Skip to content

Instantly share code, notes, and snippets.

Avatar

Pepijn Bruienne bruienne

View GitHub Profile
@bruienne
bruienne / find32bit.py
Created Jan 25, 2018
Find 32-bit executables in a given path. Uses the macholib module that ships with macOS.
View find32bit.py
#!/usr/bin/python
from macholib import MachO
import macholib
import os
import sys
path = sys.argv[1]
for root, dirs, files in os.walk(path):
View pbkdf2-iteration-check.sh
sudo /usr/libexec/PlistBuddy -x -c 'Print :ShadowHashData' /var/db/dslocal/nodes/Default/users/root.plist | awk '/\t[^\<]/{print $1}' | base64 -D | plutil -convert xml1 -o - -- - | python -c 'import plistlib; import sys; plist = plistlib.readPlistFromString(sys.stdin.read()); print plist["SALTED-SHA512-PBKDF2"]["iterations"]'
View Sierra-10.12.2-16C68-diff.txt
"./Library/Documentation/License.lpdf/Contents/Resources/Dutch.lproj/License.pdf"
"./Library/Documentation/License.lpdf/Contents/Resources/English.lproj/License.pdf"
"./Library/Documentation/License.lpdf/Contents/Resources/French.lproj/License.pdf"
"./Library/Documentation/License.lpdf/Contents/Resources/German.lproj/License.pdf"
"./Library/Documentation/License.lpdf/Contents/Resources/Italian.lproj/License.pdf"
"./Library/Documentation/License.lpdf/Contents/Resources/Japanese.lproj/License.pdf"
"./Library/Documentation/License.lpdf/Contents/Resources/Spanish.lproj/License.pdf"
"./Library/Documentation/License.lpdf/Contents/Resources/ar.lproj/License.pdf"
"./Library/Documentation/License.lpdf/Contents/Resources/ca.lproj/License.pdf"
"./Library/Documentation/License.lpdf/Contents/Resources/cs.lproj/License.pdf"
View org.my.push.agent.plist
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>KeepAlive</key>
<dict>
<key>PathState</key>
<dict>
<key>/Library/Managed Preferences/org.my.push.plist</key>
<true/>
@bruienne
bruienne / google_chrome_update_checker.py
Created Sep 27, 2016
Basic concept for querying for Google Chrome updates based on current Chrome version/OS/arch
View google_chrome_update_checker.py
#!/usr/bin/python
import xml.etree.ElementTree as ET
import requests
import uuid
params = {'cup2hreq': 'foo', 'cup2key': 'bar'}
platform = 'mac'
os_version = '10.12'
@bruienne
bruienne / create_osx_pbkdf2_plist.py
Created Apr 24, 2016
Create an MDM-compatible PBKDF2 hash and plist for use with AccountConfiguration
View create_osx_pbkdf2_plist.py
#!/usr/bin/python
# Requires passlib: pip install passlib
from passlib.hash import pbkdf2_sha512
from passlib.util import ab64_decode
from biplist import *
# Checksum size must be 128 bytes for use as OS X password hash!
pbkdf2_sha512.checksum_size = 128
hash = pbkdf2_sha512.encrypt("password", rounds=38000, salt_size=32)
@bruienne
bruienne / pfstart.sh
Created Apr 4, 2016
Sample script to chainload a custom ruleset into PF, avoids editing Apple's standard config
View pfstart.sh
#!/bin/bash -x
# Wait for networking to be up, just in case
/usr/sbin/ipconfig waitall
# Loop on the presence of the standard Apple ruleset before proceeding
# This way we don't accidentally get overruled (SWIDT) if com.apple.pfctl
# happens to be loaded after myorg.pf.
count=0
while [[ $(pfctl -sr 2>&1 | egrep "apple" | wc -l) -eq 0 && $count -lt 12 ]]; do
@bruienne
bruienne / myorg.pf.plist
Created Apr 4, 2016
Sample LD to load a custom ruleset without modifying Apple's standard PF config
View myorg.pf.plist
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE plist PUBLIC "-//Apple Computer/DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>myorg.pf.plist</string>
<key>Program</key>
<string>/usr/local/bin/pfstart.sh</string>
<key>ProgramArguments</key>
<array>
@bruienne
bruienne / myorg.pf.conf
Created Apr 4, 2016
PF conf to load the ruleset
View myorg.pf.conf
anchor "myorg.pf"
load anchor "myorg.pf" from "/etc/pf.anchors/myorg.pf.rules"
@bruienne
bruienne / myorg.pf.rules
Created Apr 4, 2016
Generic ruleset to block SSH and ARD from unknown IPs
View myorg.pf.rules
# Allow trusted addresses to get to SSH and Apple remote desktop.
# Ports filtered - add more ports to allow more services as needed
# 22/tcp: ssh
# 3283/tcp: Apple Remote Desktop
# 3283/udp: Apple Remote Desktop
# 5900/tcp: Apple Remote Desktop/VNC
incoming_services_tcp = "{ 22, 3283, 5900 }"
incoming_services_udp = "{ 3283 }"