var img = document.createElement('img'); img.src = "https://calabrone.net/piwik.php?idsite=2&rec=1&url=https://stinger.io" + location.pathname; img.style = "border:0"; img.alt = "tracker"; var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(img,s);
Skip to main content

Abuse Launch Daemons

Cron jobs or launch daemons running with root privileges could be misconfigured or exploited.

Check for cron jobs and their permissions:

crontab -l
ls -al /etc/cron*

Example output: List of cron jobs running as root or with root access.

If any cron job calls a script or binary with weak permissions, it can be exploited.

Launch Daemons:

A launch daemon in macOS is an unattended background process that runs at the system level. They start automatically on system boot, and executes tasks in the background without any user interaction. Launch daemons typically require elevated privileges to setup and run.

Examine system launch daemons for misconfigurations:

ls -l /Library/LaunchDaemons/

These are typically in a Property List (plist) file. Check if any scripts are being executed with root privileges and are writable by the user.

macOS also has Launch Agents, which is a type of launch daemon, and are used for running background tasks at specific intervals. A user is capable of having launch agents that they can setup and control, but they typically will not have elevated privileges.

${HOME}/Library/LaunchAgents