From this query we can see that a user is running TextEdit with root privileges remember this as we explore the dangers of root privileges throughout the book. The last part of the line “sudo /Applications/Tex…” is also the plain text command the user typed so we know exactly what the user was attempting to invoke by looking at the application and the command line switches. Example of Process Status Being Piped to Grep to Search for the “sudo” String
This means type the beginning of a folder or file like “Appli” and hit the tab key and it will become “Applications” on the command line or list out all the items beginning with “Appli.” So we’re on a system through our awesome ninja attack powers, we have a shell, and now we need to figure out whom we are, look for information, and possible privilege escalation avenues.įigure 4.26. We will be skipping over the very basic commands such as navigation, but there is an extensive list of basic commands in the last chapter and you can always just ask Google.įirst and foremost save your fingers some work and use the “tab autocomplete” feature when able in a *nix OS. We are going to start with some very basic commands and their outputs to help you become accustomed to working in this command line only environment. Seeing as OS X is based on a hybrid XNU kernel you will see that most commands that work within a Unix-based environment will help you navigate around the environment. Exploits are developed and vulnerabilities are discovered at an alarming rate for all flavors of operating systems causing the entry vector to change over time, but the OS commands remain fairly constant.
STARTX MORE VERBOSE HOW TO
It may seem as if we are putting the cart before the horse by showing you techniques to look around the system before we show you how to compromise the system, but knowing what to do when you get there can be more important than how you get there. The commands demonstrated in this part of the chapter are a few common commands we will be using throughout the book, but as always this list is not all encompassing as we will use many utilities and techniques in the coming chapters. What we are looking at in this part of the chapter is twofold, first we are going to take the approach that we have compromised a system and need to look around for a foothold or data and second we will take the approach of a vulnerability researcher. Looking at the information we’ve gathered so far we have DNS records, packet captures, open ports, service names, service version and a host of other useful information, but now we need to step onto the client and start to do some looking around at ways to attack possible vulnerabilities in the system and gather information.
STARTX MORE VERBOSE FREE
So we’ve seen through various methods how to find a target of interest on a network using a few widely available free tools. Russ Rogers, in The Hacker's Guide to OS X, 2013 On the Client