Jump to content

Using the Iphone 4 as a pentesting device


JesseIZ

Recommended Posts

Hey!

Tested on the iPhone 4 running Ios 7 jail broken by using evasion7

I wanted to talk about using a iDevice (ios 7)as a pen testing device . [ Noob Friendly ]

First off , why should you use a iDevice as a pen testing device ?

  1. Its portable
  2. Not noticeable
  3. it looks cool :)
  4. its pretty fast
  5. IOS == Unix
  6. It can easily be used with the pineapple ;)

Let's move on , so how do you make your iDevice into a pentesting device ?

  1. First you need jailbreak your iDevice (eg ; Evasion7)
  2. Open Cydia
  3. Adding repositories by going to "Manage" and then "Sources" and then "edit" and then "add"
  4. Then add all these repositories :: http://cydia.myrepospace.com/Boo/ http://ininjas.com/repo/ http://cydia.xsellize.com/
  5. When that's done . click on "http://ininjas.com/repo/" and scroll down until you see "Metasploit" then click on "Metasploit" and then click on "edit" and then click on "Install"
  6. When that's done go back and scroll until you see "Aircrack-ng" and the click on it and install just like previous when thats done install Auto Reconnect , Mobile terminal ,beEF, CUPP, Dsniff Suite , dsniff-fr0g , Ettercap-ng GTk , Ettercap No GTK , Evil Grade ,iAHT, iPwN ,John the Ripper, Low Orbit Ion Cannon , NBTScan, Nikto2, Nmap , Pirni ,Ruby 1.8.6 , Searchsploit , SSLstrip , Wordlists , XSSer , xterm , IWep , SET (not the one thats called Social Engineering Toolkit but the one thats called SET!!) , OpenSSH ! , iSSH
  7. I know that are alot of tools and it will take you some time but when its done you have an awesome pentesting device !
  8. When you Installed all those Tools open Mobile terminal or xterm and type "su" and fill in your password "standard password is :: alpine "
  9. then type cd /pentest and there are all your tools .
  10. Make sure you go to /pentest/exploits/SET/config and open the set_config and change the metasploit path to the path where metasploit is instaleld.
  11. If you need help setting up the other tools (should work fine) or if you have any problems feel free to leave them below .

2013_12_25_15_05_57.png2013_12_25_15_05_15.png

Enjoy your simple but powerful pen testing device ;)

Merry Christmas! :)

- Jesse

Edited by JesseIZ
Link to comment
Share on other sites

Ouch, iPwn added sbsettings, went into safe mode.....No big deal though....this is an extra iPhone 4 I'm not using right now....guess I'll need to wait until Mobile Substrate gets updated....... I wonder if Saurik is working today ?.........lol

This is cool though, were you able to get it all installed with no safe mode?

I might just need to wait another day or so. I think its mobile substrate giving me problems.

Think I will try it on my iPad 1, hmmmm...... Its only on 5.1.1....... Maybe all of it will install.

Edited by xrad
Link to comment
Share on other sites

Ouch, iPwn added sbsettings, went into safe mode.....No big deal though....this is an extra iPhone 4 I'm not using right now....guess I'll need to wait until Mobile Substrate gets updated....... I wonder if Saurik is working today ?.........lol

This is cool though, were you able to get it all installed with no safe mode?

I might just need to wait another day or so. I think its mobile substrate giving me problems.

Think I will try it on my iPad 1, hmmmm...... Its only on 5.1.1....... Maybe all of it will install.

hmm i installed everything with no safe mode .

Let me know if it worked on your ipad 1 ;)

- Jesse

Edited by JesseIZ
Link to comment
Share on other sites

Hey Jessie, I tried on my iPad 5.1.2 and other iPhone 6.1.1..........

I'm sure it will work on a fresh install, but I have so much crap on those I don't have enough reserved "system" space for cydia, I have 10 gb of regular space but less than 10% left (maybe about 100mb) for system. I guess perl needs more space

I got to nMap and get "failed in buffer_write(fd) (7, ret=-1)" or something like that.

On this page it directed me to the error......

http://iphonejailbreakbugs.blogspot.com/

I'll do a fresh install on the first one, I will try to do nMap after metasploit.

I was close on those though, no worries, I'll let you know...

After I get it working, I'll try to to bug you too much, but I might have a few questions.

Thanks again, I didn't know this was available.

Have a safe Holiday.

Edited by xrad
Link to comment
Share on other sites

Wasn't there another demo of getting metasploit and other tools on iPhones and iPads already? /rhetorical question, don't answer..

http://www.offensive-security.com/offsec/metasploit-4-on-iphone-4s-and-ipad-2/

As far as I know this tutorial has been around for a while in various forms for jailbreaks to the iPhone and iPads. Key difference, the one I link above, used code FROM the developers SVN (no longer used, switched to Git now) to put metasploit on the device off the official https://www.metasploit.com/svn/framework3/trunk/ repo vs the ininjas site(although the link from metasploit now warns users to get updated versions off Git and to read https://community.rapid7.com/community/metasploit/blog/2013/05/20/git-clone-metasploit-dont-svn-checkout).

Does anyone know, if the ininjas site today, is still owned and maintained by the same people from the original tutorials/packages? Vet your sources before installing is all I am saying. They may be fine and legit, but just make sure before putting something on your device in the event you may get your own device and network scanned from the inside without knowing if the source files are legit.

Jailbreak forums using their own pre-packaged repo files may not contain the same source as the ones maintained by Rapid7(especially if the original ininjas domain has changed hands and looks to still be the same site on the surface, but is no longer the same files or owners).

Thing about jailbreaks, while they work, people forget to get packages from the original sources which should work, and often trust the same jailbreak sites as having the same files and get themselves owned just as fast if they are ported and backdoored versions containing extra code. Not saying they aren't one and the same as the legit sources, or that ininjas.com contains packages that shouldn't be trusted(I don't know them, not trying to badmouth their work either), but one should consider this when using jailbreaks and where they get their packages from.

Use caution is all I'm saying when looking to put something like this on your device, when you should be able to get the files from the developer, vs prepackaged ones on another site out of convenience. If anyone can download both sources and check they are the same or do an md5 match to prove they aren't altered sources, then I'd not be worried. I tend to be a bit more cautious when it comes to things like this, but that's just me.

Edited by digip
Link to comment
Share on other sites

Wasn't there another demo of getting metasploit and other tools on iPhones and iPads already? /rhetorical question, don't answer..

http://www.offensive-security.com/offsec/metasploit-4-on-iphone-4s-and-ipad-2/

As far as I know this tutorial has been around for a while in various forms for jailbreaks to the iPhone and iPads. Key difference, the one I link above, used code FROM the developers SVN (no longer used, switched to Git now) to put metasploit on the device off the official https://www.metasploit.com/svn/framework3/trunk/ repo vs the ininjas site(although the link from metasploit now warns users to get updated versions off Git and to read https://community.rapid7.com/community/metasploit/blog/2013/05/20/git-clone-metasploit-dont-svn-checkout).

Does anyone know, if the ininjas site today, is still owned and maintained by the same people from the original tutorials/packages? Vet your sources before installing is all I am saying. They may be fine and legit, but just make sure before putting something on your device in the event you may get your own device and network scanned from the inside without knowing if the source files are legit.

Jailbreak forums using their own pre-packaged repo files may not contain the same source as the ones maintained by Rapid7(especially if the original ininjas domain has changed hands and looks to still be the same site on the surface, but is no longer the same files or owners).

Thing about jailbreaks, while they work, people forget to get packages from the original sources which should work, and often trust the same jailbreak sites as having the same files and get themselves owned just as fast if they are ported and backdoored versions containing extra code. Not saying they aren't one and the same as the legit sources, or that ininjas.com contains packages that shouldn't be trusted(I don't know them, not trying to badmouth their work either), but one should consider this when using jailbreaks and where they get their packages from.

Use caution is all I'm saying when looking to put something like this on your device, when you should be able to get the files from the developer, vs prepackaged ones on another site out of convenience. If anyone can download both sources and check they are the same or do an md5 match to prove they aren't altered sources, then I'd not be worried. I tend to be a bit more cautious when it comes to things like this, but that's just me.

Thanks for letting everybody know , i totally understand you .

- Jesse

Link to comment
Share on other sites

  • 4 months later...

My problems with Jailbreaking my iPhone:

- Battery longevity went down the drain.

- The thing became unstable, requiring a restart of the... theme? Every other day or so, when things started to get bogged down a lot.

- I used a few of the tweaks to improve iOS speed (no slow anim or some such), revert to the old icon set and fiddle with a few visual tidbits, but just couldn't be arsed to do anything substantial to it.

Eventually Apple released an update to iOS7 which reduced the mandatory slow-down imposed on you for the sake of watching visual effects unfold on your iDinkyToy and at that point I really started to wonder why I was doing this. That feeling turned into a cold stone in my stomach when I realised I had banking software on this device and while I don't have any guarantees from either the closed or the open side of the fencepost, at least in case of the closed iTunes store I had some assurances that things would be at the up-and-up.

So I just said "[CENSORED] it", reverted to running standard iOS and complaining loudly about how I'd much prefer to run an Android OS phone instead.

Link to comment
Share on other sites

Watch "metasploit_Reverse_proxy Android phone" on YouTube

metasploit_Reverse_proxy Android nonroot phone:

Ill try to explain the best I can... the video needs narration...

from a coffee shop holding my droid, ssh into backtrack desktop I have at home.

My droid phone starts a reverse ruby proxy on the desktop, my phone then established 2 connections...

One of those connections is a local windows machine at the coffee shop that has smb port open 135

The second connection is back to the ruby reverse proxy running on the backtrack desktop...

So now there is a tunnle where the backtrack desktop can send data as shown below

Backtrack->droidphone->coffee-shop-machine=smb:135->

Now from the droid that has ssh to backtrack , start up metasploit and configure a smb exploit with the proper ports... reverse shell is succesful!

All done with simple proxxy work, notice metasploit loads in 5 seconds! Nonroot droid

Link to comment
Share on other sites

  • 2 weeks later...

The svn “co https://www.metasploit.com/svn/framework3/trunk/ msf” Doesn’t work anymore and i get the ‘bundle install’ which also fails ending with: “Gem files will remain installed in /usr/local/lib/ruby/gems/1.9.1/gems/bcypt-3.1.7″ <- error during installation

In root looking through iFile i see a linked pentest folder which is in /var/mobile/pentest and contains: exploits, passwords, web, wireless. I don't know if this should be put in my MSF folder which is in /var

So I really want to do this and really need help, no one online seems to have addressed these changes of late and I hope that you will.

Cheers.

Link to comment
Share on other sites

  • 3 weeks later...

Personally I looked at making a iphone pentester... and found the exceptional amount of effort working on a 4inch screen is just prohibitive. As a couple of folks said - the performace of the iphone goes down the drain, and the wifi card doesnt support what you really need for true pentesting.. and I cant stand a ios keyboard for working in terminal. i miss my tab key.

A Andriod device on the other hand has been developed - working - stable and some what alot more user freindly. Just purchased a nexus 7 which Ill be running the community edition of pwnie pad on - for those of you with a LG Nexus 5 will be able to flash the pwnie phone image with a linux system.

Kudos on the ios version but gunna go with the one with flash support :)

Link to comment
Share on other sites

  • 1 month later...
  • 4 weeks later...
  • 4 weeks later...

hey i read and installed all the things from cydia, i just don't know what to type into mobile terminal to run metasploit or open the menu

please help it would really mean a lot to me.

first, you nagivate to where metasploit was installed, then type ./msfconsole

the directory is usually /var/mobile/pentest/exploits/framework

or /var/root/pentest/exploits/framework

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...