iPwN How-To

2011-05-04T06:42:00.000-07:00

What is iPwN

"Own the network" iPwN's motto so to speak lol. The idea is, you already carry your iPhone around everywhere you go anyway. My goal is to sort transform your iPhone into a hacking machine. That can be used by a monkey. iPwN is not intimidating at all.

Text Bombing!

Well, im sure by now everyone knows how to sms bomb. All you need is a gmail account. Here's the catch though, gmail will disable your account after 500 texts for 24 hours. This is a nuisance and could be avoided if I implemented a paid text service. They do exist, but like I say they are paid. If you need to send someone more than the daily 500, than get a few friends on the internet together and organize a mass attack ;)

Packet Sniffing!

So what I did here, initially, was I made a Pirni and Derv implementation. I get alot of emails saying that it doesn't work. Well, it does work, its just not finding anything useful. The log.pcap file gets deleted as it is read by derv. Most likely the user-names and passwords are encrypted and are dropped. However, I recently added fr0gger, which is a *modified* version of dsniff fr0g. This will provide a real live feed, even let you target a specific machine on the network. If you cant get that to show anything, well then my friend, "victim" is not using the internet. Try again.

Exp0its!?!!?

Yep, well, these are written in python. Have a very simple code base but as I search through exploit-db.com or shodanhq.com I find exploits compatible with iPwN's intentions of easy interaction. I cant really describe them as they are all different, and I add new ones quite instantaneously. Will add documentation on each individual exploit in the README file of each iPwN update.

Metasploit Attack Vectors

This is very early stages, but is what I really wanted iPwN to be in the first place.

What are the best cydia repos for pentesting tools?

2011-05-04T05:23:00.000-07:00

#1, the original and the best

http://cydia.theworm.tw

This repository contains the network-cmds package, that includes a modified ifconfig binary. This ifconfig, thanks to Wim Verreyckedn and TheWorm, will allow for promiscuous mode. Very important for dnsspoof attacks.

http://boococky.hostei.com/cydia

This is my repository, yes it has errors. Yes it still works. I still update it regularly. Trying to keep up with all the latest tools that are of use on an iDevice, and ofcoarse iPwN ;) I even took a shot at developing a native iOS X11 desktop. Got as far as FVWM and Xterm. Pretty cool, but this repository

http://fenyx.x10.mx/

Fenyx's repository. She has managed to build things such as window maker, GTK, cairo, even Ettercap GUI, that actually works on an iDevice under X11. She even compiled the newest Ruby 1.9.2, which is now recommended over the version I have on my repository. Especially if your using Metasploit on an older device. As it allocates memory better than the 1.8.6 version I have.

http://trcx.site50.net/cydia

TRCX is a devoted developer and a friend. Grab this repository for opendns, adds an important resolv.conf to your /etc path. He also has iAHT which has some automated attack scripts and makes using most tools alot easier. You might also want to grab iForum for great support.

Hacking with iPhone

iPwN How-To

What are the best cydia repos for pentesting tools?