F5F Stay Refreshed Software Operating Systems File formats available for Apple iOS...

File formats available for Apple iOS...

File formats available for Apple iOS...

K
kastorxx
Member
Find
50
10-01-2016, 03:41 AM
#1
Hey there! I tried to figure out how to include a Machos payload for iOS into different image formats like JGP, JPEG, or PNG. The issue is that fakeimageexploiter only supports certain readable formats (ps1, exe, bat, txt), and I’m not sure if those will work for binding a reverse TCP shell. I’m doing this for pen testing to help the team understand what’s happening, so I appreciate your guidance ahead of time!
Reply
Reply
K
kastorxx
10-01-2016, 03:41 AM #1

Hey there! I tried to figure out how to include a Machos payload for iOS into different image formats like JGP, JPEG, or PNG. The issue is that fakeimageexploiter only supports certain readable formats (ps1, exe, bat, txt), and I’m not sure if those will work for binding a reverse TCP shell. I’m doing this for pen testing to help the team understand what’s happening, so I appreciate your guidance ahead of time!

Reply
Reply
X
xXSuperNovaXx
Posting Freak
Find
811
10-01-2016, 08:52 AM
#2
It's likely the method varies across platforms. Reading a .txt file works on iOS, but functionality depends heavily on the environment.
Reply
Reply
X
xXSuperNovaXx
10-01-2016, 08:52 AM #2

It's likely the method varies across platforms. Reading a .txt file works on iOS, but functionality depends heavily on the environment.

Reply
Reply
S
Super_AapjexD
Posting Freak
Find
766
10-01-2016, 12:31 PM
#3
that works but the question remains, how do you include a machos file made with that payload into an image? it's because platforms differ, so you have options like windows/meterpreter/reverse_tcp and android/meterpreter/reverse_tcp. since it's not supported on iOS, there are no compatible extensions for that OS. just to note, i'm not using iOS.
Reply
Reply
S
Super_AapjexD
10-01-2016, 12:31 PM #3

that works but the question remains, how do you include a machos file made with that payload into an image? it's because platforms differ, so you have options like windows/meterpreter/reverse_tcp and android/meterpreter/reverse_tcp. since it's not supported on iOS, there are no compatible extensions for that OS. just to note, i'm not using iOS.

Reply
Reply
E
EeveeBoy64
Member
Find
171
10-01-2016, 01:08 PM
#4
It's focused on the material rather than the extension. If iOS isn't directly supported, targeting it through this method seems unlikely. Unless you're prepared to craft a custom payload yourself.
Reply
Reply
E
EeveeBoy64
10-01-2016, 01:08 PM #4

It's focused on the material rather than the extension. If iOS isn't directly supported, targeting it through this method seems unlikely. Unless you're prepared to craft a custom payload yourself.

Reply
Reply
1
18cooper
Junior Member
Find
10
10-01-2016, 03:41 PM
#5
The file will display the provided Python snippet. After decoding the base64 message, you'll see the script run successfully. It seems to be testing network communication using socket and struct modules. The code is written in Python and should work on iOS if executed properly.
Reply
Reply
1
18cooper
10-01-2016, 03:41 PM #5

The file will display the provided Python snippet. After decoding the base64 message, you'll see the script run successfully. It seems to be testing network communication using socket and struct modules. The code is written in Python and should work on iOS if executed properly.

Reply
Reply
U
umizou1393
Senior Member
Find
253
10-09-2016, 01:57 PM
#6
It doesn't.
Reply
Reply
U
umizou1393
10-09-2016, 01:57 PM #6

It doesn't.

Reply
Reply
H
hachinoss
Member
Find
71
10-15-2016, 07:23 PM
#7
No interpreter available for iOS. Install Termux emulator and then use apt install python3 to run Python code on your phone.
Reply
Reply
H
hachinoss
10-15-2016, 07:23 PM #7

No interpreter available for iOS. Install Termux emulator and then use apt install python3 to run Python code on your phone.

Reply
Reply
K
KawiianMili
Posting Freak
Find
786
11-03-2016, 08:05 PM
#8
This suggests a challenge in concealing the payload for iOS devices, making social engineering the primary method. It implies that if no interpreter is available, social engineering becomes essential. The issue with fakeimageexploiter not supporting Mach-O or IPA formats might stem from compatibility limitations or design choices, possibly due to file format restrictions or lack of support for those specific types.
Reply
Reply
K
KawiianMili
11-03-2016, 08:05 PM #8

This suggests a challenge in concealing the payload for iOS devices, making social engineering the primary method. It implies that if no interpreter is available, social engineering becomes essential. The issue with fakeimageexploiter not supporting Mach-O or IPA formats might stem from compatibility limitations or design choices, possibly due to file format restrictions or lack of support for those specific types.

Reply
Reply
C
CrzNoah
Member
Find
90
11-21-2016, 07:25 PM
#9
Python isn't the sole method available to target a system—it's merely the one supported by this tool. Even if you force the victim to use an interpreter that renders your Python code ineffective, smartphone apps remain isolated, making malicious actions via Python extremely rare. In any case, the code would need tailored adjustments. The file type isn't important; what truly counts is how the system interprets it.
Reply
Reply
C
CrzNoah
11-21-2016, 07:25 PM #9

Python isn't the sole method available to target a system—it's merely the one supported by this tool. Even if you force the victim to use an interpreter that renders your Python code ineffective, smartphone apps remain isolated, making malicious actions via Python extremely rare. In any case, the code would need tailored adjustments. The file type isn't important; what truly counts is how the system interprets it.

Reply
Reply
C
Cronos22
Junior Member
Find
23
11-21-2016, 08:25 PM
#10
got it Smile thnx
Reply
Reply
C
Cronos22
11-21-2016, 08:25 PM #10

got it Smile thnx

Reply
Reply