Paulina
#french: Thomas, Amelie
########### High privileges actions
sudo purge #purge RAM
#Sharing preferences
sudo launchctl load -w /System/Library/LaunchDaemons/ssh.plist (enable ssh)
sudo launchctl unload /System/Library/LaunchDaemons/ssh.plist (disable ssh)
#Start apache
sudo apachectl (start|status|restart|stop)
##Web folder: /Library/WebServer/Documents/
#Remove DNS cache
dscacheutil -flushcache
sudo killall -HUP mDNSResponder
Instalirani softver i usluge
Proverite da li su instalirane sumnjive aplikacije i privilegije nad instaliranim resursima:
system_profiler SPApplicationsDataType #Installed Apps
system_profiler SPFrameworksDataType #Instaled framework
lsappinfo list #Installed Apps
launchtl list #Services
Korisnički procesi
User processes are the programs and applications that are executed by a user on a macOS system. These processes run in the context of the user's account and have limited privileges and access to system resources. It is important to understand and monitor user processes to ensure the security and stability of the system.
Korisnički procesi su programi i aplikacije koje izvršava korisnik na macOS sistemu. Ovi procesi se izvršavaju u kontekstu korisničkog naloga i imaju ograničene privilegije i pristup sistemskim resursima. Važno je razumeti i pratiti korisničke procese kako bi se osigurala sigurnost i stabilnost sistema.
Listing User Processes
Lista korisničkih procesa
To list all user processes running on a macOS system, you can use the ps command with the -u option:
Da biste prikazali sve korisničke procese koji se izvršavaju na macOS sistemu, možete koristiti ps komandu sa opcijom -u:
ps -u
This will display a list of user processes along with their process IDs (PIDs), CPU usage, memory usage, and other information.
Ovo će prikazati listu korisničkih procesa zajedno sa njihovim identifikatorima procesa (PID), upotrebom CPU-a, upotrebom memorije i drugim informacijama.
Killing User Processes
Prekidanje korisničkih procesa
If you need to terminate a user process, you can use the kill command followed by the process ID (PID) of the process you want to kill:
Ako trebate da prekinete korisnički proces, možete koristiti kill komandu, a zatim identifikator procesa (PID) procesa koji želite da prekinete:
kill PID
Replace PID with the actual process ID of the process you want to terminate.
Zamenite PID stvarnim identifikatorom procesa koji želite da prekinete.
Monitoring User Processes
Praćenje korisničkih procesa
To monitor user processes in real-time, you can use the top command:
Da biste u realnom vremenu pratili korisničke procese, možete koristiti top komandu:
top
This will display a live view of the currently running processes, sorted by various criteria such as CPU usage, memory usage, and process ID.
Ovo će prikazati prikaz uživo trenutno pokrenutih procesa, sortiranih po različitim kriterijumima kao što su upotreba CPU-a, upotreba memorije i identifikator procesa.
You can press q to exit the top command.
Možete pritisnuti q da biste izašli iz top komande.
# will print all the running services under that particular user domain.
launchctl print gui/<users UID>
# will print all the running services under root
launchctl print system
# will print detailed information about the specific launch agent. And if it’s not running or you’ve mistyped, you will get some output with a non-zero exit code: Could not find service “com.company.launchagent.label” in domain for login
launchctl print gui/<user's UID>/com.company.launchagent.label
Kreiranje korisnika
Bez upita
Naučite hakovanje AWS-a od nule do heroja sa htARTE (HackTricks AWS Red Team Expert)!
Drugi načini podrške HackTricks-u:
- Ako želite da vidite vašu kompaniju reklamiranu na HackTricks-u ili preuzmete HackTricks u PDF formatu proverite SUBSCRIPTION PLANS!
- Nabavite zvanični PEASS & HackTricks swag
- Otkrijte The PEASS Family, našu kolekciju ekskluzivnih NFT-ova
- Pridružite se 💬 Discord grupi ili telegram grupi ili nas pratite na Twitter-u 🐦 @carlospolopm.
- Podelite svoje hakovanje trikove slanjem PR-ova na HackTricks i HackTricks Cloud github repozitorijume.