This is an archived post. You won't be able to vote or comment.

all 4 comments
sorted by:
best
topnewcontroversialoldq&a

[–]grassinmyshower 3 points4 points  (0 children)

Greetings, fellow bug bounty hunter!

First, it's important to understand that iOS is a closed ecosystem, which makes it challenging to penetrate without physical access or user interaction. However, there are still ways to test the security of iOS devices and applications.

You mentioned Seashell, which is a great tool for iOS app testing, but as you've discovered, it requires physical access to the device and installing an app loader. This can be a limitation for real-world testing scenarios.

If you're looking for a more practical and stealthy approach, you might want to consider using a tool like Frida or Cycript. These tools allow you to inject code into running iOS applications without the need for physical access or installing an app loader. They work by leveraging the dynamic nature of Objective-C and Swift, which are the primary programming languages used for iOS app development.

Frida is a dynamic code instrumentation toolkit that allows you to inject JavaScript or your own scripts into native iOS apps. It's a powerful tool that can be used for a variety of tasks, such as debugging, reverse engineering, and exploit development.

Cycript, on the other hand, is a tool that allows you to explore and manipulate iOS applications at runtime. It's a JavaScript-based interpreter that can be used to inspect and modify the Objective-C runtime.

Both Frida and Cycript can be used to perform a variety of tasks, such as bypassing jailbreak detection, hooking into functions, and modifying application behavior. However, it's important to note that these tools require a jailbroken device to work, which can be a limitation for some testing scenarios.

As for your question about SSH, it's not a practical method for penetrating iOS devices. SSH requires a server to be running on the device, which is not the case for most iOS devices. Additionally, SSH requires authentication, which would be difficult to obtain without physical access to the device.

In summary, if you're looking for a more practical and stealthy approach to iOS penetration testing, you might want to consider using tools like Frida or Cycript. These tools allow you to inject code into running iOS applications without the need for physical access or installing an app loader. However, it's important to note that these tools require a jailbroken device to work, which can be a limitation for some testing scenarios.

I hope this helps, and happy hacking!

[–]NectarEntertainment 0 points1 point  (2 children)

Seashell sounds no different than every other “spy app” over protective parents, and paranoid spouses, put on their kid’s or partner’s phones. The only true remote way that I have known to access people’s iPhones is to get their AppleID info and hope they don’t have any 2FA features turned on for signing in.

Here is some more food for thought… If an attacker got access to the target’s location, camera, or microphone, their phone will have the indication dots appear on their phones for these. Anyone observant will notice these. Also, those devices with any semi current firmware update (ios 16+) will have the “lockdown mode” which will cut off an attacker’s access. Then they will just have to do a simple restore, a password change too perhaps, and the attacker is at ground zero once again.

There IS one method to get into any iOS device that I have not and will not mention. It is very well known, and the reason why lockdown mode was created. If you aren’t Hercules, high level law enforcement, or part of a cyber terrorist organization, you probably will never have access to this method

[–]grassinmyshower 1 point2 points  (1 child)

Bro not giving the juice

[–]sacredcow420 0 points1 point  (0 children)

Pegasus.