Although we cannot get more robust applications loaded onto the iPod touch, such as Core IMPACT or HP WebInspect, there are still some good applications available. For example Nikto open-source (GPL) Web server scanner version information; Nikto is a Perl application available for download at http://cirt .net/nikto2.
Ranked #12 of the top 100 network security tools by Insecure.org, Nikto will scan a server for configuration files, cgi applications, outdated version information, and a multitude of other bits of data that can be useful in a penetration test. Although most of the work done by Nikto focuses on information gathering, it does a pretty good job of identifying potential vulnerabilities when found.
Unfortunately, the iPod touch’s wireless chip cannot be placed into promiscuous or monitor mode, meaning we cannot obtain wireless data necessary to conduct brute force attacks against wireless access points using encryption. There are other mobile devices that can be set for promiscuous or monitor mode, so if a brute force attack is an absolute necessity, there are options available. However, there is an application that can intercept traffic on a wireless network called “Pirni,” written by Axel Moller also available through Cydia.
The program is configured to intercept all traffic intended for the default router (192.168.1.1 in this particular network) through ARP spoofing. Based on the Berkley Packet Filter (BPF) values, the only traffic that will be collected is TCP segments leaving the network, destined for port 80. The BPF can be modified to capture whatever type of traffic we are after. The Regex Options are used to immediately capture interesting packets, such as usernames and passwords.
Once we are satisfied with the regular expressions we want to use to present us with live data, we launch Pirni and wait until an unsecure connection is made.
There is a free command-line version of Pirni, and some scripts that have been written to provide the same functionality as the Pirni Pro application which is a paid app however it worth it.
The Pirni project can be found at http://code.google.com/p/n1mda-dev/wiki/PirniUsageGuide, and the additional scripts can be found at http://code.google.com/p/Pirni-derv/.
Here will be talking about concealing mobile devices; due to their small size, phones and PDAs are perfect candidates for leaving behind within the target corporation’s facility similar to key loggers. If we decide to leave them behind, it would be ben- eficial to maintain access to the device – if we compromise systems within the victim’s network, we will also want to have applications at the ready to maintain access with them as well. The two applications typically associated with remote logins and backdoors are netcat and SSH.
Earlier we took a look at netcat as an information gathering tool. However, it can also be used as a backdoor as well.
Therefore with the right scripts, we can set up a reverse shell that can connect back to our attack server. A good resource of how to use netcat to its fullest and to set up a reverse shell can be found in Netcat Power Tools.
OpenSSH is one of more handy tools on the iPod touch and is one of the first tools recommended for installation once the iPod touch is jailbroken.
Besides providing secure communication, SSH can also be set up as a reverse shell as well and used to create encrypted tunnels that allow us to use the iPod touch
as a remote attack platform. Although a valuable technique, we would not be exam- ining how to set up encrypted tunnels or reverse shells using SSH.
There are plenty of other tools that can be installed on the iPod touch and other mobile devices, than those mentioned here. Next post will show all the tools for a successful hacking idevice.
The following applications were installed manually: libssh2, john the ripper (brute force password cracker), scapy, and medusa (used for remote brute force attacks). The Apple Store provided a few applications as well, including TouchTerm, Ping, and Speed Test. Altogether, these programs provide an array of tools that make the iPod touch an effective hacking platform, whether handheld or used as a remote attack platform.