marco-lancini
commented
6 years ago Can you SSH into the device manually? (without using needle)
Closed mehadhe closed 6 years ago
marco-lancini
commented
6 years ago Can you SSH into the device manually? (without using needle)
mehadhe
commented
6 years ago Yep. I can able to SSH into the device manually. But, Through needle it's not working out. And now, paramiko.transport warning occurs with no connection. Struggling to resolve for the past 2 days.
On Thu, Jul 26, 2018, 10:09 PM Marco Lancini notifications@github.com wrote:
Can you SSH into the device manually? (without using needle)
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/mwrlabs/needle/issues/257#issuecomment-408159135, or mute the thread https://github.com/notifications/unsubscribe-auth/AEoqLkF2pWUZElKR_JA--0foEtD2W2eqks5uKfDIgaJpZM4VhdNv .
Yogehi
commented
6 years ago @mehadhe weird question, but is your device set so the screen doesn't turn off automatically? the screen needs to be on while needle is running
mehadhe
commented
6 years ago Yes. I'm cautious that the needle agent app to be in foreground to observe the response.
On Thu, Jul 26, 2018, 11:15 PM Ken Gannon notifications@github.com wrote:
@mehadhe https://github.com/mehadhe weird question, but is your device set so the screen doesn't turn off automatically? the screen needs to be on while needle is running
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/mwrlabs/needle/issues/257#issuecomment-408178556, or mute the thread https://github.com/notifications/unsubscribe-auth/AEoqLlHofbL9ONpsnN2hXP8iLMQxbPYDks5uKgBVgaJpZM4VhdNv .
Yogehi
commented
6 years ago can you post the full terminal log? i know you set "debug true" but i want to see the exact commands needle is running, which means i need to see the full terminal log
marco-lancini
commented
6 years ago @bshieh: from your error (#260) I can see:
connection refused
Are you sure you disconnected every other connection before trying to connect with needle?
bshieh
commented
6 years ago @marco-lancini Yes, I tried rebooting my macbook to be sure. Something to note is that when I used "shell" in Needle, it worked only the very first time I ran it. All subsequent attempts failed with the same error message as when running a module.
mehadhe
commented
6 years ago @Yogehi , PFA the screenshots for your reference. Hope this helps...
Yogehi
commented
6 years ago can you run ps ax | grep needle in another terminal while running needle?
the application definitely thinks there is already a connection to the device before attempting to run the module.
another option: i see that you're running osx. could you try sudo -H python ./needle.py and see if that works, but also do NOT run iproxy 2222 22 or whatever you are running that sets up the port forwarding.
if you run needle with sudo, it should automatically setup a port forward for you.
my logs below showing this:
Yays-Mac:needle yayusernameyay$ system_profiler SPSoftwareDataType | grep System
System Software Overview:
System Version: macOS 10.13.6 (17G65)
System Integrity Protection: Enabled
Yays-Mac:needle yayusernameyay$ sudo -H python ./needle.py
__ _ _______ _______ ______ _______
| \ | |______ |______ | \ | |______
| \_| |______ |______ |_____/ |_____ |______
Needle v1.3.2 [mwr.to/needle]
[MWR InfoSecurity (@MWRLabs) - Marco Lancini (@LanciniMarco)]
[needle] > set debug true
DEBUG => true
[needle] > use binary/info/metadata
[needle][metadata] > run
[D] Setup local output folder: /var/root/.needle/output
[?] Attention! The folder chosen to store local output is not empty: /var/root/.needle/output
[?] Do you want to back it up first?
[?] Y: the content will be archived in a different location, then the folder will be emptied
[?] N: no action will be taken (destination files might be overwritten in case of filename clash)
[y/n]: n
[D] Setting up issues database...
[D] [DB] QUERY: CREATE TABLE IF NOT EXISTS issues (app TEXT, module TEXT, name TEXT, content TEXT, confidence TEXT, outfile TEXT)
[*] Checking connection with device...
[V] Connection not present, creating a new instance
[D] Setting up USB port forwarding on port 2222
[D] [LOCAL CMD] Local Subprocess Command: /Users/yayusernameyay/Desktop/programs/needle/needle/libs/usbmuxd/tcprelay.py -t 22:2222
[D] [AGENT] Setting up port forwarding on port 4444
[V] [AGENT] Connecting to agent (127.0.0.1:4444)...
[+] [AGENT] Successfully connected to agent (127.0.0.1:4444)...
[D] [AGENT] Executing command: os_version
[V] [SSH] Connecting (127.0.0.1:2222)...
[+] [SSH] Connected (127.0.0.1:2222)
[D] Creating temp folder: /var/root/needle/
[D] [REMOTE CMD] Remote Command: if [ -d /var/root/needle/ ]; then echo "yes"; else echo "no" ; fi
[D] [REMOTE CMD] Remote Command: mkdir /var/root/needle/
[D] [AGENT] Executing command: os_version
[*] Target app not selected. Launching wizard...
[D] [AGENT] Executing command: list_apps
[+] Apps found:
[>][QUESTION] Please select a number: The device I used in the above log was running OS 11.3.1 with electra jailbreak
mehadhe
commented
6 years ago @Ken,
Hope you've seen my screenshots. FYI, I'm sure that I didn't make any secondary connection using iproxy or whatever. Today, I've observed something new by connecting the device using cable and modified the config.txt file including the options below
Agent port: 4444 IP: 127.0.0.1 Port: 2222
Suddenly, it's worked. It didn't disconnected from then. But, I'm not sure whether the issue resolved or connected occasionally. Let me try connecting few more times and let u know by Monday.
Thanks considering the issues and responding back.
On Fri, Jul 27, 2018, 7:21 PM Ken Gannon notifications@github.com wrote:
can you run ps ax | grep needle in another terminal while running needle?
the application definitely thinks there is already a connection to the device before attempting to run the module.
another option: i see that you're running osx. could you try sudo -H python ./needle.py and see if that works, but also do NOT run iproxy 2222 22 or whatever you are running that sets up the port forwarding.
if you run needle with sudo, it should automatically setup a port forward for you.
my logs below showing this:
Yays-Mac:needle yayusernameyay$ system_profiler SPSoftwareDataType | grep System System Software Overview: System Version: macOS 10.13.6 (17G65) System Integrity Protection: Enabled Yays-Mac:needle yayusernameyay$ sudo -H python ./needle.py
__ _ _______ _______ ______ _______ | \ | |______ |______ | \ | |______ | \_| |______ |______ |_____/ |_____ |______ Needle v1.3.2 [mwr.to/needle][MWR InfoSecurity (@MWRLabs) - Marco Lancini (@LanciniMarco)]
[needle] > set debug true DEBUG => true [needle] > use binary/info/metadata [needle][metadata] > run [D] Setup local output folder: /var/root/.needle/output [?] Attention! The folder chosen to store local output is not empty: /var/root/.needle/output [?] Do you want to back it up first? [?] Y: the content will be archived in a different location, then the folder will be emptied [?] N: no action will be taken (destination files might be overwritten in case of filename clash)
[D] Setting up issues database... [D] [DB] QUERY: CREATE TABLE IF NOT EXISTS issues (app TEXT, module TEXT, name TEXT, content TEXT, confidence TEXT, outfile TEXT) [] Checking connection with device... [V] Connection not present, creating a new instance [D] Setting up USB port forwarding on port 2222 [D] [LOCAL CMD] Local Subprocess Command: /Users/yayusernameyay/Desktop/programs/needle/needle/libs/usbmuxd/tcprelay.py -t 22:2222 [D] [AGENT] Setting up port forwarding on port 4444 [V] [AGENT] Connecting to agent (127.0.0.1:4444)... [+] [AGENT] Successfully connected to agent (127.0.0.1:4444)... [D] [AGENT] Executing command: os_version [V] [SSH] Connecting (127.0.0.1:2222)... [+] [SSH] Connected (127.0.0.1:2222) [D] Creating temp folder: /var/root/needle/ [D] [REMOTE CMD] Remote Command: if [ -d /var/root/needle/ ]; then echo "yes"; else echo "no" ; fi [D] [REMOTE CMD] Remote Command: mkdir /var/root/needle/ [D] [AGENT] Executing command: os_version [] Target app not selected. Launching wizard... [D] [AGENT] Executing command: list_apps [+] Apps found: [>][QUESTION] Please select a number:
The device I used in the above log was running OS 11.3.1 with electra jailbreak
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/mwrlabs/needle/issues/257#issuecomment-408424644, or mute the thread https://github.com/notifications/unsubscribe-auth/AEoqLlAGeY_ADNEYL64BalOBZp6VVRF0ks5uKxrLgaJpZM4VhdNv .
marco-lancini
commented
6 years ago @mehadhe: were you trying to connect over WiFi before?
mehadhe
commented
6 years ago @Marco, nope sir. I've tried both wifi as well as with USB. Issues might be from setting options.
On Fri, Jul 27, 2018, 10:32 PM Marco Lancini notifications@github.com wrote:
@mehadhe https://github.com/mehadhe: where you trying to connect over WiFi before?
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/mwrlabs/needle/issues/257#issuecomment-408479595, or mute the thread https://github.com/notifications/unsubscribe-auth/AEoqLkZdSSePXbm29hcrme90U-cv7Lh0ks5uK0epgaJpZM4VhdNv .
marco-lancini
commented
6 years ago In the screenshot above you obscured the IP setting. Are you able to share the full config (unobfuscated)?
bshieh
commented
6 years ago @Yogehi I tried running ps ax | grep needle in another terminal while running needle and got this output:
User-MacBook-Pro:~ username$ ps ax | grep needle
715 s001 S+ 0:00.04 sudo -H python needle.py
716 s001 S+ 0:00.54 /usr/local/Cellar/python/2.7.12_2/Frameworks/Python.framework/Versions/2.7/Resources/Python.app/Contents/MacOS/Python needle.py
719 s002 S+ 0:00.00 grep needleI have actually been running needle with sudo -H python needle.py. I tried unloading the com.usbmux.iproxy.plist file with launchctl unload ~/Library/LaunchAgents/com.usbmux.iproxy.plist which enables me to SSH over USB, and got the same error as before
2018-07-27 11:19:35,181| ERROR | Could not open connection to gateway
[!] Problem establishing connection: BaseSSHTunnelForwarderError -
[!] BaseSSHTunnelForwarderError: Could not establish session to SSH gateway@Yogehi, The connection establishment problem resolved by connecting the device via USB cable and configured the file as below.
set AGENT_PORT 4444
set APP
set DEBUG True
set HIDE_SYSTEM_APPS False
set IP 127.0.0.1
set PORT 2222
set OUTPUT_FOLDER /Users/mehadhe_sameer/needle/needle/output
set PASSWORD my_password
set SKIP_OUTPUT_FOLDER_CHECK True
set USERNAME root
set VERBOSE True
Issue
Expected behaviour
Successful connection Going forward, We will test the application without any hurdle.
Actual behaviour
SSH keeps on disconnecting... Initial setup itself not working which prevents executing the modules on needle.
Steps to reproduce
needle error logs
Ensure verbose and debug mode are enabled:
Environment
Needle Version
Workstation Operating System
macOS High Sierra 10.13.5
Python Version
Python 2.7.15
Python Packages (
pip freeze)asn1crypto==0.24.0 bcrypt==3.1.4 cffi==1.11.5 colorama==0.3.9 cryptography==2.3 Django==1.11.13 EditorConfig==0.12.2 enum34==1.1.6 frida==12.0.5 frida-tools==1.1.0 idna==2.7 ipaddress==1.0.22 jsbeautifier==1.8.0rc2 paramiko==2.4.1 prompt-toolkit==1.0.15 pyasn1==0.4.3 pycparser==2.18 Pygments==2.2.0 PyNaCl==1.2.1 pytz==2018.4 six==1.11.0 sshtunnel==0.1.4 wcwidth==0.1.7
Device iOS Version
11.2.2 Electra Jailbreak