Podziel się trikami hackingowymi, przesyłając PR-y doHackTricks i HackTricks Cloud repozytoriów na githubie.
Na tej stronie możesz znaleźć, jak stworzyć aplikację do uruchamiania dowolnych poleceń z wnętrza domyślnego sandboxa macOS:
Skompiluj aplikację:
main.m
#include <Foundation/Foundation.h>
int main(int argc, const char * argv[]) {
@autoreleasepool {
while (true) {
char input[512];
printf("Enter command to run (or 'exit' to quit): ");
if (fgets(input, sizeof(input), stdin) == NULL) {
break;
}
// Remove newline character
size_t len = strlen(input);
if (len > 0 && input[len - 1] == '\n') {
input[len - 1] = '\0';
}
if (strcmp(input, "exit") == 0) {
break;
}
system(input);
}
}
return 0;
}
Skompiluj to uruchamiając: clang -framework Foundation -o SandboxedShellApp main.m
Zbuduj pakiet .app
mkdir-pSandboxedShellApp.app/Contents/MacOSmvSandboxedShellAppSandboxedShellApp.app/Contents/MacOS/cat<<EOF>SandboxedShellApp.app/Contents/Info.plist<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"><plist version="1.0"><dict><key>CFBundleIdentifier</key><string>com.example.SandboxedShellApp</string><key>CFBundleName</key><string>SandboxedShellApp</string><key>CFBundleVersion</key><string>1.0</string><key>CFBundleExecutable</key><string>SandboxedShellApp</string></dict></plist>EOF
Zdefiniuj uprawnienia
cat<<EOF>entitlements.plist<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"><plist version="1.0"><dict><key>com.apple.security.app-sandbox</key><true/></dict></plist>EOF
cat<<EOF>entitlements.plist<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"><plist version="1.0"><dict><key>com.apple.security.app-sandbox</key><true/><key>com.apple.security.files.downloads.read-write</key><true/></dict></plist>EOF
Podpisz aplikację (musisz utworzyć certyfikat w pęku kluczy)
codesign--entitlementsentitlements.plist-s"YourIdentity"SandboxedShellApp.app./SandboxedShellApp.app/Contents/MacOS/SandboxedShellApp# An d in case you need this in the futurecodesign--remove-signatureSandboxedShellApp.app