JesseIZ Posted December 25, 2013 Share Posted December 25, 2013 (edited) Hey! Tested on the iPhone 4 running Ios 7 jail broken by using evasion7 I wanted to talk about using a iDevice (ios 7)as a pen testing device . [ Noob Friendly ] First off , why should you use a iDevice as a pen testing device ? Its portable Not noticeable it looks cool :) its pretty fast IOS == Unix It can easily be used with the pineapple ;) Let's move on , so how do you make your iDevice into a pentesting device ? First you need jailbreak your iDevice (eg ; Evasion7) Open Cydia Adding repositories by going to "Manage" and then "Sources" and then "edit" and then "add" Then add all these repositories :: http://cydia.myrepospace.com/Boo/ http://ininjas.com/repo/ http://cydia.xsellize.com/ When that's done . click on "http://ininjas.com/repo/" and scroll down until you see "Metasploit" then click on "Metasploit" and then click on "edit" and then click on "Install" When that's done go back and scroll until you see "Aircrack-ng" and the click on it and install just like previous when thats done install Auto Reconnect , Mobile terminal ,beEF, CUPP, Dsniff Suite , dsniff-fr0g , Ettercap-ng GTk , Ettercap No GTK , Evil Grade ,iAHT, iPwN ,John the Ripper, Low Orbit Ion Cannon , NBTScan, Nikto2, Nmap , Pirni ,Ruby 1.8.6 , Searchsploit , SSLstrip , Wordlists , XSSer , xterm , IWep , SET (not the one thats called Social Engineering Toolkit but the one thats called SET!!) , OpenSSH ! , iSSH I know that are alot of tools and it will take you some time but when its done you have an awesome pentesting device ! When you Installed all those Tools open Mobile terminal or xterm and type "su" and fill in your password "standard password is :: alpine " then type cd /pentest and there are all your tools . Make sure you go to /pentest/exploits/SET/config and open the set_config and change the metasploit path to the path where metasploit is instaleld. If you need help setting up the other tools (should work fine) or if you have any problems feel free to leave them below . Enjoy your simple but powerful pen testing device ;) Merry Christmas! :) - Jesse Edited December 25, 2013 by JesseIZ Quote Link to comment Share on other sites More sharing options...
xrad Posted December 25, 2013 Share Posted December 25, 2013 I saw this yesterday and wondered about it. I'll check it out. Thanks for the extra Christmas present JesseIZ. Quote Link to comment Share on other sites More sharing options...
JesseIZ Posted December 25, 2013 Author Share Posted December 25, 2013 I saw this yesterday and wondered about it. I'll check it out. Thanks for the extra Christmas present JesseIZ. No problem ;) - Jesse Quote Link to comment Share on other sites More sharing options...
xrad Posted December 25, 2013 Share Posted December 25, 2013 (edited) Ouch, iPwn added sbsettings, went into safe mode.....No big deal though....this is an extra iPhone 4 I'm not using right now....guess I'll need to wait until Mobile Substrate gets updated....... I wonder if Saurik is working today ?.........lol This is cool though, were you able to get it all installed with no safe mode? I might just need to wait another day or so. I think its mobile substrate giving me problems. Think I will try it on my iPad 1, hmmmm...... Its only on 5.1.1....... Maybe all of it will install. Edited December 25, 2013 by xrad Quote Link to comment Share on other sites More sharing options...
JesseIZ Posted December 25, 2013 Author Share Posted December 25, 2013 (edited) Ouch, iPwn added sbsettings, went into safe mode.....No big deal though....this is an extra iPhone 4 I'm not using right now....guess I'll need to wait until Mobile Substrate gets updated....... I wonder if Saurik is working today ?.........lol This is cool though, were you able to get it all installed with no safe mode? I might just need to wait another day or so. I think its mobile substrate giving me problems. Think I will try it on my iPad 1, hmmmm...... Its only on 5.1.1....... Maybe all of it will install. hmm i installed everything with no safe mode . Let me know if it worked on your ipad 1 ;) - Jesse Edited December 25, 2013 by JesseIZ Quote Link to comment Share on other sites More sharing options...
xrad Posted December 25, 2013 Share Posted December 25, 2013 (edited) Hey Jessie, I tried on my iPad 5.1.2 and other iPhone 6.1.1.......... I'm sure it will work on a fresh install, but I have so much crap on those I don't have enough reserved "system" space for cydia, I have 10 gb of regular space but less than 10% left (maybe about 100mb) for system. I guess perl needs more space I got to nMap and get "failed in buffer_write(fd) (7, ret=-1)" or something like that. On this page it directed me to the error...... http://iphonejailbreakbugs.blogspot.com/ I'll do a fresh install on the first one, I will try to do nMap after metasploit. I was close on those though, no worries, I'll let you know... After I get it working, I'll try to to bug you too much, but I might have a few questions. Thanks again, I didn't know this was available. Have a safe Holiday. Edited December 25, 2013 by xrad Quote Link to comment Share on other sites More sharing options...
digip Posted December 26, 2013 Share Posted December 26, 2013 (edited) Wasn't there another demo of getting metasploit and other tools on iPhones and iPads already? /rhetorical question, don't answer.. http://www.offensive-security.com/offsec/metasploit-4-on-iphone-4s-and-ipad-2/ As far as I know this tutorial has been around for a while in various forms for jailbreaks to the iPhone and iPads. Key difference, the one I link above, used code FROM the developers SVN (no longer used, switched to Git now) to put metasploit on the device off the official https://www.metasploit.com/svn/framework3/trunk/ repo vs the ininjas site(although the link from metasploit now warns users to get updated versions off Git and to read https://community.rapid7.com/community/metasploit/blog/2013/05/20/git-clone-metasploit-dont-svn-checkout). Does anyone know, if the ininjas site today, is still owned and maintained by the same people from the original tutorials/packages? Vet your sources before installing is all I am saying. They may be fine and legit, but just make sure before putting something on your device in the event you may get your own device and network scanned from the inside without knowing if the source files are legit. Jailbreak forums using their own pre-packaged repo files may not contain the same source as the ones maintained by Rapid7(especially if the original ininjas domain has changed hands and looks to still be the same site on the surface, but is no longer the same files or owners). Thing about jailbreaks, while they work, people forget to get packages from the original sources which should work, and often trust the same jailbreak sites as having the same files and get themselves owned just as fast if they are ported and backdoored versions containing extra code. Not saying they aren't one and the same as the legit sources, or that ininjas.com contains packages that shouldn't be trusted(I don't know them, not trying to badmouth their work either), but one should consider this when using jailbreaks and where they get their packages from. Use caution is all I'm saying when looking to put something like this on your device, when you should be able to get the files from the developer, vs prepackaged ones on another site out of convenience. If anyone can download both sources and check they are the same or do an md5 match to prove they aren't altered sources, then I'd not be worried. I tend to be a bit more cautious when it comes to things like this, but that's just me. Edited December 26, 2013 by digip Quote Link to comment Share on other sites More sharing options...
JesseIZ Posted December 26, 2013 Author Share Posted December 26, 2013 Wasn't there another demo of getting metasploit and other tools on iPhones and iPads already? /rhetorical question, don't answer.. http://www.offensive-security.com/offsec/metasploit-4-on-iphone-4s-and-ipad-2/ As far as I know this tutorial has been around for a while in various forms for jailbreaks to the iPhone and iPads. Key difference, the one I link above, used code FROM the developers SVN (no longer used, switched to Git now) to put metasploit on the device off the official https://www.metasploit.com/svn/framework3/trunk/ repo vs the ininjas site(although the link from metasploit now warns users to get updated versions off Git and to read https://community.rapid7.com/community/metasploit/blog/2013/05/20/git-clone-metasploit-dont-svn-checkout). Does anyone know, if the ininjas site today, is still owned and maintained by the same people from the original tutorials/packages? Vet your sources before installing is all I am saying. They may be fine and legit, but just make sure before putting something on your device in the event you may get your own device and network scanned from the inside without knowing if the source files are legit. Jailbreak forums using their own pre-packaged repo files may not contain the same source as the ones maintained by Rapid7(especially if the original ininjas domain has changed hands and looks to still be the same site on the surface, but is no longer the same files or owners). Thing about jailbreaks, while they work, people forget to get packages from the original sources which should work, and often trust the same jailbreak sites as having the same files and get themselves owned just as fast if they are ported and backdoored versions containing extra code. Not saying they aren't one and the same as the legit sources, or that ininjas.com contains packages that shouldn't be trusted(I don't know them, not trying to badmouth their work either), but one should consider this when using jailbreaks and where they get their packages from. Use caution is all I'm saying when looking to put something like this on your device, when you should be able to get the files from the developer, vs prepackaged ones on another site out of convenience. If anyone can download both sources and check they are the same or do an md5 match to prove they aren't altered sources, then I'd not be worried. I tend to be a bit more cautious when it comes to things like this, but that's just me. Thanks for letting everybody know , i totally understand you . - Jesse Quote Link to comment Share on other sites More sharing options...
Edendante Posted May 19, 2014 Share Posted May 19, 2014 Hi, i don't know how to change the path for metasploit, can you explain more about this with pictures? Thanks in advance :) Quote Link to comment Share on other sites More sharing options...
AlexTheCatFish Posted May 19, 2014 Share Posted May 19, 2014 This looks amazing I'm doing it tommorrow, however I have an ipad mini, would it work on that? Quote Link to comment Share on other sites More sharing options...
dustbyter Posted May 19, 2014 Share Posted May 19, 2014 The steps can work on any iOS device as long as they are jailbroken. Quote Link to comment Share on other sites More sharing options...
cooper Posted May 19, 2014 Share Posted May 19, 2014 My problems with Jailbreaking my iPhone: - Battery longevity went down the drain. - The thing became unstable, requiring a restart of the... theme? Every other day or so, when things started to get bogged down a lot. - I used a few of the tweaks to improve iOS speed (no slow anim or some such), revert to the old icon set and fiddle with a few visual tidbits, but just couldn't be arsed to do anything substantial to it. Eventually Apple released an update to iOS7 which reduced the mandatory slow-down imposed on you for the sake of watching visual effects unfold on your iDinkyToy and at that point I really started to wonder why I was doing this. That feeling turned into a cold stone in my stomach when I realised I had banking software on this device and while I don't have any guarantees from either the closed or the open side of the fencepost, at least in case of the closed iTunes store I had some assurances that things would be at the up-and-up. So I just said "[CENSORED] it", reverted to running standard iOS and complaining loudly about how I'd much prefer to run an Android OS phone instead. Quote Link to comment Share on other sites More sharing options...
i8igmac Posted May 21, 2014 Share Posted May 21, 2014 Watch "metasploit_Reverse_proxy Android phone" on YouTube metasploit_Reverse_proxy Android nonroot phone: Ill try to explain the best I can... the video needs narration... from a coffee shop holding my droid, ssh into backtrack desktop I have at home. My droid phone starts a reverse ruby proxy on the desktop, my phone then established 2 connections... One of those connections is a local windows machine at the coffee shop that has smb port open 135 The second connection is back to the ruby reverse proxy running on the backtrack desktop... So now there is a tunnle where the backtrack desktop can send data as shown below Backtrack->droidphone->coffee-shop-machine=smb:135-> Now from the droid that has ssh to backtrack , start up metasploit and configure a smb exploit with the proper ports... reverse shell is succesful! All done with simple proxxy work, notice metasploit loads in 5 seconds! Nonroot droid Quote Link to comment Share on other sites More sharing options...
DEDSEC Posted May 31, 2014 Share Posted May 31, 2014 (edited) Could someone make a guide on installing metasploit on ios?, they changed things with Github and all, and do it from terminal. http://postimg.org/image/3wwc8lgah/ Getting errors, I may have problems with folderstructure? But should folders be made automatically, can't install the bundle it wants, see image. Edited May 31, 2014 by DEDSEC Quote Link to comment Share on other sites More sharing options...
DEDSEC Posted May 31, 2014 Share Posted May 31, 2014 The svn “co https://www.metasploit.com/svn/framework3/trunk/ msf” Doesn’t work anymore and i get the ‘bundle install’ which also fails ending with: “Gem files will remain installed in /usr/local/lib/ruby/gems/1.9.1/gems/bcypt-3.1.7″ <- error during installation In root looking through iFile i see a linked pentest folder which is in /var/mobile/pentest and contains: exploits, passwords, web, wireless. I don't know if this should be put in my MSF folder which is in /var So I really want to do this and really need help, no one online seems to have addressed these changes of late and I hope that you will. Cheers. Quote Link to comment Share on other sites More sharing options...
koolkarnt Posted June 16, 2014 Share Posted June 16, 2014 Personally I looked at making a iphone pentester... and found the exceptional amount of effort working on a 4inch screen is just prohibitive. As a couple of folks said - the performace of the iphone goes down the drain, and the wifi card doesnt support what you really need for true pentesting.. and I cant stand a ios keyboard for working in terminal. i miss my tab key. A Andriod device on the other hand has been developed - working - stable and some what alot more user freindly. Just purchased a nexus 7 which Ill be running the community edition of pwnie pad on - for those of you with a LG Nexus 5 will be able to flash the pwnie phone image with a linux system. Kudos on the ios version but gunna go with the one with flash support :) Quote Link to comment Share on other sites More sharing options...
drinkeru Posted August 11, 2014 Share Posted August 11, 2014 I'm having problem with the su passowrd, among other things. I tried alpine password root and " password is alpine " . On a different matter in my exploits folder there is only set and another folder...no msf Quote Link to comment Share on other sites More sharing options...
calebromens Posted September 7, 2014 Share Posted September 7, 2014 I know this is an old thread but I was wondering if anyone was still on this and if so I have a couple questions Quote Link to comment Share on other sites More sharing options...
KGW2K Posted October 4, 2014 Share Posted October 4, 2014 hey i read and installed all the things from cydia, i just don't know what to type into mobile terminal to run metasploit or open the menu please help it would really mean a lot to me. Quote Link to comment Share on other sites More sharing options...
Edendante Posted October 4, 2014 Share Posted October 4, 2014 hey i read and installed all the things from cydia, i just don't know what to type into mobile terminal to run metasploit or open the menu please help it would really mean a lot to me. first, you nagivate to where metasploit was installed, then type ./msfconsole the directory is usually /var/mobile/pentest/exploits/framework or /var/root/pentest/exploits/framework Quote Link to comment Share on other sites More sharing options...
KGW2K Posted October 4, 2014 Share Posted October 4, 2014 thanks im gonn go try it right now Quote Link to comment Share on other sites More sharing options...
KGW2K Posted October 4, 2014 Share Posted October 4, 2014 Thanks so much Edendante it works 100% you really helped me out, searched every where to find that information. Quote Link to comment Share on other sites More sharing options...
Edendante Posted October 4, 2014 Share Posted October 4, 2014 no problem, i was like you 6 months ago, but then i tried a lot, now i know Quote Link to comment Share on other sites More sharing options...
KGW2K Posted October 4, 2014 Share Posted October 4, 2014 one more question, what is the line for the menu with the other programs Quote Link to comment Share on other sites More sharing options...
Edendante Posted October 4, 2014 Share Posted October 4, 2014 one more question, what is the line for the menu with the other programs they're in /var/mobile/pentest. Try to play around with the cd command to know where your stuff are Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.