iDevice Jailbroken = Your New PenTesting Tool.

Aug 28, 2014 10:23 PM
Dec 8, 2014 09:23 AM
635448360151237610.jpg

What if someone asks you to do a Nmap scan but you left your pc at home?

What if a golden opportunity shows during a pentest but you were walking around the building, taking a break?

But leaving your phone at home or in the office when you go out is absurd, I mean, everyone brings his phone with him nowadays.

Wouldn't it be awesome if you could do a pentesting session with your mobile phone?

Today you can. It doesn't mind if you have an Android or an iPhone (or the respective Tablets).

Today I'm going to talk about iDevices.

Sadly, you need to first jailbreak your devices in order to install Nmap, Metasploit, SET, Aircrack, Ettercap... (almost all of them, I even saw Beef, but haven't tried it yet).

Note: images are taken by an italian version of Cydia and I had an icon pack.

Update: be careful, I didn't try this on iOS 8, so before you follow this process, make sure every main packet has been updated or someone else confirmed that this works.

Step 1: Jailbreak Your iDevice

This can be done in different ways according to the iOS version. At the time I'm writing every framework version until 7.1.2 (correct me if I'm wrong) is jailbreakable (7.1.x with Pangu Jailbreak).

UPDATE: IOS 8 is jailbreakable thanks to Pangu.

This is not the focus point of the article, so I'll move on.

Step 2: Install Cydia

Cydia (by Saurik) is the main repository of jailbroken apps.

Most of the time the jailbreak process includes the installation of Cydia as default.

635448344378015631.jpg

Icon pack M'Flat Winterboard

Step 3: Add iNinjas Repository (And Else)

The porting of the above mentioned pentesting tools was achieved thanks to members of the iNinjas website, credits go to them.

To add the iNinjas repository in Cydia, open the app and go to the "Sources" tab, click "Edit" and then "Add".

Type:

http: // ininjas.com/repo/

Hyperlink to the official page:http://ininjas.com/pro/index.php

635448345322175414.jpg

More: Nmap is not available here, but you can get a GUI with the repo:

http: // apt.modmyi.com/

or

http: // modmyi.com/

635448346335468541.jpg

So that when the process will end you'll have to click on the repository to show a list of all the packets available, where you can find the above mentioned tools.

Naturally, like on our dear Kali Linux, most of those packets are Terminal packets. This means that in order to run them you have to either SSH into your iDevice or run an application that is able to gain root privileges (like Mobile Terminal).

Disclaimer: Cydia will tell you that this repo it's an unofficial repo, and because of this, it is not secure. And that's true. Even if when I did this everything went good and all the tools did only what they had to do, it doesn't mean that, for example, a XSS attack could have compromised it. Do it at YOUR OWN risk.

EDIT:In case it's not clear, to install Metasploit and else you'll have to go in Cydia->Sources->iNinjasource-> and find Metasploit in the list of packets. Or you can search it Cydia->Search and type Metasploit. Once you found the packet, click on it, then click "install" and "confirm".

Step 4: Download Mobile Terminal

To accomplish the aforementioned step you'll need to download form Cydia a tweak (Cydia app) called "Mobile Terminal". You can simply find it by going in the "Search" tab and typing "Mobile Terminal".

635448345987331644.jpg

This icon is part of an icon pack, but looks the same

Download the one from the BigBoss Repository.

Step 5: Run Your New Tools

Here's a list of some useful tools and how to run them.

Most of them need root access. This means that when you open Mobile Terminal you have to first write

su

and then

alpine (default password)

then you can run commands with root access.

Metasploit: when metasploit is installed, you can run it by typing:

cd /var/root/pentest/exploits/framework (eventually "framework 3")

./msfconsole

(the loading takes some time)

635448347386561412.jpg
635448347694061212.jpg
635448347386561412.jpg
635448347694061212.jpg

Social Engineering Toolkit:

cd /var/root/pentest/exploits/set

./set

(accept everything it requires to be installed)

635448347355048977.jpg
635448348188858374.jpg
635448347355048977.jpg
635448348188858374.jpg

Nmap has a GUI, so download it and run the app, then type the ip address and the arguments , the output will be shown in the panel below.

Apt-Get

If getting your tools with apt-get looks easier, then you can do it.

Searh in Cydia for "APT 0.7 Strict" (that should be installed as default).

635448348515589914.jpg
635448349749218906.jpg
635448348515589914.jpg
635448349749218906.jpg

Odert Tools Available

Last, a list of some common tools that are also available in the iNinja repo, or Cydia in general: Aircrack-ng, Beef (I didn't test it), Dsniff Suite (a "collection of tools for network auditing"), Ettercap (but I couldn't make it work), Evil Grade, iPwN (a collection of tools for Arping and Dns Spoofing which you should definitely chek out), John the Ripper, Medusa, Metasploit, mysql, network-cmds (for ifconfig utility), Prini and Derv (automated scripts for MITM packet sniffing), python, ruby, SET, SSLstrip (I couldn't make it work), and THC Hydra.

I hope this post was helpful and if this will get positive feedback, I'll talk about Android devices too.

NOTE: if talking about jailbreak here is somehow illegal, then remove this post as soon as possible. I read the rules, but I can't say if this is part of piracy or not.

As I always say: my english is not perfect and I don't pretend it. If I repeat some grammar or concept errors or something is not clear, please tell me in the comments.

Also feel free to correct me if I'm wrong somewhere in the post.

Thanks for reading.

For troubleshooting, read the comments or comment yourself.

Comments

No Comments Exist

Be the first, drop a comment!