How To: iDevice Jailbroken = Your New PenTesting Tool.

iDevice Jailbroken = Your New PenTesting Tool.

iDevice Jailbroken = Your New PenTesting Tool.

What if someone asks you to do a Nmap scan but you left your pc at home?
What if a golden opportunity shows during a pentest but you were walking around the building, taking a break?

But leaving your phone at home or in the office when you go out is absurd, I mean, everyone brings his phone with him nowadays.

Wouldn't it be awesome if you could do a pentesting session with your mobile phone?

Today you can. It doesn't mind if you have an Android or an iPhone (or the respective Tablets).
Today I'm going to talk about iDevices.

Sadly, you need to first jailbreak your devices in order to install Nmap, Metasploit, SET, Aircrack, Ettercap... (almost all of them, I even saw Beef, but haven't tried it yet).

Note: images are taken by an italian version of Cydia and I had an icon pack.

Update: be careful, I didn't try this on iOS 8, so before you follow this process, make sure every main packet has been updated or someone else confirmed that this works.

Step 1: Jailbreak Your iDevice

This can be done in different ways according to the iOS version. At the time I'm writing every framework version until 7.1.2 (correct me if I'm wrong) is jailbreakable (7.1.x with Pangu Jailbreak).

UPDATE: IOS 8 is jailbreakable thanks to Pangu.

This is not the focus point of the article, so I'll move on.

Step 2: Install Cydia

Cydia (by Saurik) is the main repository of jailbroken apps.
Most of the time the jailbreak process includes the installation of Cydia as default.

Icon pack M'Flat Winterboard

Step 3: Add iNinjas Repository (And Else)

The porting of the above mentioned pentesting tools was achieved thanks to members of the iNinjas website, credits go to them.

To add the iNinjas repository in Cydia, open the app and go to the "Sources" tab, click "Edit" and then "Add".
Type:
http: // ininjas.com/repo/
Hyperlink to the official page:http://ininjas.com/pro/index.php

More: Nmap is not available here, but you can get a GUI with the repo:
http: // apt.modmyi.com/
or
http: // modmyi.com/

So that when the process will end you'll have to click on the repository to show a list of all the packets available, where you can find the above mentioned tools.

Naturally, like on our dear Kali Linux, most of those packets are Terminal packets. This means that in order to run them you have to either SSH into your iDevice or run an application that is able to gain root privileges (like Mobile Terminal).

Disclaimer: Cydia will tell you that this repo it's an unofficial repo, and because of this, it is not secure. And that's true. Even if when I did this everything went good and all the tools did only what they had to do, it doesn't mean that, for example, a XSS attack could have compromised it. Do it at YOUR OWN risk.

EDIT:In case it's not clear, to install Metasploit and else you'll have to go in Cydia->Sources->iNinjasource-> and find Metasploit in the list of packets. Or you can search it Cydia->Search and type Metasploit. Once you found the packet, click on it, then click "install" and "confirm".

Step 4: Download Mobile Terminal

To accomplish the aforementioned step you'll need to download form Cydia a tweak (Cydia app) called "Mobile Terminal". You can simply find it by going in the "Search" tab and typing "Mobile Terminal".

This icon is part of an icon pack, but looks the same
Download the one from the BigBoss Repository.

Step 5: Run Your New Tools

Here's a list of some useful tools and how to run them.
Most of them need root access. This means that when you open Mobile Terminal you have to first write
su
and then
alpine (default password)
then you can run commands with root access.

Metasploit: when metasploit is installed, you can run it by typing:
cd /var/root/pentest/exploits/framework (eventually "framework 3")
./msfconsole
(the loading takes some time)

Social Engineering Toolkit:
cd /var/root/pentest/exploits/set
./set
(accept everything it requires to be installed)

Nmap has a GUI, so download it and run the app, then type the ip address and the arguments , the output will be shown in the panel below.

Apt-Get

If getting your tools with apt-get looks easier, then you can do it.
Searh in Cydia for "APT 0.7 Strict" (that should be installed as default).

Odert Tools Available

Last, a list of some common tools that are also available in the iNinja repo, or Cydia in general: Aircrack-ng, Beef (I didn't test it), Dsniff Suite (a "collection of tools for network auditing"), Ettercap (but I couldn't make it work), Evil Grade, iPwN (a collection of tools for Arping and Dns Spoofing which you should definitely chek out), John the Ripper, Medusa, Metasploit, mysql, network-cmds (for ifconfig utility), Prini and Derv (automated scripts for MITM packet sniffing), python, ruby, SET, SSLstrip (I couldn't make it work), and THC Hydra.

I hope this post was helpful and if this will get positive feedback, I'll talk about Android devices too.

NOTE: if talking about jailbreak here is somehow illegal, then remove this post as soon as possible. I read the rules, but I can't say if this is part of piracy or not.

As I always say: my english is not perfect and I don't pretend it. If I repeat some grammar or concept errors or something is not clear, please tell me in the comments.

Also feel free to correct me if I'm wrong somewhere in the post.

Thanks for reading.

For troubleshooting, read the comments or comment yourself.

59 Comments

A very useful post! Keep this up!

uhm, what do you think of installing kali or such an OS to an iDevice? is it possible nowadays or not yet up? Thanks

Obviously, before going to install everything one by one with Cydia (that, let's say, is a bit annoying, and some of the tools aren't very well ported, plus the bad Wifi scan abilities of iDevices), I thought about directly installing Kali there. But sadly, I couldn't find anything. Which made me disappointed, because you can on Android (spoiler, shh...).

That's mainly because you can't (IMO, and according to what I know, blame me if I'm wrong), you can't install ISOs on iPhone.

But I'd say that's just "not yet up". Who knows, just looking at where we got with these, it wouldn't surprise me if tomorrow, 31 august, we could (again, maybe I'm just dreaming, hands forward: I've not such experience).

EDIT: It's now possible to install LInux on older devices than iPhone 4, but I don't know what limitations Kali might have.

And now that you let me think about it, you could always manage a remote Desktop form your iDevices (see TeamViewer and Remote Desktop), with the only limit of not using the WiFi connection of the device, but the Remote Desktop one's. If this could do, it's not even hard to do.

Just pointing this out that this post is on facebook with minor differences TBH
S_R

That stupid social network don't let me create a fame account, so I'll just leave it there, I'm proud of having my first clones. It means my posts are worth being copied.

Anyway, much thanks for the report!

Also another thing the Facebook post was in september of 2011 and this post was 6 months ago......
S_R

I'm sorry that can't be. Make dure everything is all right. This is my content.
Facebook doesn't keep so old content. There was no iOS 7 or 8 in 2011.

It says 1 september 2014 here it is. Mistyped?

The date reports the latest edit I've made, always, not the publish date. I published this post in August 2014. In fact comments date back to 10 months ago.

Don't move accuses if you are not sure. Check it again, you sure made some mistake ;-) no problem.

Anyways, thanks for your time!
Peyce!

Hi
I managed to get this working, but i cant get airodump and aireplay commands at all.... All i need is the
Aireplay-ng --deauth....

Can you please help me on deauth the near network through the mobile terminal? Which other tool can do the same deauth if airodum and aireplay can be installed?

Thank You!

Just wanted to let you know I heard you and
I'm workin on it!
EDIT: iPhone's Aircrack-ng doesn't support monitor mode due to iPhone limitations. Official description:

"Aircrack-ng is an 802.11 WEP and WPA-PSK keys cracking program that can recover keys once enough data packets have been captured. It implements the standard FMS attack along with some optimizations like KoreK attacks, as well as the all-new PTW attack, thus making the attack much faster compared to other WEP cracking tools. Unfortunately, due to the iPhones limitations, only the cracking part will work.

In fact, Aircrack-ng is a set of tools for auditing wireless networks."

In 4 hours I'll be looking for alternatives.

As far as I found, since iPhone can't change to monitor mode, it is impossible.
And even if there was a way, iNinjas had to port aicrack's other features yet.
I'm very sorry, but I'll continue to search for alternatives.

It's an iPhone, if you have one you should know how many limitations it has. You are asking for a computer...(or Android, which I'll be soon moving to...)

Thanks for fast answer. Well unfortunately i have an iphone and wont switch to android, but certianly i will get some android for this purpose only.

In case you find anything just to deauth clients on a scanned network pls post it here. Thanks again

Just to clarify: I was not in any way trying to induce you to buy Android, obviously, I just wanted to point out that they are capable of doing it.

I'll keep looking for it, as I'm interested also.

Ofcourse, dont worry aboit that at all :)
Thx a lot again

Btwwhy i am getting ILLEGAL INSTRUCTIONS: 4 When i try to run ettercap and other tools aswell :(

For the same reason mentioned before, you won't be able to run ettercap (however I think that error is not related to this), but I can help you with other tools. Can you provide me an example, like what you've done step by step?

Oh i see. I havent read the part where ettercap couldnt made it work. So its all good, when inget again to the same error message i will write the otput and post it here. Thanks again friend.

wow, can you do the same thing with a terminal on android?

Yep, even better, give me some days ;)

Done, the guide is out ;)

I saw! :) I was impressed it got out so fast! Thanks for the effort :)

On android you can use NetHunter

Only for Nexus devices and One.

Hey I can't find the guide plz help

Brice, what guide?

If I try to run the ./msfconsole command I'm getting an Illigal instruction :4 error... How can I fix this?

Working on it. Looks like a compatibility problem. Can you share your iDevice and iOS? Other people are having this problem and I'd like to understand how to solve it.

Someone solved it by following this: ruby illegal instruction 4 metasploit error fix: http://youtu.be/l5-RJYrlLNo.
Please, try this and report the results; thanks.

Would somebody please explain how I use the nmap GUI? It keeps sayin the DNS has an error. Also, why does mobile terminal say 'illegal instruction:4' when I try to run metasploit?' Thanks!

This guide is reporting errors with some new devices, the illegal instruction 4 is frequent, I'm looking for solutions. Can you post your OS and device model?

What DNS error?

Thanks for the prompt reply. I'm on IOS 8.1.2, iPhone 5s. Could you please explain how to use mobile terminal, I have no idea. It seems like.msfconsole/ is wrong, and it should be mafconsole. Also, could you please explain how I use the nmap gui? Thanks

Other people are in your same condition. Still have to figure out what causes the problem, os or device.

The nmap GUI should just work out of the box. You write the target in the textbox and run the scan. Eventually, you can check some options, if you need it. Sometimes the DNS error is just a fake red flag, it should work anyway, just wait a few minutes at most. If it doesn't work, report.

I'm using an iPad (ipad 2 ) with version 8.1.1 , does it work with my device ?
and one more thing did you get Set tool kit to work?
Best Regards ! :)

I still have to figure out which between OS and device causes the problem. Maybe you can try it and then report? These tools are slowly becoming unefficient and obsolete, this is why I recommend to use an android device which handles these kind of things very good (if you really need it).

So, please, try and follow this guide, then report your results, while I'm going to make a deeper research about this issue.

I have an android ... lol :P
but I'm afraid it becomes super slow and overheat over time

or do you recommend to install kali on android i mean wont it becomes slow by time because i use my phone often i preferred to use kali tools on iPad

I'm obviously not trying to convince you anyway, but the way you install Kali on android is not that power draining. It's like a very light virtual machine (chroot environment) that you can start and stop whenever you want. If you need more informations, check this out. Since Android is based on Linux kernel (as far as I know), it's a lot easier to port tools there, while it still is natively more customizable than iOS. I use Kali environment and infosec tools on my device every day (actually not, I still prefer using computers, you'll soon realize that tools on your phone are useless), and so far no battery draining neither slowing down. Make sure you have enough free space (or a convenient external SD card) and try to reduce RAM usage if you feel that Kali is too slow (try and change your launcher for example).

However, it would be interesting if you first tried on your iPad and told me the results.

Again: do whatever you want, I'm only talking about my experiences with this for future reference and other readers who might be interested.

Yeah Man , thank you very much for the valuable info

I know that you're not trying to convience me , but by the way i was thinking of deploying kali on android and since you mentioned that it's like a light virtual machine i would consider deploying it on android

I used kali on pc too it's awesome but not anymore i don't want to continue using it until i upgrade my custom pc with more rams cause i had 4gb

You are welcome. Let me know your progresses if you can.

Hey CIUFFY

I'm trying to install kali linux on android using linux deploy and i have vnc viewer installed also but im getting an error

begin : install
Checking mount points ... fail
Press STOP and repeat attempt
I don't know what is the problem so any help would be appreciated
the solution might be silly that im so stupid to figure it out or a little more difficult for me to sort it out
What i think is to do with the installation path but i tried it alot
i tried also changing it to the internal memory ( /storage/emulated/0/linux.img ) but i prefer to install it on sd card
Please Help ASAP!!
Thanks in Advance

btw im reading your article now hope it helps and i'll tell you what happens

Try the guide and then post your results there, and I will try to help you.

Thanks man you're awesome !! that article saved my issue You're the best !!

thanks no worries im installing kali based on what you explained and that solved the issue ;)

Glad my work could help. You are welcome.

Hello , thanks

i have a question i finished installing kali distribution from start GNU/Linux installation using linux deploy and then moved on and reconfigure after that and as you suggested i installed JuiceSSH and applied the info that you said about , made a new connection with a random nickname 127.0.0.1 port :22 as it is

type is SSH
but im getting an error
Connection Failed
failed to connect to /127.0.0.1 (port 22 ) : connect failed ECONNREFUSED(Connection refused)
i think im getting the same error in VNC Viewer which i have it also installed

And i have only 5.49 free space on sd card is that a problem ?

Are you sure the installation went fine? What does the output look like when you press start in Linux Deploy? Please continue the discussion under the appropriate article, so that other people can solve the issue too.

HI, I am getting a illegal instruction 4 error when trying to run metasplot on the mobile terminal. Any help?

We currently have no solution for that problem, sorry! Other people have been reporting that and I'm working on it.

Hello
my cydia add repo, no tool in there! how can I repo?
ininjas.com/repo

Try with a final slash at the end. Long time I haven't tried, but I remember I had a similar issue.

ininjas repo doesn't work. Does anybody has a mirror or something?

how cai i crack wifi passwod with my apple jailbreak iphone.if there is possible plz suggest to me.

pathik you can try aircrack-ng, once download it worked perfectly for me (depending on what security that wifi has) in the command line you can download from bigboss..

I´ve followed the Instruction step by step, but now I cant find "/var/root/pentest/exploits/framework(3)./msfconsole".
I get an Error that says "No such file or directory."

Can anyone help?

There are too many errors when I use ettercap on an ipod touch4.Libpcap doesn't work well on my ipod...Any ideas ?

Share Your Thoughts

  • Hot
  • Latest