macOS Bypassing Firewalls
Last updated
Last updated
Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE) Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)
The following techniques were found working in some macOS firewall apps.
For example calling the malware with names of well known macOS processes like launchd
If the firewall ask for permission to the user make the malware click on allow
Like curl
, but also others like whois
The firewall could be allowing connections to well known apple domains such as apple.com
or icloud.com
. And iCloud could be used as a C2.
Some ideas to try to bypass firewalls
Knowing the allowed traffic will help you identify potentially whitelisted domains or which applications are allowed to access them
DNS resolutions are done via mdnsreponder
signed application which will probably vi allowed to contact DNS servers.
oascript
Google Chrome
Firefox
Safari
If you can inject code into a process that is allowed to connect to any server you could bypass the firewall protections:
macOS Process AbuseLearn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE) Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)