jkirk

Mobile Pwning: Using Metasploit on iOS

Blog Post created by jkirk Employee on Aug 20, 2012

Have you ever wanted to run an exploit but found yourself away from your desk? Wouldn't it be awesome if you could launch a full version of the Metasploit Framework from your phone or tablet? As you might have guessed, now you can. With an adventurous spirit and a few commands, you can be running the Metasploit Framework on your iPad or iPhone in just a few short minutes.

 

Warning: To install Metasploit, you’ll need root access to your device – which is accomplished by following your favorite jailbreaking procedure. I used Absinthe (http://absinthejailbreak.com/). Jailbreaking can potentially cause problems for you and your device, and will void the warranty. You assume all risk when altering your device(s). However, if you are installing Metasploit, you probably already enjoy breaking things. :-)

 

Once you have root, you will need the following:

  • OpenSSH server (via Cydia)
  • apt [APT 0.7+ Strict] (via Cydia)
  • SSH client (I use iSSH; via App Store)

 

First, make sure everything is updated and that you have subversion installed:


apt-get update

apt-get dist-upgrade

apt-get install wget subversion

 

IMAGE1.PNG

 

Once that’s done, we’ll need to grab Ruby and iOS dependencies for Metasploit Framework to run. As of this writing, the files needed were kindly hosted over at iNinjas:

 

wget http://ininjas.com/repo/debs/ruby_1.9.2-p180-1-1_iphoneos-arm.deb

wget http://ininjas.com/repo/debs/iconv_1.14-1_iphoneos-arm.deb

wget http://ininjas.com/repo/debs/zlib_1.2.3-1_iphoneos-arm.deb

 

IMAGE2.PNG

Install the packages:


dpkg -i iconv_1.14-1_iphoneos-arm.deb

dpkg -i zlib_1.2.3-1_iphoneos-arm.deb

dpkg -i ruby_1.9.2-p180-1-1_iphoneos-arm.deb

 

Once the dependencies have finished installing, you can safely delete those files to save space on your iDevice. Presuming these are the only .deb files you have downloaded, you can run rm -rf *.deb. If you’ve been tinkering around with other files, just replace the * with the file names you want to remove.

 

If you want to double-check everything installed correctly, you should be able to see Ruby version 1.9.2 by running the ruby –v command.

IMAGE3.PNG

 

Now the good part! I installed Metasploit Framework to /private/var/msf3. In case you are unfamiliar, /private/var is the partition where your apps, media and settings are all stored by default, so it’s easily the larger of the two default partitions on your iDevice.

 

We’re going to use svn to grab the Metasploit Framework trunk for the sake of simplicity and compatibility issues:

 

cd /private/var

svn co https://www.metasploit.com/svn/framework3/trunk/ msf3

 

IMAGE4.PNG

 

Once that’s done, cd to msf/ and launch the Metasploit Framework!

 

ruby msfconsole

 

Happy exploiting!

 

IMAGE5.PNG

 

---

Co-written/Developed by Andrew Spangler and James Kirk

Outcomes