In the last section, we opened shell on the victim's iDevice, to which we had connected from the base system (Kali Linux). Now, we will open a victim's shell on our base system to which victim will connect back using the reverse_bind_shell
payload. This is mainly required when target connections are behind the firewall and do not allow inbound connections. Here, we will make the outbound connection from the target iDevice to our base system.
Let's follow the given steps to create a reverse bind shell of iOS
Check the IP of the base system. You can use the
ifconfig
command to find out the IP address of the base system:Let's create the
shell_reverse_tcp
payload with the base system's IP address:Now, transfer this payload to the
tmp
directory of iDevice using SFTP:Perform SSH login into iDevice and sign the payload using
ldid
:Now, start the multi handler using
shell_reverse_tcp
:You will notice that the command shell is opened with the victim's iDevice access. You can confirm it by typing any Linux command—for example,
pwd
: