Giters

EntySec / SeaShell

SeaShell Framework is an iOS post-exploitation framework that enables you to access the device remotely, control it and extract sensitive information.

Home Page:https://theapplewiki.com/wiki/SeaShell

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Download/Upload Functions

havok87 opened this issue · comments

commented

Describe the bug
Unable to download a remote file from attacker system onto device.
Unable to upload a local file to remote attacker system.

To Reproduce Download Issue
Steps to reproduce the behavior:

  1. Establish C2 connection
  2. Browse to /private/var/tmp on the iOS device
  3. issue command 'download /path/to/remote/file /private/var/tmp'
  4. See error 'downloadIssue1.png' and 'downloadIssue2.png'
downloadIssue1 downloadIssue2

To Reproduce Upload Issue
Steps to reproduce the behavior:

  1. Establish C2 connection
  2. Browse to /private/var/tmp on the iOS device
  3. issue command 'upload /private/var/tmp/journeys/ /Users/dre/Tools/SeaShell/'
  4. See error 'uploadIssue1.png' and 'uploadIssue2.png'
uploadIssue1 uploadIssue2

Expected behavior
The specified file on the remote attacker system should be downloaded into directory specified.
The specified file on the local system should be uploaded into directory specified on the remote attacker system.

Screenshots
downloadIssue1.png
downloadIssue2.png
uploadIssue1.png
uploadIssue2.png

Desktop (please complete the following information):

  • OS: macOS 14.4.1
  • M1 Max

Smartphone (please complete the following information):

  • Device: iPhone 13 pro
  • OS: iOS 16.6.1
commented

@havok87 You are passing wrong arguments to download and upload commands, it should be:

download <remote_file> <local_path>
upload <local_file> <remote_path>

NOTE: remote_file means file on the device and local_path is the path on your PC

So, in your situation:

download /private/var/tmp/test /Users/dre/Tools/SeaShell/screencapture