Skip to content

Latest commit

 

History

History
488 lines (362 loc) · 19.1 KB

README.md

File metadata and controls

488 lines (362 loc) · 19.1 KB

macos-all

关于macos的实用内容。

杀掉可恶的adobe进程

#! /bin/bash
ps -efh | grep Adobe | awk 'NR>1{print p, p1}{p=$2;p1=$8}'
ps -efh | grep Adobe | awk 'NR>1{print p}{p=$2}' | xargs kill 
cd ~/Library/LaunchAgents && ls -l | grep com.adobe | awk '{print $9}' | xargs rm -rf
cd /Library/LaunchAgents && ls -l | grep com.adobe | awk '{print $9}' | xargs rm -rf
cd /Library/LaunchDaemons && ls -l | grep com.adobe | awk '{print $9}' | xargs rm -rf
rm -rf /Applications/Utilities/Adobe\ Creative\ Cloud/CCLibrary
rm -rf /Applications/Utilities/Adobe\ Creative\ Cloud/CCXProcess
rm -rf /Applications/Utilities/Adobe\ Creative\ Cloud/CoreSync

重启vmware虚拟机的网络服务

  • 需要root权限
sudo /Applications/VMware\ Fusion.app/Contents/Library/vmnet-cli --stop
sudo /Applications/VMware\ Fusion.app/Contents/Library/vmnet-cli --start

删除docker悬空镜像

# fish shell
docker rmi (docker images -f "dangling=true" -q)
# bash shell
docker rmi $(docker images -f "dangling=true" -q)

java 程序命令行启动设置代理

java -Dhttp.proxyHost=127.0.0.1 -Dhttp.proxyPort=8080 -Dhttps.proxyHost=127.0.0.1 -Dhttps.proxyPort=8080 -jar xxx.jar

命令行多线程下载工具

brew install axel

axel -n 20 http://xxxxxxxxxxxxxxxxxxxxxxxx

nessus 破解

macos下脚本命名为 patch.shall-2.0.tar.gz nessus-fetch.rc一同放到/Library/Nessus/run/sbin/目录下

#!/bin/bash

# Check root
if [ "$(whoami)" != "root" ]
then
    echo "[!] Please use root, sudo ./patch.sh"
    exit
fi

cd /Library/Nessus/run/sbin
echo '[...] Now updating from package...'
./nessuscli update ./all-2.0.tar.gz > nessuspatch.log
cp nessus-fetch.rc /Library/Nessus/run/etc/nessus/nessus-fetch.rc
VERSION=$(cat nessuspatch.log | grep -Eo '\d{12}' | head -n 1)

echo "[+] Get version: $VERSION"

echo '[...] Please restart nessus by manual...'
flag=n
while [ "$flag" != "y" ] && [ "$flag" != "Y" ]
do
    read -r -p 'restart over?(y/n)> ' flag
done

VERSION=$(cat nessuspatch.log | grep -Eo '\d{12}' | head -n 1)
cat > /Library/Nessus/run/var/nessus/plugin_feed_info.inc <<EOF
PLUGIN_SET = "$VERSION";
PLUGIN_FEED = "ProfessionalFeed (Direct)";

PLUGIN_FEED_TRANSPORT = "Tenable Network Security Lightning";
EOF

echo '[+] Write to file success: /Library/Nessus/run/var/nessus/plugin_feed_info.inc'
cat /Library/Nessus/run/var/nessus/plugin_feed_info.inc

rm -rf /Library/Nessus/run/lib/nessus/plugins/plugin_feed_info.inc
echo '[+] Remove /Library/Nessus/run/lib/nessus/plugins/plugin_feed_info.inc success'

echo '[+] Patch Done, please restart nessus by manual...'
cd /Library/Nessus/run/sbin/
sudo chmod +x patch.sh
sudo ./patch.sh

macos的nessus没法通过shell脚本没法完全控制nessus服务启停,破解过程中需要手动重启一下nessus,注意脚本运行提示。

chrome系浏览器提示https打不开

问题页面键盘直接敲thisisunsafe

一行命令解密VNC

6bcf2a4b6e5aca0f 解密: sT333ve2

echo -n 6bcf2a4b6e5aca0f | xxd -r -p | openssl enc -des-cbc --nopad --nosalt -K e84ad660c4721ae0 -iv 0000000000000000 -d

burpsuite 关闭http/2

Project options ==> HTTP ==> HTTP/2 取消勾选http2支持

获取16进制字符串

echo "test strxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx....." | xxd -c 1000000 -p -l 1000000
# 746573742073747278787878787878787878787878787878787878787878787878787878787878787878787878787878787878787878782e2e2e2e2e0a

生成md文档目录

# 下载
curl https://raw.githubusercontent.com/ekalinin/github-markdown-toc/master/gh-md-toc -o gh-md-toc
chmod a+x gh-md-toc
# 使用
gh-md-toc file.md
gh-md-toc https://github.com/AbelChe/macos-all

frp内网穿透配置

frps.ini

[common]
bind_port = 21234
bind_addr = 0.0.0.0

frpc.ini

[common]
server_addr = vpsip
server_port = 21234

[http_proxy]
type = tcp
remote_port = 7777
plugin = socks5

挂socks5://vpsip:7777

搜索各种key的正则

burp使用

(?i)((access_key|access_token|admin_pass|admin_user|algolia_admin_key|algolia_api_key|alias_pass|alicloud_access_key|amazon_secret_access_key|amazonaws|ansible_vault_password|aos_key|api_key|api_key_secret|api_key_sid|api_secret|api.googlemaps AIza|apidocs|apikey|apiSecret|app_debug|app_id|app_key|app_log_level|app_secret|appkey|appkeysecret|application_key|appsecret|appspot|auth_token|authorizationToken|authsecret|aws_access|aws_access_key_id|aws_bucket|aws_key|aws_secret|aws_secret_key|aws_token|AWSSecretKey|b2_app_key|bashrc password|bintray_apikey|bintray_gpg_password|bintray_key|bintraykey|bluemix_api_key|bluemix_pass|browserstack_access_key|bucket_password|bucketeer_aws_access_key_id|bucketeer_aws_secret_access_key|built_branch_deploy_key|bx_password|cache_driver|cache_s3_secret_key|cattle_access_key|cattle_secret_key|certificate_password|ci_deploy_password|client_secret|client_zpk_secret_key|clojars_password|cloud_api_key|cloud_watch_aws_access_key|cloudant_password|cloudflare_api_key|cloudflare_auth_key|cloudinary_api_secret|cloudinary_name|codecov_token|config|conn.login|connectionstring|consumer_key|consumer_secret|credentials|cypress_record_key|database_password|database_schema_test|datadog_api_key|datadog_app_key|db_password|db_server|db_username|dbpasswd|dbpassword|dbuser|deploy_password|digitalocean_ssh_key_body|digitalocean_ssh_key_ids|docker_hub_password|docker_key|docker_pass|docker_passwd|docker_password|dockerhub_password|dockerhubpassword|dot-files|dotfiles|droplet_travis_password|dynamoaccesskeyid|dynamosecretaccesskey|elastica_host|elastica_port|elasticsearch_password|encryption_key|encryption_password|env.heroku_api_key|env.sonatype_password|eureka.awssecretkey)[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([0-9a-zA-Z\-_=]{8,64})['\"]

vscode使用

((access_key|access_token|admin_pass|admin_user|algolia_admin_key|algolia_api_key|alias_pass|alicloud_access_key|amazon_secret_access_key|amazonaws|ansible_vault_password|aos_key|api_key|api_key_secret|api_key_sid|api_secret|api.googlemaps AIza|apidocs|apikey|apiSecret|app_debug|app_id|app_key|app_log_level|app_secret|appkey|appkeysecret|application_key|appsecret|appspot|auth_token|authorizationToken|authsecret|aws_access|aws_access_key_id|aws_bucket|aws_key|aws_secret|aws_secret_key|aws_token|AWSSecretKey|b2_app_key|bashrc password|bintray_apikey|bintray_gpg_password|bintray_key|bintraykey|bluemix_api_key|bluemix_pass|browserstack_access_key|bucket_password|bucketeer_aws_access_key_id|bucketeer_aws_secret_access_key|built_branch_deploy_key|bx_password|cache_driver|cache_s3_secret_key|cattle_access_key|cattle_secret_key|certificate_password|ci_deploy_password|client_secret|client_zpk_secret_key|clojars_password|cloud_api_key|cloud_watch_aws_access_key|cloudant_password|cloudflare_api_key|cloudflare_auth_key|cloudinary_api_secret|cloudinary_name|codecov_token|config|conn.login|connectionstring|consumer_key|consumer_secret|credentials|cypress_record_key|database_password|database_schema_test|datadog_api_key|datadog_app_key|db_password|db_server|db_username|dbpasswd|dbpassword|dbuser|deploy_password|digitalocean_ssh_key_body|digitalocean_ssh_key_ids|docker_hub_password|docker_key|docker_pass|docker_passwd|docker_password|dockerhub_password|dockerhubpassword|dot-files|dotfiles|droplet_travis_password|dynamoaccesskeyid|dynamosecretaccesskey|elastica_host|elastica_port|elasticsearch_password|encryption_key|encryption_password|env.heroku_api_key|env.sonatype_password|eureka.awssecretkey)[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['"]([0-9a-zA-Z\-_=]{8,64})['"]

vim使用粘贴模式

当使用vim粘贴大段文字、代码的时候,很可能由于vim的缩进规则导致粘贴进来的文本格式错乱,这时我们可以使用粘贴模式进行输入 只需要使用如下指令,然后再次进入INSERT模式,可见到左下角的提示变更为INSERT (paset),这时我们直接粘贴就可以保持原文格式了。

:set paste

python一行代码生成随机字符串

import string
import random
''.join(random.choice(string.ascii_letters + string.digits) for _ in range(32))

git清除已提交的敏感信息

git filter-branch --force --index-filter 'git rm --cached --ignore-unmatch path/to/file_to_del.txt' --prune-empty --tag-name-filter cat -- --all
git push origin --force --all

python3编码utf8导致的异或xor问题

python3的编码一直以来都令人头疼,最近写东西,用到了python3的异或,逻辑没有问题,但是结果总是错误,几番折腾,发现是python3编码的问题,多方求助未果,遂上谷歌,找到了解决方案。 感谢这位大佬剖析和解决方案:https://jiayu0x.com/2019/05/26/The_right_way_to_xor_encoding_with_python3/

# 第一种方案
def xor_crypt(data, key):
    cipher_data = []
    len_data = len(data)
    len_key = len(key)
    for idx in range(len_data):
        bias = key[idx % len_key]
        curr_byte = data[idx]
        cipher_data.append(bias ^ curr_byte)
    return bytearray(cipher_data)

# 第二种方案
def XORCrypt(data, key):
    return bytearray(a^b for a, b in zip(*map(bytearray, [data, key])))

# key固定的情况下
bytes(a^key for a in data_input)

python实用的迭代器

  1. 从几个字符中生成所有组合
import itertools

SEED = '12ab'

def strGenter(min, max):
    for n in range(min, max):
        for i in itertools.product(SEED, repeat=n):
            yield i

# 从12ab四个字符,生成长度为5的所有组合
for i in strGenter(5, 6):
    print(i)
    # (1, 1, 1, 1, 1) (1, 1, 1, 1, 2) (1, 1, 1, 1, 'a') ................('b', 'b', 'b', 'b', 'b')

# 从12ab四个字符,生成长度为6、7、8、9的所有组合
for i in strGenter(6, 10):
    print(i)

MacForge为扩展添加单独黑名单

MacForge是一款mac系统插件扩展工具,可以安装各种非常实用的扩展功能,比如moremenu moremenu可以折叠起应用菜单栏,为顶栏释放更多空间,但是很多应用收起菜单栏之后可能会导致程序崩溃,比如网易云音乐.app 因为其他插件能够正常使用,所以只需要屏蔽这一个插件即可 只需要修改该插件包中的黑名单文件即可,比如网易云音乐,讲id添加进去即可<string>com.netease.163music</string> /Library/Application Support/MacEnhance/Plugins/moreMenu.bundle/Contents/Resources/globalBlacklist.plist

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<array>
	<string>com.apple.loginwindow</string>
	<string>com.netease.163music</string>
</array>
</plist>

ToDesk server进程自启问题

ToDesk server进程后台自启,kill之后还是会启动 可以这样干掉

sudo launchctl unload /Library/LaunchDaemons/com.youqu.todesk.service.plist

Navicat连接sqlserver数据库不显示系统库

macos版的设置和windows版的位置不同

windows版本,菜单栏“工具” “选项” “常规” 勾选“显示系统项目”

macos版本,菜单栏“查看”勾选“显示隐藏的项目”

一行命令查询fofa

echo -n 'app="Microsoft-Outlook" && icon_hash="1768726119" && country!="CN"' | base64 | xargs -I '{}' curl -s 'https://fofa.info/api/v1/search/[email protected]&key=xxxxxxxxxxxxxxxxxxxxxxxx&size=100&fields=host&qbase64={}' | jq '.results[]' | sed 's/\"//g'

搜索可用的socks5代理

  1. fofa 修改url中的email和key
echo -n 'protocol="socks5" && "Version:5 Method:No Authentication(0x00)" && after="2023-02-01"' | \
base64 | \
xargs -S 40960 -I '{}' curl -s 'https://fofa.info/api/v1/search/[email protected]&key=xxxxxxxxxxxxxxxxxxx&size=500&fields=host&qbase64={}' | \
jq -r '.results[]' | \
xargs -I \{\} \
  bash -c 'echo -n {} && ip=$(curl -s ipinfo.io --connect-timeout 3 -m 5 --proxy socks5://{} | jq -r ".ip") && if [ $? -eq 0 ] && [ $ip ]; then printf " OK\n";echo {} >> /tmp/proxylist.txt; else echo ""; fi'; \
echo ----------------- && \
sort -k2n /tmp/proxylist.txt | sed '$!N; /^\(.*\)\n\1$/!P; D'
  1. zoomeye 修改请求头中的API-KEY
for i in `seq 1 15`; do \
  echo -n 'service:"socks5" +after:"2023-02-01" +banner:"Version:5 Method:No Authentication(0x00)"' | \
  xargs -S 40960 -I \{\} curl -s -G --data-urlencode "query={}" "https://api.zoomeye.org/host/search?page=$i" -H "API-KEY:56xxxxxxxxxxxxxxxxxxxx86" | \
  jq -r '.matches[] | [.ip, .portinfo.port] | join(":")' | \
  xargs -I \{\} \
    bash -c 'echo -n {} && ip=$(curl -s ipinfo.io --connect-timeout 3 -m 5 --proxy socks5://{} | jq -r ".ip") && if [ $? -eq 0 ] && [ $ip ]; then printf " OK\n";echo {} >> /tmp/proxylist.txt; else echo ""; fi'; \
done; \
echo ----------------- && \
sort -k2n /tmp/proxylist.txt | sed '$!N; /^\(.*\)\n\1$/!P; D'
  1. 360 quake 修改请求头中的X-QuakeToken
echo -n 'country: "China" AND service:"socks5" AND response:"Version: 5 Accepted Auth Method: 0x0 (No authentication)"' | \
awk '{ gsub(/"/,"\\\\\\\\\\\\\\""); print $0 }' | \
xargs -S 40960 -I \{\} curl -s -X POST -H "X-QuakeToken: xxxxxxxxxxxxxxxxxxxxxxx" -H "Content-Type: application/json" https://quake.360.net/api/v3/search/quake_service -d '{"query": "{}", "start": 0, "size": 200}' | \
jq -r '.data[] | [.ip,.port] | join(":")' | \
xargs -I \{\} \
  bash -c 'echo -n {} && ip=$(curl -s ipinfo.io --connect-timeout 3 -m 5 --proxy socks5://{} | jq -r ".ip") && if [ $? -eq 0 ] && [ $ip ]; then printf " OK\n";echo {} >> /tmp/proxylist.txt; else echo ""; fi'; \
echo ----------------- && \
sort -k2n /tmp/proxylist.txt | sed '$!N; /^\(.*\)\n\1$/!P; D'

空格预览关联自定义文件类型

MacOS安装quick-look-plugins之后仍然无法预览jsp asp等文件,解决方法参考:https://www.jianshu.com/p/7a4dc9324fa7

获取扩展名对应的值

mdls -name kMDItemContentType ./file.xxx

留存一下我常用的后缀吧:

| name     | kMDItemContentType           |
| :------- | :--------------------------- |
| .aspx    | dyn.ah62d4rv4ge80c65uta      |
| .asp     | dyn.ah62d4rv4ge80c65u        |
| .jsp     | dyn.ah62d4rv4ge80y65u        |
| .jspx    | dyn.ah62d4rv4ge80y65uta      |
| .ashx    | dyn.ah62d4rv4ge80c65kta      |
| .cna     | dyn.ah62d4rv4ge80g5xb        |
| .nse     | dyn.ah62d4rv4ge80665f        |
| .profile | dyn.ah62d4rv4ge81a6xtq3y023k |

打开~/Library/QuickLook/QLColorCode.qlgenerator/Contents/Info.plist,使用xcode或者文本编辑器都行 xcode的话直接在Document types > Item 0 > Document Content Type UTIs (CFBundleDocumentTypes > Item 0 > LSItemContentTypes添加即可

open ~/Library/QuickLook/QLColorCode.qlgenerator/Contents/Info.plist

vscode等文本编辑器的话,在<key>LSItemContentTypes</key>字段中添加如下

				<string>dyn.ah62d4rv4ge80c65uta</string>
				<string>dyn.ah62d4rv4ge80c65u</string>
				<string>dyn.ah62d4rv4ge80y65u</string>
				<string>dyn.ah62d4rv4ge80g5xb</string>
				<string>dyn.ah62d4rv4ge80665f</string>
				<string>dyn.ah62d4rv4ge80c65kta</string>
				<string>dyn.ah62d4rv4ge80y65uta</string>
				<string>dyn.ah62d4rv4ge81a6xtq3y023k</string>

MacOS端微信小程序反编译

3.8以上版本的MacOS端的微信可以直接获取到未加密的微信小程序包,路径如下:

/Users/AbelChe/Library/Containers/com.tencent.xinWeChat/Data/.wxapplet/packages

直接使用wxappUnpacker解包即可

编译安全(防止信息泄漏)

各种编译类语言编译的可执行文件中默认会将我们的本地路径包含进去,看似无关紧要的信息有时可能会成为致命危害(比如编译的程序被分析,抓到ID,被溯源)

这完全可以通过一些配置、参数将不必要的风险扼杀。

最好的通杀解决方法就是不要使用带有自己ID的机器进行编译,比如可以使用虚拟机,但是这偶尔也会有环境搭建的重复工作。

这里给出几种语言的解决方案

CSharp

以直接修改.csproj文件

<Project>
<!-- ... -->
  <Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
  <PropertyGroup>
    <!-- after 'Microsoft.CSharp.targets' for 'IntermediateOutputPath' to be defined -->
    <PathMap>$(MSBuildProjectDirectory)\$(IntermediateOutputPath)=.</PathMap>
  </PropertyGroup>
</Project>

RUST

MacOS上交叉编译去除符号链接,修改~/.cargo/config

[target.x86_64-pc-windows-gnu]
rustflags = [
  "-C", "link-arg=-s",
]

但是仅仅这样并不能完全去除敏感路径信息,还会有一些依赖库文件的绝对路径暴露 暴力一点,直接替换敏感信息字段吧,比如将“/Users/Name”全局替换为"/Users/1234"

ps:替换后的字符数量要和之前保持一致

GO

MacOS深色主题下应用程序标题栏的适配问题

比如Burpsuite启动之后,修改burp主题,标题栏仍然是可恶的白色,可以在info.plist文件30行附近添加NSRequiresAquaSystemAppearance选项

<dict>
......
<key>NSRequiresAquaSystemAppearance</key>
<false/>
...
</dict>

其他java应用程序可以在命令行启动时候添加如下参数:

-Dapple.awt.application.appearance=system