search

EntySec / SeaShell

SeaShell Framework is an iOS post-exploitation framework that enables you to access the device remotely, control it and extract sensitive information.
https://theapplewiki.com/wiki/SeaShell
MIT License
364 stars 48 forks source link

Download/Upload Functions #36

Closed havok87 closed 2 months ago

havok87 commented 2 months ago

Describe the bug Unable to download a remote file from attacker system onto device. Unable to upload a local file to remote attacker system.

To Reproduce Download Issue Steps to reproduce the behavior:

  1. Establish C2 connection
  2. Browse to /private/var/tmp on the iOS device
  3. issue command 'download /path/to/remote/file /private/var/tmp'
  4. See error 'downloadIssue1.png' and 'downloadIssue2.png' downloadIssue1 downloadIssue2

To Reproduce Upload Issue Steps to reproduce the behavior:

  1. Establish C2 connection
  2. Browse to /private/var/tmp on the iOS device
  3. issue command 'upload /private/var/tmp/journeys/ /Users/dre/Tools/SeaShell/'
  4. See error 'uploadIssue1.png' and 'uploadIssue2.png' uploadIssue1 uploadIssue2

Expected behavior The specified file on the remote attacker system should be downloaded into directory specified. The specified file on the local system should be uploaded into directory specified on the remote attacker system.

Screenshots downloadIssue1.png downloadIssue2.png uploadIssue1.png uploadIssue2.png

Desktop (please complete the following information):

Smartphone (please complete the following information):

enty8080 commented 2 months ago

@havok87 You are passing wrong arguments to download and upload commands, it should be:

download <remote_file> <local_path>
upload <local_file> <remote_path>

NOTE: remote_file means file on the device and local_path is the path on your PC

So, in your situation:

download /private/var/tmp/test /Users/dre/Tools/SeaShell/screencapture