Rip 'em Out!

Installing IPA without using any fancy tools, in this case we just using scp and uicache command! To do it; 1. Extract IPA file with 7zip or using whatever archiver tool 2. CD into extracted folder 3. scp .app into your jailbroken device; scp -r iOS_App_File.app [email protected]:~ 4. ssh into jailbroken device, and move .app file folder into /Applications folder; ssh [email protected] su mv  iOS_App_File.app/ /Applications 5. Next we set our file to executable permission; cd /Applications chmod +x iOS_App_File.app 6. Final step, exit current ssh interpreter session, and run uicache command

Why dumpcap ? Because it is light and more importantly its CLI (Command Line Interface). With that we can leverage on and write some automated python, bash or related scripts to automated our work. In my case, I wanted to capture all the packets and dump it into separate file with size of 50MB and continuously capture for a certain time period e.g 9:00 till 17:00 (wherever you wanted to) $ dumpcap -i 1 -b filesize:10 -w demo.pcapng //Command above will dump all packets separately into 10kb size into filename of demo.pcapng P/S: -i = interface you wish to capture from (you might wanna run tshark with -D options first) Anyhow if you stuck, don't forget to read user manual. Cheers!

From my previous post, we already have done capturing all wireless probe network perimeters via Kismet. As for our reference and preliminary analysis purpose, all those information can be export into one single file (.kml) and using Google Earth application to browse and view. To do that we can use  giskismet  which is already installed on the Kali Linux distribution. Simply type this command: giskismet -x <FILE.netxml> -q "select * from wireless" -o output.kml Once the file is exported simply open it with Google Earth. Reference:  https://tools.kali.org/wireless-attacks/giskismet

While doing a iOS Security Testing, I wondered how do we convert .app into .ipa. So basically here are the structure of .ipa files. 1. First, SSH in your iPhone (Jailbroken). 2. Download the .app folder via scp  3. Copy the .app folder into a folder called Payload. 4. Compress it with .zip extension using any compression software. 5. Change the extension from file.zip to file.ipa. That’s it. Now you can use these .ipa files to install the app into your iPhone.

Quick note about MSF EXITFUNC. So what is EXITFUNC? EXITFUNC option is set to 'thread' by default, and it works fine in most cases, so we don't usually look into it much. But in some situations specifying a different EXITFUNC is necessary so that you can have a clean exit from the exploited box. There are 3 different values for EXITFUNC: THREAD: This method is used in most exploitation scenarios where the exploited process (e.g. IE) runs the shellcode in a sub-thread and exiting this thread results in a working application/system (clean exit) PROCESS: This method should be used with multi/handler. This method should also be used with any exploit where a master process restarts it on exit. SEH: This method should be used when there is a structured exception handler (SEH) that will restart the thread or process automatically when an error occurs. Might be useful when we wanted to generate a payload with MSFVENOM.

I make this configuration file which to be copy later into the settings. Make sure download these two repos: dirsearch Seclists   ==Start copy here== [general] threads = 30 follow-redirects = True #exclude-status = 200,301 #recursive = False #scanner-fail-path = InvalidPath123123 save-logs-home = True [reports] autosave-report = True autosave-report-format = html [dictionary] #wordlist = test.dicc ###PHP-FUZZ### #wordlist = /path/to/SecLists/Discovery/Web-Content/PHP.fuzz.txt ###BACKUP&DB### #wordlists = /path/to/SecLists/Discovery/Web-Content/Common-DB-Backups.txt #wordlist = /path/to/SecLists/Discovery/Web-Content/CommonBackdoors-PHP.fuzz.txt ###FILES## #wordlist = /path/to/SecLists/Discovery/Web-Content/raft-small-files.txt #wordlist = /path/to/SecLists/Discovery/Web-Content/raft-medium-files.txt #wordlist = /path/to/SecLists/Discovery/Web-Content/raft-large-files.txt ###DIRECTORIES### #wordlist = /path/to/SecLists/Discovery/Web-Content/ra...