Metasploit on iOS 4.2.1

So, you already jailbreak either iPad or iPhone4 using tools from dev-team. Next, you want to scan and pwn people on hotspot network, and you know tools such as metasploit or nmap will do this job very well especially in iPhone4 since the hardware specification is better than previous one. This is for ‘tethered’ jailbreak, for IOS 4.2.1. I found some application is not working properly such as mobile terminal or apt-get which is not installed by default when you installed cydia. So, here’s the step

1. install AptBackup from cydia.

This information I got from google. Somebody pointed out that apt-get will be installed through AptBackup package from cydia. You need to install this, otherwise you can’t use apt-get to install various package through command line.

2. install openssh

This is easy. You can find it on cydia.

Next, make sure you have wireless LAN available. Connect iPad or iPhone to wireless LAN, and check its ip address from settings -> network -> wifi. My device use 10.0.2.102 for its ip address in this sample. Since openssh already installed, we can ssh to jailbroken devices (default root password: alpine).


$ ssh root@10.0.2.102
The authenticity of host '10.0.2.102 (10.0.2.102)' can't be established.
RSA key fingerprint is 3a:19:eb:5e:fe:9c:27:0c:1d:8d:e6:dc:9f:dc:89:41.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '10.0.2.102' (RSA) to the list of known hosts.
root@10.0.2.102's password: alpine
iPad:~ root# uname -a
Darwin iPad 10.4.0 Darwin Kernel Version 10.4.0: Wed Oct 20 20:14:45 PDT 2010; root:xnu-1504.58.28~3/RELEASE_ARM_S5L8930X iPad1,1 arm K48AP Darwin
iPad:~ root# apt-get
apt 0.7.25.3 for iphoneos-arm compiled on Feb 24 2010 09:59:20
Usage: apt-get [options] command
apt-get [options] install|remove pkg1 [pkg2 ...]
apt-get [options] source pkg1 [pkg2 ...]

apt-get is a simple command line interface for downloading and
installing packages. The most frequently used commands are update
and install.

Commands:
update - Retrieve new lists of packages
upgrade - Perform an upgrade
install - Install new packages (pkg is libc6 not libc6.deb)
remove - Remove packages
autoremove - Remove automatically all unused packages
purge - Remove packages and config files
source - Download source archives
build-dep - Configure build-dependencies for source packages
dist-upgrade - Distribution upgrade, see apt-get(8)
dselect-upgrade - Follow dselect selections
clean - Erase downloaded archive files
autoclean - Erase old downloaded archive files
check - Verify that there are no broken dependencies

Options:
-h This help text.
-q Loggable output - no progress indicator
-qq No output except for errors
-d Download only - do NOT install or unpack archives
-s No-act. Perform ordering simulation
-y Assume Yes to all queries and do not prompt
-f Attempt to correct a system with broken dependencies in place
-m Attempt to continue if archives are unlocatable
-u Show a list of upgraded packages as well
-b Build the source package after fetching it
-V Show verbose version numbers
-c=? Read this configuration file
-o=? Set an arbitrary configuration option, eg -o dir::cache=/tmp
See the apt-get(8), sources.list(5) and apt.conf(5) manual
pages for more information and options.
This APT has Super Cow Powers.

Step to install metasploit can be found from here. However, at this time (27 December 2010), ruby and rubygems available on cydia repo is 1.9.2 which is buggy to run metasploit. You can try to choose not select ruby and rubygems then install version 1.8.7 later, but I am too lazy to try it now. Since sometimes package manager such as apt-get will install other dependency for ruby and rubygems, I choose to install them first and then uninstall later. Then install ruby and rubygems which is suitable for metasploit on iOS.

Here’s how to uninstall ruby 1.9 and re-install using 1.8.7 version,


# apt-get remove ruby rubygems
# wget http://apt.saurik.com/dists/tangelo-0.9/main/binary-iphoneos-arm/debs/ruby_1.8.6-p111-5_iphoneos-arm.deb
# dpkg -i ruby_1.8.6-p111-5_iphoneos-arm.deb
# wget http://apt.saurik.com/dists/tangelo-0.9/main/binary-iphoneos-arm/debs/rubygems_1.2.0-3_iphoneos-arm.deb
# dpkg -i rubygems_1.2.0-3_iphoneos-arm.deb
# rm -f ruby*

At this point, you should be able to run ./msfconsole. Since iPhone or iPad is such a small computer, it will take more time to load all the modules or when you execute exploitation against a target. Be patient.

Mobile terminal available on cydia is not working properly. So you need to follow instruction from here. I will archive it just in case the site go down one day.

Anyone who has jailbroken their iPhone 4 will have found that the verision of mobile terminal currently in cydia does not work. This version is not built for iphone 4. Here are the instructions to get a working copy on your iPhone.

1. download mobile terminal v4.26 from Megaupload
2. SSH into your iphone and drop the .deb into /private/
3. Click on the black terminal icon (in winscp) and run the command “dpkg -i MobileTerminal-426.deb”
4. After it gets to “setting up mobileterminal (426), close out the window, respring your phone and the icon should show up
5. If it appears as a blank icon, drop Terminal.png into /private/var/stash/applications/terminal.app and rename it icon.png

That’s it. You can also install nmap using apt-get. Enjoy.

Advertisements

2 thoughts on “Metasploit on iOS 4.2.1

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s