Pepijn Bruienne bruienne
bruienne
/ find32bit.py
Created
January 25, 2018 17:08
Find 32-bit executables in a given path. Uses the macholib module that ships with macOS.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| from macholib import MachO | |
| import macholib | |
| import os | |
| import sys | |
| path = sys.argv[1] | |
| for root, dirs, files in os.walk(path): |
bruienne
/ pbkdf2-iteration-check.sh
Created
November 29, 2017 07:37
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| sudo /usr/libexec/PlistBuddy -x -c 'Print :ShadowHashData' /var/db/dslocal/nodes/Default/users/root.plist | awk '/\t[^\<]/{print $1}' | base64 -D | plutil -convert xml1 -o - -- - | python -c 'import plistlib; import sys; plist = plistlib.readPlistFromString(sys.stdin.read()); print plist["SALTED-SHA512-PBKDF2"]["iterations"]' |
bruienne
/ Sierra-10.12.2-16C68-diff.txt
Created
December 16, 2016 18:16
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| "./Library/Documentation/License.lpdf/Contents/Resources/Dutch.lproj/License.pdf" | |
| "./Library/Documentation/License.lpdf/Contents/Resources/English.lproj/License.pdf" | |
| "./Library/Documentation/License.lpdf/Contents/Resources/French.lproj/License.pdf" | |
| "./Library/Documentation/License.lpdf/Contents/Resources/German.lproj/License.pdf" | |
| "./Library/Documentation/License.lpdf/Contents/Resources/Italian.lproj/License.pdf" | |
| "./Library/Documentation/License.lpdf/Contents/Resources/Japanese.lproj/License.pdf" | |
| "./Library/Documentation/License.lpdf/Contents/Resources/Spanish.lproj/License.pdf" | |
| "./Library/Documentation/License.lpdf/Contents/Resources/ar.lproj/License.pdf" | |
| "./Library/Documentation/License.lpdf/Contents/Resources/ca.lproj/License.pdf" | |
| "./Library/Documentation/License.lpdf/Contents/Resources/cs.lproj/License.pdf" |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0" encoding="UTF-8"?> | |
| <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> | |
| <plist version="1.0"> | |
| <dict> | |
| <key>KeepAlive</key> | |
| <dict> | |
| <key>PathState</key> | |
| <dict> | |
| <key>/Library/Managed Preferences/org.my.push.plist</key> | |
| <true/> |
bruienne
/ google_chrome_update_checker.py
Created
September 27, 2016 19:24
Basic concept for querying for Google Chrome updates based on current Chrome version/OS/arch
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| import xml.etree.ElementTree as ET | |
| import requests | |
| import uuid | |
| params = {'cup2hreq': 'foo', 'cup2key': 'bar'} | |
| platform = 'mac' | |
| os_version = '10.12' |
bruienne
/ create_osx_pbkdf2_plist.py
Created
April 24, 2016 15:52
Create an MDM-compatible PBKDF2 hash and plist for use with AccountConfiguration
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| # Requires passlib: pip install passlib | |
| from passlib.hash import pbkdf2_sha512 | |
| from passlib.util import ab64_decode | |
| from biplist import * | |
| # Checksum size must be 128 bytes for use as OS X password hash! | |
| pbkdf2_sha512.checksum_size = 128 | |
| hash = pbkdf2_sha512.encrypt("password", rounds=38000, salt_size=32) |
bruienne
/ pfstart.sh
Created
April 4, 2016 18:40
Sample script to chainload a custom ruleset into PF, avoids editing Apple's standard config
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash -x | |
| # Wait for networking to be up, just in case | |
| /usr/sbin/ipconfig waitall | |
| # Loop on the presence of the standard Apple ruleset before proceeding | |
| # This way we don't accidentally get overruled (SWIDT) if com.apple.pfctl | |
| # happens to be loaded after myorg.pf. | |
| count=0 | |
| while [[ $(pfctl -sr 2>&1 | egrep "apple" | wc -l) -eq 0 && $count -lt 12 ]]; do |
bruienne
/ myorg.pf.plist
Created
April 4, 2016 18:35
Sample LD to load a custom ruleset without modifying Apple's standard PF config
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0" encoding="UTF-8" ?> | |
| <!DOCTYPE plist PUBLIC "-//Apple Computer/DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> | |
| <plist version="1.0"> | |
| <dict> | |
| <key>Label</key> | |
| <string>myorg.pf.plist</string> | |
| <key>Program</key> | |
| <string>/usr/local/bin/pfstart.sh</string> | |
| <key>ProgramArguments</key> | |
| <array> |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| anchor "myorg.pf" | |
| load anchor "myorg.pf" from "/etc/pf.anchors/myorg.pf.rules" |
bruienne
/ myorg.pf.rules
Created
April 4, 2016 18:32
Generic ruleset to block SSH and ARD from unknown IPs
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Allow trusted addresses to get to SSH and Apple remote desktop. | |
| # Ports filtered - add more ports to allow more services as needed | |
| # 22/tcp: ssh | |
| # 3283/tcp: Apple Remote Desktop | |
| # 3283/udp: Apple Remote Desktop | |
| # 5900/tcp: Apple Remote Desktop/VNC | |
| incoming_services_tcp = "{ 22, 3283, 5900 }" | |
| incoming_services_udp = "{ 3283 }" |
NewerOlder