To understand the true capabilities of idevices, let us look at some of the different stages conducted during a professional penetration test and see how we can use mobile devices in each stage. Although availability of tools will vary with each
mobile device, we will examine those tools available to the iPod touch.
To gather information about a target network, we can use functionality already built into most mobile devices. An Internet Web browser is a natural starting tool to gather information on corporations, employees, and networks. However, a browser can only give us so much information – additional tools we can install include Nmap and Telnet, which allows us to scan a target system or network and connect with discovered systems.
The advantage of using a repository like Cydia is that the program has already been compiled and can be installed on the iPod touch with no more than a click of a button. In fact, the number of applications available for the iPod touch through the Cydia repository are so numerous that very few hacker applications need to be compiled separately – the work has almost been entirely done for us.
By using Cydia, instead of compiling the hacker applications personally, some functionality may be absent in the application. It is still a best practice to compile the application, instead of acquiring someone else’s build, so that we can better tailor the application to our platform and needs.
By employing Nmap directly on the device, we can locate ourselves within a facility in a manner that does not arouse suspicion, unlike plugging into a network drop in an empty cubicle.
There are some drawbacks in using the mobile device as an attack platform, and that is the size of the screen on the devices.
We can see that the majority of the screen is consumed by the on-screen keyboard; this makes attacking directly from the device almost impractical, unless we set up scripts in advance. A better alternative is to connect to the iPod touch remotely. Anyway, Nmap will allow us to grab the following information regarding a target system and its applications:
• Operating system and version information
• Open ports
• Applications running on open ports (best guess)
• Application version information
Although Nmap does perform some banner-grabbing functionality, it is important to verify this information with a second tool, such as Telnet or netcat.
Netcat is another tool that can also be easily installed using Cydia. There are some advantages to using netcat over Telnet, in that netcat does not inject or extract control characters; this means we can download files using netcat without worrying about data corruption by the application itself.
We can also use secure tunnel to connect to remote systems using OpenSSH, in case we need to mask our activity.