Penetration Testing, also known as pentesting, is the practice of attacking a known computer system for the purpose of evaluating the strength of its security. Often, these systems are your own, however, companies will hire external pentesters to simulate an attack and see how well their infrastructure holds up against these attacks.
A common misconception is that a lot of equipment is needed to perform a pentest, however this isn’t the case. Today, I’m going to show you how to set up a suite of pentesting software on an iPod Touch/iPhone, thus transforming it into a mobile hacking platform. Please note that these instructions are for a jailbroken iPod.
This is the list of packages that will be loaded onto the iPod:
Necessary Packages
MobileTerminal
The first and most basic package is MobileTerminal. You can get it in the Cydia repositories.
On iOS version 4.1, there were some issues getting MobileTerminal to open correctly. To get around this, you need to install MobileTerminal version 426, which is available on their website. In order to install it, you’ll need to download the .deb and install it manually. Here are some instructions on how to do this.
Ruby
Ruby is necessary for packages such as Metasploit. To install it, we can just go into Cydia and select it, or run apt-get install ruby in MobileTerminal, if you have APT installed.
Others
You’re also going to need subversion, rubygems, wget, python, and APT
Pentest Packages
Metasploit
Metasploit is a framework that allows for easy vulnerability exploitation, and even includes post exploitation tools. This install is done again using Cydia. Make sure you have the Telesphoreo repository enabled, and you can just select Metasploit to install. It takes care of all the updating and file placement for you.
Once it’s installed, you can access it under mobile terminal. First, log in as root:
su root
Next, start up the console:
msfconsole
From here, you have full access to Metasploit’s features. You use autopwn to search for a system’s vulnerabilities, or craft standalone binaries to set up backdoors. You even have access to msfencode for Metasploit payload encoding. You have the entire Metasploit Framework accessible on your iPod.
Social Engineer Toolkit
The Social Engineer Toolkit is a package that incorporates social engineering tactics with computer pentesting. First, we need to get Ruby. However, you need to manually install it (version ruby_1.8.6 and rubygems_1.2.0) via dpkg. To install SET, we’re going to use subversion. First, open up MobileTerminal and create a directory named “SET” in your pentesting folder. Enter this directory, and use subversion to download a copy:
svn co http://svn.thepentest.com/social_engineering_toolkit/ SET/
This will download and install a copy, and will keep it updated for you. To use SET, enter the directory and run “set” as root:
su root cd <SET Directory> ./set
Most features work, however I’ve encountered some troubles with the Java Applet. Hopefully, this should be fixed in future releases.
Aircrack-Ng
Aircrack-Ng is a software suite specializing in wireless attacks. It can be used to crack WEP passwords, capture packets, inject packets, and more. We’re going to use Cydia to get this, although we need to add our own repository. Go to Manage > Sources > Edit > Add and add http://theworm.altervista.org/cydia/ as a source. Allow Cydia to update the package information, and install aircrack-ng.
To use aircrack, you need to open MobileTerminal. From here, you can use all the software included in the suite, including airbase-ng, aircrack-ng, and airodump-ng. These tools are very valuable, as they allow for mobile wireless password cracking, spoofing, etc.
dsniff
dsniff is a software suite best known for arpspoof, which allows the attack to use specially crafted ARP packets to redirect traffic. To install it, use TheWorm repository as shown in the aircrack-ng install section. Then, just select dsniff.
One interesting use of dsniff and arpspoof is the ability to perform a DOS (denial of service) attack on a small network. To do this, open up MobileTerminal. To find the router we will be spoofing, go under Settings > WiFi and then the network you’re connected to. The router IP should be next to the section labeled “Router”. To run the ARP spoof, just type this as root into MobileTerminal:
arpspoof -i en0 <router IP>
Using arpspoof to run a DOS attack
To stop the DOS, just hit Ctrl+C to kill arpspoof.
Ettercap-ng
Ettercap-ng is a software suite specializing in MITM, or Man In The Middle attacks. Ettercap-ng is included in TheWork repository as shown above.
To use ettercap-ng, input commands into MobileTerminal. Documentation for ettercap-ng can be found here.
Nmap
Nmap is a network tool that can be used to scan for hosts. It is included in the Telesphoreo repository, so just look for nmap in Cydia.
To use Nmap, you again need to input everything in MobileTerminal. A great tutorial for Nmap use can be found in our Nmap tutorial. It shows how to scan for hosts on a local network.
Stealth MAC
Stealth MAC is a utility for setting a custom MAC address for the wireless adapter on boot. This is useful in hiding or changing the identity of your iPod. Stealth MAC is included in the Telesphoreo repository, so just look for ‘stealth mac’ in Cydia.
To use Stealth MAC, you need to edit the file /etc/stealthmac. Change the line containing the example MAC address to whatever you like. Then, run “smac.sh” and you will have the new MAC address on the next reboot.
Tcpdump
Tcpdump is a program used as a packet analyzer, and can store and dump network traffic. On an iPod it is useful because it can sniff network traffic and dump it in a log file, which can be analyzed further on an actual computer. To install this, just look for ‘tcpdump’ in Cydia. Tcpdump is in the Telesphoreo repository.
To view different options for running tcpdump, check out the online man page. To actually run tcpdump, run everything inside MobileTerminal. An example to capture packets and write to a dump file:
su root tcpdump -i en0 -nnvvS -w dump.pcap
The dump.pcap can then be analyzed using another program, like Wireshark.
Using Wireshark to analyze tcpdump data
11 comments
1 ping
Connor
April 15, 2011 at 11:50 am (UTC -4)
Wow. This is truly incredible. It is really unimaginable what technology has turned into. This was a great article that I thoroughly enjoyed reading.
Ryan Lyles
April 16, 2011 at 1:24 am (UTC -4)
have never actually seen anything like this… pretty awesome though
Katie P
April 27, 2011 at 8:26 am (UTC -4)
Really cool stuff
Here’s a link the to the MobileTerminal Wiki about installing a working version of it on iOS 4.0 or greater: http://code.google.com/p/mobileterminal/wiki/Installation
The easy-install should work for most users and is a lot easier than trying to install it manually.
pilo
November 10, 2011 at 12:38 am (UTC -4)
thanks for great info, i wanna buy ipod but tell me which ipod device is ” supported” .. thanks for great videos too and keep em comming..
infamous
December 7, 2011 at 3:17 pm (UTC -4)
can u post instructions on how to use air crack on the ipod?
kevin
January 3, 2012 at 11:09 am (UTC -4)
You can use aircrack on the iPod the same way you would use it on a normal computer. Here is the man page for it.
Sergen Setup
January 4, 2012 at 10:12 am (UTC -4)
Aircrack won’t run on my iPod touch as airmon-ng doesn’t run either; it asks for wireless tools. I have been looking forward to compile wireless tools on the device. Any tips would be greatly appreciat3d.
Thanks!
Danny
March 6, 2012 at 7:51 pm (UTC -4)
i dont understand how to download SET? any help would be nice
kevin
March 7, 2012 at 10:35 pm (UTC -4)
Hey Danny,
This may help you: http://technology-flow.com/articles/social-engineer-toolkit/
Danny
March 8, 2012 at 12:05 am (UTC -4)
in the article it showed how to use SET but not how to actually obtain it on your ipod. In this article it said that I needed to make create a directory in my pentesting folder. What i dont understand is how to make a directory for set and what or where the pentesting folder is and how to get it.
kevin
March 8, 2012 at 1:04 am (UTC -4)
OK I understand what you’re asking now.
What you need to do is make a directory in your home folder.
cd ~
mkdir set
Next, download the SET archive, and unpack it in the “set” folder you just made.
mv.tar.gz ~/set .tar.gz
tar xvf
This is it! All the SET files should now be in ~/set. My syntax for the above commands mind be a little off since I don’t have a Linux box in front of me. Hope this helps!
iPod Touch as a Mobile Pentesting Device
April 13, 2011 at 8:47 pm (UTC -4)
[...] How to add utilities like arpspoof, Metasploit, Social-Engineer Toolkit, aircrack etc onto an iPod Touch/iPod for use in mobile penetration testing. [...]