Book Image

Learning iOS Penetration Testing

By : Swaroop Yermalkar
Book Image

Learning iOS Penetration Testing

By: Swaroop Yermalkar

Overview of this book

iOS has become one of the most popular mobile operating systems with more than 1.4 million apps available in the iOS App Store. Some security weaknesses in any of these applications or on the system could mean that an attacker can get access to the device and retrieve sensitive information. This book will show you how to conduct a wide range of penetration tests on iOS devices to uncover vulnerabilities and strengthen the system from attacks. Learning iOS Penetration Testing discusses the common vulnerabilities and security-related shortcomings in an iOS application and operating system, and will teach you to conduct static and dynamic analysis of iOS applications. This practical guide will help you uncover vulnerabilities in iOS phones and applications. We begin with basics of iOS security and dig deep to learn about traffic analysis, code analysis, and various other techniques. Later, we discuss the various utilities, and the process of reversing and auditing.
Table of Contents (17 chapters)
Learning iOS Penetration Testing
Foreword – Why Mobile Security Matters
About the Author
About the Reviewer

Shell reverse TCP for iOS

In the last section, we opened shell on the victim's iDevice, to which we had connected from the base system (Kali Linux). Now, we will open a victim's shell on our base system to which victim will connect back using the reverse_bind_shell payload. This is mainly required when target connections are behind the firewall and do not allow inbound connections. Here, we will make the outbound connection from the target iDevice to our base system.

Let's follow the given steps to create a reverse bind shell of iOS

  1. Check the IP of the base system. You can use the ifconfig command to find out the IP address of the base system:

  2. Let's create the shell_reverse_tcp payload with the base system's IP address:

  3. Now, transfer this payload to the tmp directory of iDevice using SFTP:

  4. Perform SSH login into iDevice and sign the payload using ldid:

  5. Now, start the multi handler using shell_reverse_tcp:

  6. You will notice that the command shell is opened with the victim's iDevice access. You can confirm it by typing any Linux command—for example, pwd: