Neoneeggplant/Eggshell

[evan797]

Does this still work on the current IOS 15 ?

[acheong08]

No

[DarkRavenJ]

New topic. Sorry this is my first time posting. When one has completed all the testing and research that is necessary, how does the app/program get uninstalled? Does it have to be removed wuth the same compiler that was used to deploy the app?

[acheong08]

Depends on how you're deploying the shell. If using bash, it creates a file at /tmp/espl which is deleted on exit

[DarkRavenJ]

Ok. That gives me a direction. Let's try this scenario. Person a has iPhone. Person b is the S.O. Of person a. B has hidden agenda and is trying to discredit a's reputation. The app is deployed with the forethought this would. E a repeated search and rescue mission. Would there be constant channel of sorts that would remain available? Also how would the device for person a know that it was intact person b connecting and not just random user a who stumbled upon the opening by accident? Is there any authentication needed for such access? I am sorry if my questions are juvenile. I'm just trying to get a clear understanding. Thanks in advance.

[acheong08]

First of all, stop daydreaming. Second, this tool creates a reverse shell, meaning that the compromised device attempts to connect back to the attacker rather than the other way around. Unless the IP address used by the attacker is compromised, the backdoor cannot be used by another user. Of course, a reverse shell creates the issue of traceability: The IP address of the attacker is known to the victim if investigated.

[acheong08]

Person a has iPhone

Keep in mind that this repository has been abandoned and no longer works iPhones

[DarkRavenJ]

Your help and input has been much appreciated. I have to be able to wrap my mind around circumstances prior to posting them to my grey matter storage system. Lol. Have a great day. ~Jenn

[enty8080]

@acheong08 #149

[acheong08]

@enty8080 Very cool. I unfortunately updated IOS to 17.0.1+ in which the CoreTrust exploit has been patched. Limited functionality still works with something like AltStore.

[enty8080]

@acheong08 It's a shame you're on 17.0.1, but in any case I'll continue to update SeaShell as long as new vulnerabilities appear so you can use it in the future.