Speed Dating for Mac Admins
Terminal Login Banner
Last login: Wed Jun 1 23:03:39 on ttys000
'c. Logged in as: bill.smith
,xNMM. ---------------------------------
Last login: Wed Jun 1 23:03:39 on ttys000
'c. Logged in as: bill.smith
,xNMM. ---------------------------------
#! /usr/bin/env python3 | |
''' | |
Needs Requests (pip3 install requests) | |
Author: Marcello Salvati, Twitter: @byt3bl33d3r | |
License: DWTFUWANTWTL (Do What Ever the Fuck You Want With This License) | |
This should allow you to detect if something is potentially exploitable to the log4j 0day dropped on December 9th 2021. |
const app = Application.currentApplication() | |
app.includeStandardAdditions = true | |
function getJSON(path) { | |
const fullPath = path.replace(/^~/, app.pathTo('home folder')) | |
const contents = app.read(fullPath) | |
return JSON.parse(contents) | |
} | |
function run() { |
# ⌨️ TD 108 Functions Description | |
***Light Mode:*** | |
PRESS FN + F4 | |
+ Light up | |
+ Wave | |
+ Rain drop | |
+ Aurora | |
+ Breathing |
#!/usr/bin/python | |
# For mojave only | |
# In order for this to work, you will need to go to System Preferences in Mojave -> Security & Privacy -> Privacy -> Full Disk Access and grant Terminal.app permissions | |
import sqlite3 | |
conn = sqlite3.connect('/var/db/SystemPolicyConfiguration/KextPolicy') | |
c = conn.cursor() | |
query = 'SELECT * FROM kext_policy' | |
c.execute(query) |
#!/bin/bash | |
# Seriously there still apparently aren't enough warning labels | |
# If you don't understand the consequences don't do it | |
REMOVE_PATHS=( # "/var/db/ConfigurationProfiles/.passcodePolicesAreInstalled" | |
# "/var/db/ConfigurationProfiles/.cloudConfigHasActivationRecord" | |
# "/var/db/ConfigurationProfiles/.cloudConfigNoActivationRecord" | |
# "/var/db/ConfigurationProfiles/.cloudConfigProfileObtained" | |
# "/var/db/ConfigurationProfiles/.cloudConfigRecordFound" | |
# "/var/db/ConfigurationProfiles/.profilesAreInstalled" |
#!/usr/bin/python | |
import os | |
import sys | |
from CoreFoundation import (CFPreferencesAppValueIsForced, | |
CFPreferencesCopyAppValue, | |
CFPreferencesCopyValue, | |
kCFPreferencesAnyUser, | |
kCFPreferencesAnyHost, |
<# | |
Modified version of the script from Microsoft Documentation. | |
Removed the part that checks if the users is assigned more products than the group assigned license. | |
Added connection part and help to find Sku and Group Object ID. | |
This script requires Azure AD (aks MSOL) PowerShell v1. It doesn't seem possible to do so with v2. | |
Ref: https://docs.microsoft.com/en-us/azure/active-directory/active-directory-licensing-ps-examples | |
#> | |
Import-Module MSOnline | |
$UserCredential = Get-Credential |
parse_array() { | |
FS=':' | |
key=(); val=() | |
for (( i=0 ; i < $(eval echo \${#$1[@]}) ; i++ )); do | |
key+=( "$(eval echo \${$1[$i]} | awk -F${FS} '{print $1}')" ) | |
val+=( "$(eval echo \${$1[$i]} | awk -F${FS} '{print $2}')" ) | |
done | |
} | |
# Assuming script contains myarray=( "key1:value1" "key2:value2" ) | |
parse_array myarray |
from Foundation import NSBundle | |
import objc | |
CoreServices = NSBundle.bundleWithIdentifier_('com.apple.CoreServices') | |
functions = [ | |
('_LSCopyRunningApplicationArray', '@I'), | |
('_LSCopyApplicationInformation', '@I@@'), | |
] | |
constants = [ |