Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Neoneeggplant/Eggshell #144

Open
Hargues opened this issue Oct 5, 2021 · 11 comments
Open

Neoneeggplant/Eggshell #144

Hargues opened this issue Oct 5, 2021 · 11 comments

Comments

@Hargues
Copy link

Hargues commented Oct 5, 2021

No description provided.

@evan797
Copy link

evan797 commented Apr 2, 2022

Does this still work on the current IOS 15 ?

@acheong08
Copy link

No

@DarkRavenJ
Copy link

New topic. Sorry this is my first time posting. When one has completed all the testing and research that is necessary, how does the app/program get uninstalled? Does it have to be removed wuth the same compiler that was used to deploy the app?

@acheong08
Copy link

Depends on how you're deploying the shell. If using bash, it creates a file at /tmp/espl which is deleted on exit

@DarkRavenJ
Copy link

Ok. That gives me a direction. Let's try this scenario. Person a has iPhone. Person b is the S.O. Of person a. B has hidden agenda and is trying to discredit a's reputation. The app is deployed with the forethought this would. E a repeated search and rescue mission. Would there be constant channel of sorts that would remain available? Also how would the device for person a know that it was intact person b connecting and not just random user a who stumbled upon the opening by accident? Is there any authentication needed for such access? I am sorry if my questions are juvenile. I'm just trying to get a clear understanding. Thanks in advance.

@acheong08
Copy link

First of all, stop daydreaming. Second, this tool creates a reverse shell, meaning that the compromised device attempts to connect back to the attacker rather than the other way around. Unless the IP address used by the attacker is compromised, the backdoor cannot be used by another user. Of course, a reverse shell creates the issue of traceability: The IP address of the attacker is known to the victim if investigated.

@acheong08
Copy link

acheong08 commented Jul 9, 2022
edited
Loading

Person a has iPhone

Keep in mind that this repository has been abandoned and no longer works iPhones

@DarkRavenJ
Copy link

Your help and input has been much appreciated. I have to be able to wrap my mind around circumstances prior to posting them to my grey matter storage system. Lol. Have a great day. ~Jenn

@enty8080
Copy link

@acheong08 #149

@acheong08
Copy link

@enty8080 Very cool. I unfortunately updated IOS to 17.0.1+ in which the CoreTrust exploit has been patched. Limited functionality still works with something like AltStore.

@enty8080
Copy link

@acheong08 It's a shame you're on 17.0.1, but in any case I'll continue to update SeaShell as long as new vulnerabilities appear so you can use it in the future.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@acheong08 @enty8080 @evan797 @Hargues @DarkRavenJ