(Mac pentest series) Install Homebrew without sudo privilege

Recently, my company provided me with a 2023 MacBook Pro, equipped with the M2 chip, as a replacement for my old Lenovo laptop. Along with that, I was given the task of testing the MacBook’s security in the workplace. This marked the beginning of my security journey with Apple products. Previously, I had extensively researched Windows Active Directory, taken numerous tests, and obtained certifications. Therefore, Apple product security was an entirely new world for me.

First and foremost, the provided MacBook came with several restrictions. It was not possible to log in with a personal iCloud account, and self-software installation was restricted. Only a specific set of work-related software could be installed, and sudo access was not granted; only normal user privileges were available. Additionally, there were antivirus and endpoint security solutions in place.

While it was relatively easy to bypass software installation restrictions at the application level (I will write another article on how to install apps on a MacBook without administrator privileges), the first step in transforming the MacBook into a security pentesting tool was to obtain some terminal tools. Since I did not have kernel-level sudo privileges to install VirtualBox and run my Kali Linux, I considered Homebrew as an alternative. Homebrew offers a collection of pentest tools that work just as effectively as Kali Linux.

GitHub - sidaf/homebrew-pentest: Homebrew Tap - Pen Test Tools

However, the challenge was installing Homebrew without sudo privileges. After conducting some research, I discovered that we can set up the Homebrew package manager by cloning its repository, creating the necessary directories, and modifying the configuration file to ensure Homebrew and its packages can be accessed and executed correctly.

cd ~

git clone https://github.com/Homebrew/brew homebrew

mkdir ~/usr/local

# installed packaged directory

echo “export HOMEBREW_PREFIX=~/usr/local” >> ~/.zshrc

echo “export PATH=$PATH:~/homebrew/bin:HOMEBREW_PREFIX/bin” >> ~/.zshrc

1. cd ~: This command changes the current directory to the user’s home directory. The tilde symbol (~) represents the home directory shortcut.
2. git clone https://github.com/Homebrew/brew homebrew: This command uses the Git version control system to clone the Homebrew repository from the specified URL. It creates a local copy of the repository in a directory named “homebrew” within the current directory.
3. mkdir ~/usr/local: This command creates a new directory named “local” within the “usr” directory, which is in the user’s home directory. It’s a common practice to use ~/usr/local as the installation directory for packages managed by Homebrew.
4. echo “export HOMEBREW_PREFIX=~/usr/local” >> ~/.zshrc: This command appends the text export HOMEBREW_PREFIX=~/usr/local to the end of the ~/.zshrc file. The ~/.zshrc file is a configuration file for the Zsh shell, and this line sets an environment variable HOMEBREW_PREFIX to the path ~/usr/local.
5. echo “export PATH=$PATH:~/homebrew/bin:HOMEBREW_PREFIX/bin” >> ~/.zshrc: This command appends the text export PATH=$PATH:~/homebrew/bin:HOMEBREW_PREFIX/bin to the ~/.zshrc file. It modifies the PATH environment variable to include ~/homebrew/bin and HOMEBREW_PREFIX/bin directories. By adding these directories to the PATH, the shell will search for executables in these locations when you type a command.

Restart the terminal, we successfully installed the homebrew without sudo