Shell bind TCP for iOS
At a high level, there could be two types of shell access on the target device. One is a bind shell, where we will run shell on the target device and connect to it. Second is a reverse shell, where we will run shell on the base system to which the target will connect back. You will learn both ways to obtain shell.
Let's follow the given steps to create a bind TCP shell:
You can check all Metasploit payloads available for
osx/armle
. You can use the commandmsfvenom –l
to list all payloads:Select the
shell_bind_tcp
payload available forosx/armle
:Now, connect your iDevice using SFTP and transfer the payload file to the
tmp
directory:Now, perform SSH login into iDevice and sign the payload, using the ldid utility. You can download ldid from Cydia if you have not installed it yet:
Now from Kali Linux, start
multi/handler
and connect to victim and you will notice the command shell open on the target system. You can confirm it by running any Linux command such asps
,pwd
, and...