android.md and ios.md modified.

Author: lvergergsk

mobile/android.md

@@ -1,3 +1,43 @@
-# Place Holder
+## Using meterpreter:
+#### Meterpreter shell useful commands for android post-exploitation
+| Commands        | Functionality                                                                                                                                                                                                                   |
+|:--------------- |:------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| `webcam_chat`   | This module allows streaming a webcam from a privileged Firefox Javascript shell.                                                                                                                                               |
+| `webcam_list`   | The ‘webcam_list‘ command when run from the Meterpreter shell, will display currently available web cams on the target host.                                                                                                    |
+| `webcam_snap`   | The ‘webcam_snap’ command grabs a picture from a connected web cam on the target system, and saves it to disc as a JPEG image. By default, the save location is the local current working directory with a randomized filename. |
+| `webcam_stream` | The webcam_stream command basically uses the webcam_snap command repeatedly to create the streaming effect. There is no sound.                                                                                                  |
+| `dump_calllog`  | The dump_calllog command retrieves the call log from the Android device.                                                                                                                                                        |
+| `dump_contacts` | The dump_contacts command allows you to retrieve contacts information form the android device.                                                                                                                                  |
+| `dump_sms`      | The dump_sms command allows you to retrieve SMS messages. And save them as a text file.                                                                                                                                         |
+| `geolocate`     | The geolocate commands allows you to locate the phone by retrieving the current lat-long using geolocation.                                                                                                                     |
+| `check_root`    | The check_root command detects whether your payload is running as root or not.                                                                                                                                                  |
+| `upload`        | The upload command allows you to upload a file to the remote target. The -r option allows you to do so recursively.                                                                                                             |
+| `download`      | The download command allows you to download a file from the remote target. The -r option allows you to do so recursively.                                                                                                       |
+| `shell`         | The shell command allows you to interact with a shell.                                                                                                                                                                          |
+| `sysinfo`       | The sysinfo command shows you basic information about the Android device.                                                                                                                                                       |
+| `record_mic`    | The record_mic command records audio. Good for listening to a phone conversation, as well as other uses.                                                                                                                        |
+| `send_sms`      | The send_sms command allows you to send an SMS message. Keep in mind the phone will keep a copy of it, too.                                                                                                                                                                                                                                |
 
-Content coming. Feel free to submit ;-)
+#### Way to change password of services.
+You can recover password for some services (like gmail, twitter and facebook) by receiving SMS message.
+First, click "forgot password" and select SMS options. Then use the command `dump_sms` and you will have
+verification code. Insert the code and change the password.
+
+
+
+## Other post-exploitation tools
+- Pupy: https://github.com/n1nj4sec/pupy
+- TheFatRat: https://github.com/Screetsec/TheFatRat
+
+
+# Refernce:
+### android shell command:
+- https://github.com/jackpal/Android-Terminal-Emulator/wiki/Android-Shell-Command-Reference
+- https://docs.google.com/document/d/1XaCCyAf46_gQYUIWHyRSCQue6d-TzJmKOZ1z1cpl1sI/edit
+- https://android.stackexchange.com/questions/11052/what-useful-android-shell-commands-do-you-know
+- https://github.com/rapid7/metasploit-framework/blob/master/documentation/modules/payload/android/meterpreter/reverse_tcp.md
+- https://null-byte.wonderhowto.com/how-to/hack-android-using-kali-remotely-0160161/
+- http://ddosdipdye.weebly.com/blog/big-android-hacking-article
+- http://www.hackingarticles.in/hack-call-logs-sms-camera-remote-android-phone-using-metasploit/
+- https://android.stackexchange.com/questions/60906/terminal-on-real-android-device-from-pc
+- https://github.com/n1nj4sec/pupy

mobile/ios.md

@@ -1,3 +1,29 @@
-# Place Holder
+# Tools
+### iRET
 
-Content coming. Feel free to submit ;-)
+iRET is a set of tools that allows you to automate many of the manual tasks an iOS penetration tester would need to perform in order to analyze and reverse engineer iOS applications. And the bonus is...this can all be performed right on the device.
+
+Refer to:
+- https://www.veracode.com/iret-ios-reverse-engineering-toolkit-veracode
+- https://n0where.net/ios-macos-remote-administration-tool-eggshell/
+
+Download:
+- https://www.veracode.com/sites/default/files/Resources/Tools/iRETTool.zip
+
+### Egg shell
+
+EggShell is an iOS and macOS post exploitation surveillance pentest tool written in Python. This tool creates 1 line multi stage payloads that give you a command line session with extra functionality. EggShell gives you the power and convenience of uploading/downloading files, taking pictures, location tracking, shell command execution, persistence, escalating privileges, password retrieval, and much more. Server communication features end to end encryption with 128 bit AES and the ability to handle multiple clients. This is a proof of concept pentest tool, intended for use on machines you own.
+
+Refer to:
+- https://github.com/neoneggplant/EggShell
+
+### Bella
+
+Bella is a pure python post-exploitation data mining tool & remote administration tool for macOS.
+
+Refer to:
+- https://github.com/Trietptm-on-Security/Bella
+
+# Reference
+- http://www.blackhat.com/presentations/bh-usa-09/IOZZO/BHUSA09-Iozzo-iPhoneMeterpreter-SLIDES.pdf
+- http://www.securitylearn.net/2012/09/09/metasploit-post-exploitation-scripts-to-steal-ios-5-backups/

osx/persistance.md

@@ -1,3 +1,6 @@
-# Place Holder
+# Tools
+## EggShell
 
-Content coming. Feel free to submit ;-)
+
+#### Refer to:
+https://github.com/neoneggplant/EggShell