Jump to content

Smartphone Pentesting - Comprehensive list of tools needed


adult_indian_newbie
 Share

Recommended Posts

Hello Friends ! pls help me in this regard :

Hi ! I am currently using Metasploit and Smartphone Pentesting Framework by bulb security : http://www.bulbsecurity.com/smartpho...est-framework/
for spying Smartphones. I want to know whether they are enough to accomplish what I am trying to do :

1) Call Logs delivered remotely
2) SMS record
3) Get Contacts
4) Photos, Video's and Other Files
5) View all the apps used and when
6) History of Chat transcripts on whats app, skype e.t.c
7) Remotely control microphone, record and recieve recordings
8) Remotely control the camera

I need to be able to all that for both iphone and android phones. Are the mentioned tools enough for an average security configuration or am I missing some powerful or popular tools to accomplish my goals.

Edited by adult_indian_newbie
Link to comment
Share on other sites

actually the dude had a point. jonnyh1994 that is.. why dont you look at the apk of that tool and see its layout. cerberus does all the things you mentioned. so you could go the script kiddy route and copy and paste, or you can see the functions and strings and then make your own beast accordingly..

;p

just my 2 cents lol..

nothing like learning from source, and not having to reinvent the wheel.

And if your into doing this on an "off the grid" mentality, why not put this into an app that pre-exists on said phone .......

Link to comment
Share on other sites

  • 4 weeks later...

A cool little tool that I have been playing around with is the iphoneanalyzer in BT5
Backtrack>Forensics>Digital Forensics>iphoneanalyzer

This tool is only going to be useful if you have physical access to the phone... what makes this tool so powerful is that
it does not only work for iphones it works on ipads and ipods ect... as well!

This program gives you access to their
Address Book
Location Map
Voicemail
Facebook Friends
Maps History
Messages (Sent...Received...All)
Calls (Incoming...Outgoing...All)
And I believe it gives you all of their pictures I'm not sure though!

The only requirements to this is that you have to make a backup of their device on your computer and backups don't require a Apple ID and password so if you could get someones phone for 15 min your all good!'

Okay so once you have the backup you will need to access the file and you can do this by going to ( On Windows )
start button
then click on the user ( the name in the top right... if you can't do that you can always go to your c:\ drive and then users and then click on the user that you are on)
now if you do not see AppData then you are going to have to un-hide all of the folders ( google it, its simple )
click on AppData
then click on Roaming
then apple computer
then mobile sync
then backup
now you should see all of your backups

to figure out which one is which open up itunes click the button in the top left hand corner and then click preferences then go to devices and now you can see the order that the saves are in! ( you may have a different version of Itunes then me so you can either figure it out or look at the dates of the backups in the backup file )

Once you find the save that you want now we have to make it into a zip file ( right click on the backup that you want goto send to and then compressed zip folder )
and move it to your desktop
now right click and goto share with then click specific people and then ALL
now goto your backtrack machine and go into the dolphin file manager click on network ( located in the side bar on the left )
then click on the icon that says network and then find your file ( I think it is the network icon or it might be the Samba Shares idk)

find your file and drag it to your BT5 desktop
now you have to unzip it by going into a terminal and typing unzip ( then what ever the file is called it should be a ton of letters and numbers make sure you have a .zip at the end!!!! )
now go into iphone analyzer and browse to the file now click on the file and hit analyze iphone!!!!!!!!!!
This is a great way to get all of the information that you are looking for but the downside is that you need physical access! I have not yet checked out the smartphone-pentest-framework but I will and I have never heard of it before so I am excited!

Your welcome for the very noob friendly tutorial! and contact me with any problems or if I missed a step :)

I forgot to add that you have to download the guest addon for virtualbox for this to work! Idk what to do for vm ware so I cant help you with that!

Edited by Computer_Security
Link to comment
Share on other sites

http://forum.xda-developers.com/android/apps-games/androrat-remote-administration-tool-t2734932

http://cyberwarzone.com/best-free-android-rat-manage-android-devices/

since you can learn from this, download the others and look at the code. with cerverus and others, you can plan out what yyou want to do and do it

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...