Implement getjail - Githubissues

0xmachos / mOrc

mOrc is a post-exploitation framework for macOS written in Bash

MIT License

18 stars 2 forks source link

Implement getjail #2

Open 0xmachos opened 5 years ago

0xmachos commented 5 years ago

Check if we're in chroot, a hypervisor or a VM.

Worth trying to detect sandbox-exec or Jailkit?

[ ] chroot
- Quite rare on macOS from what I've seen but probably still worth implementing.
[x] VMware VM
[ ] VirtualBox VM
[ ] Generic VM
[ ] Hypervisor
- I don't have any hardware to test hypervisor detection.

zMarch commented 5 years ago

containers should still be detectable with ls -di, i think. I'm not super familiar with the OSX filesystem, or indeed what options are available with OSX ls (so -di might be out), but i recall it has inodes, and / should always have an inode of 2 - which means you can detect chroots, dockers, etc, by having a poke