注册 登录  
 加关注
   显示下一条  |  关闭
温馨提示!由于新浪微博认证机制调整,您的新浪微博帐号绑定已过期,请重新绑定!立即重新绑定新浪微博》  |  关闭

7z1@EvilShad0w

Evilshad0w Team

 
 
 

日志

 
 
关于我
7z1

Just a Patriot ... 只是一名满腔热血爱国者...

网易考拉推荐

iPod Touch as a Mobile Pentesting Device  

2012-01-11 14:04:24|  分类: Hacking |  标签: |举报 |字号 订阅

  下载LOFTER 我的照片书  |

Penetration Testing, also known as pentesting, is the practice of attacking a known computer system for the purpose of evaluating the strength of its security. Often, these systems are your own, however, companies will hire external pentesters to simulate an attack and see how well their infrastructure holds up against these attacks.

A common misconception is that a lot of equipment is needed to perform a pentest, however this isn’t the case. Today, I’m going to show you how to set up a suite of pentesting software on an iPod Touch/iPhone, thus transforming it into a mobile hacking platform. Please note that these instructions are for a jailbroken iPod.

This is the list of packages that will be loaded onto the iPod:

  1. Metasploit
  2. Social Engineer Toolkit
  3. Aircrack-Ng
  4. dsniff
  5. Ettercap-ng
  6. Nmap
  7. Stealth MAC
  8. tcpdump

 

Necessary Packages

 

MobileTerminal

The first and most basic package is MobileTerminal. You can get it in the Cydia repositories.

On iOS version 4.1, there were some issues getting MobileTerminal to open correctly. To get around this, you need to install MobileTerminal version 426, which is available on their website. In order to install it, you’ll need to download the .deb and install it manually. Here are some instructions on how to do this.

Ruby

Ruby is necessary for packages such as Metasploit. To install it, we can just go into Cydia and select it, or run apt-get install ruby in MobileTerminal, if you have APT installed.

Others

You’re also going to need subversion, rubygems, wget, python, and APT

 

Pentest Packages


Metasploit


Metasploit is a framework that allows for easy vulnerability exploitation, and even includes post exploitation tools. This install is done again using Cydia. Make sure you have the Telesphoreo repository enabled, and you can just select Metasploit to install. It takes care of all the updating and file placement for you.

Once it’s installed, you can access it under mobile terminal. First, log in as root:

su root

Next, start up the console:

msfconsole

From here, you have full access to Metasploit’s features. You use autopwn to search for a system’s vulnerabilities, or craft standalone binaries to set up backdoors. You even have access to msfencode for Metasploit payload encoding. You have the entire Metasploit Framework accessible on your iPod.


Social Engineer Toolkit


The Social Engineer Toolkit is a package that incorporates social engineering tactics with computer pentesting. First, we need to get Ruby. However, you need to manually install it (version ruby_1.8.6 and rubygems_1.2.0) via dpkg. To install SET, we’re going to use subversion. First, open up MobileTerminal and create a directory named “SET” in your pentesting folder. Enter this directory, and use subversion to download a copy:

svn co http://svn.thepentest.com/social_engineering_toolkit/ SET/

This will download and install a copy, and will keep it updated for you. To use SET, enter the directory and run “set” as root:

su root cd <SET Directory> ./set

Most features work, however I’ve encountered some troubles with the Java Applet. Hopefully, this should be fixed in future releases.

 

Aircrack-Ng

Aircrack-Ng is a software suite specializing in wireless attacks. It can be used to crack WEP passwords, capture packets, inject packets, and more. We’re going to use Cydia to get this, although we need to add our own repository. Go to Manage > Sources > Edit > Add and add http://theworm.altervista.org/cydia/ as a source. Allow Cydia to update the package information, and install aircrack-ng.

To use aircrack, you need to open MobileTerminal. From here, you can use all the software included in the suite, including airbase-ng, aircrack-ng, and airodump-ng. These tools are very valuable, as they allow for mobile wireless password cracking, spoofing, etc.


 

dsniff

dsniff is a software suite best known for arpspoof, which allows the attack to use specially crafted ARP packets to redirect traffic. To install it, use TheWorm repository as shown in the aircrack-ng install section. Then, just select dsniff.

One interesting use of dsniff and arpspoof is the ability to perform a DOS (denial of service) attack on a small network. To do this, open up MobileTerminal. To find the router we will be spoofing, go under Settings > WiFi and then the network you’re connected to. The router IP should be next to the section labeled “Router”. To run the ARP spoof, just type this as root into MobileTerminal:

arpspoof -i en0 <router IP>
ARPspoof

Using arpspoof to run a DOS attack

To stop the DOS, just hit Ctrl+C to kill arpspoof.

 

Ettercap-ng

Ettercap-ng is a software suite specializing in MITM, or Man In The Middle attacks. Ettercap-ng is included in TheWork repository as shown above.

To use ettercap-ng, input commands into MobileTerminal. Documentation for ettercap-ng can be found here.

 

Nmap

Nmap is a network tool that can be used to scan for hosts. It is included in the Telesphoreo repository, so just look for nmap in Cydia.

To use Nmap, you again need to input everything in MobileTerminal. A great tutorial for Nmap use can be found in our Nmap tutorial. It shows how to scan for hosts on a local network.

 

Stealth MAC

Stealth MAC is a utility for setting a custom MAC address for the wireless adapter on boot. This is useful in hiding or changing the identity of your iPod. Stealth MAC is included in the Telesphoreo repository, so just look for ‘stealth mac’ in Cydia.

To use Stealth MAC, you need to edit the file /etc/stealthmac. Change the line containing the example MAC address to whatever you like. Then, run “smac.sh” and you will have the new MAC address on the next reboot.

Tcpdump

Tcpdump is a program used as a packet analyzer, and can store and dump network traffic. On an iPod it is useful because it can sniff network traffic and dump it in a log file, which can be analyzed further on an actual computer. To install this, just look for ‘tcpdump’ in Cydia. Tcpdump is in the Telesphoreo repository.

To view different options for running tcpdump, check out the online man page. To actually run tcpdump, run everything inside MobileTerminal. An example to capture packets and write to a dump file:

su root tcpdump -i en0 -nnvvS -w dump.pcap

The dump.pcap can then be analyzed using another program, like Wireshark.

Wireshark

Using Wireshark to analyze tcpdump data

  评论这张
 
阅读(455)| 评论(0)
推荐 转载

历史上的今天

在LOFTER的更多文章

评论

<#--最新日志,群博日志--> <#--推荐日志--> <#--引用记录--> <#--博主推荐--> <#--随机阅读--> <#--首页推荐--> <#--历史上的今天--> <#--被推荐日志--> <#--上一篇,下一篇--> <#-- 热度 --> <#-- 网易新闻广告 --> <#--右边模块结构--> <#--评论模块结构--> <#--引用模块结构--> <#--博主发起的投票-->
 
 
 
 
 
 
 
 
 
 
 
 
 
 

页脚

网易公司版权所有 ©1997-2017