Book Image

Learning iOS Penetration Testing

By : Yermalkar
Book Image

Learning iOS Penetration Testing

By: Yermalkar

Overview of this book

iOS has become one of the most popular mobile operating systems with more than 1.4 million apps available in the iOS App Store. Some security weaknesses in any of these applications or on the system could mean that an attacker can get access to the device and retrieve sensitive information. This book will show you how to conduct a wide range of penetration tests on iOS devices to uncover vulnerabilities and strengthen the system from attacks. Learning iOS Penetration Testing discusses the common vulnerabilities and security-related shortcomings in an iOS application and operating system, and will teach you to conduct static and dynamic analysis of iOS applications. This practical guide will help you uncover vulnerabilities in iOS phones and applications. We begin with basics of iOS security and dig deep to learn about traffic analysis, code analysis, and various other techniques. Later, we discuss the various utilities, and the process of reversing and auditing.
Table of Contents (11 chapters)
10
Index

Shell bind TCP for iOS


At a high level, there could be two types of shell access on the target device. One is a bind shell, where we will run shell on the target device and connect to it. Second is a reverse shell, where we will run shell on the base system to which the target will connect back. You will learn both ways to obtain shell.

Let's follow the given steps to create a bind TCP shell:

  1. You can check all Metasploit payloads available for osx/armle. You can use the command msfvenom –l to list all payloads:

  2. Select the shell_bind_tcp payload available for osx/armle:

  3. Now, connect your iDevice using SFTP and transfer the payload file to the tmp directory:

  4. Now, perform SSH login into iDevice and sign the payload, using the ldid utility. You can download ldid from Cydia if you have not installed it yet:

  5. Now from Kali Linux, start multi/handler and connect to victim and you will notice the command shell open on the target system. You can confirm it by running any Linux command such as ps, pwd, and...