Skip to content

userlandkernel/wksploit-framework

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
DOCS
DOCS
 
 
assets
assets
 
 
modules
modules
 
 
payloads
payloads
 
 
unittests
unittests
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
RULES.md
RULES.md
 
 
SUPPORT.md
SUPPORT.md
 
 
apple-touch-icon.png
apple-touch-icon.png
 
 
apple-touch-icon.svg
apple-touch-icon.svg
 
 
denial.html
denial.html
 
 
index.html
index.html
 
 
modular.js
modular.js
 
 
serve.py
serve.py
 
 
style.css
style.css
 
 
testmacho
testmacho
 
 

Repository files navigation

Jailbreak Me 13.37

A webbased jailbreak solution unifying existing jailbreak me solutions and new ones.

Created by Sem Voigtländer

Please read RULES.md as well

Support

  • 8.4.1 & 9.3 up to 9.3.3 & 11.3.1 & 12.0 - 12.0.1 (64-bit)
  • 3.1.2 up to 4.0.1 & 8.4.1 and 9.1 up to 9.3.4 (32-bit)

Read more: https://github.com/MTJailed/jailbreakme/blob/master/SUPPORT.md

How it works

Using ModularJS various modules are loaded at runtime.

These modules can be divided into the following stages:

1. Identification

  • Uses an information leakage (not vulnerability) in WebGL to detect the GPU of the victim device
  • Uses the browser agent to define what browser and firmware to exploit
  • Uses size and resolution constraints to detect the specific victim device
  • Uses various debugging information about the hardware environment using window.performance or window.navigator
  • Uses benchmarking algorithms and hashing to identify and track the victim device.

2. Eligibility

  • Using the identification information the victim is checked against various constraints, such as whether the victim is a mobile device or a desktop.

3. Strategy selection

  • Based on the eligibility constraints and identity the exploit strategy will be selected for the victim device and loaded.

4. Payload retrieval

  • The strategy will load the payload(s) for the victim device, on iOS this can be for example Cydia, on desktops for example a remote administration tool.
  • The payload is aligned so it can be used later when the exploit has created an executable region.

5. Exploitation

  • The exploit is started and carefully sets up read/write primitives in the browser memory.
  • Once r/w is gained an executable region is created and the payload is aligned / copied into it.
  • The exploit jumps to the shellcode and starts executing it

6. Post-Exploitation

  • Various tools and capabilities could be setup after successful completion of the exploit, such as a telnet client to gain a shell on the victim from the browser.

Credits

About

Webkit Browser Exploitation Framework written in Javascript

Topics

javascript framework browser webkit exploitation offensive-security browser-exploitation

Resources

Readme

License

View license
Activity

Stars

9 stars

Watchers

3 watching

Forks

3 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages