Metasploit 4 on iPhone 4S & iPad 2

Metasploit 4 on iPhone 4S & iPad 2

With the recent Absinthe Jailbreak which opens up firmware 5.1.1 to Cydia, we once again tried to get Metasploit running on these iBabies. After a bit of fiddling around with various ruby package versions, its seems like the following combination works well with the latest version of Metasploit 4.4.0-dev (as of May 2012).

Of course, you need a jailbroken iPhone or iPad, with apt, OpenSSH server and a SSH client, such as iSSH. Once you are SSH’ed to your iPhone / iPad, run the following commands:

# Install basic tools
apt-get update
apt-get dist-upgrade
apt-get install wget subversion

# Download correct version of ruby and dependencies
wget http://ininjas.com/repo/debs/ruby_1.9.2-p180-1-1_iphoneos-arm.deb
wget http://ininjas.com/repo/debs/iconv_1.14-1_iphoneos-arm.deb
wget http://ininjas.com/repo/debs/zlib_1.2.3-1_iphoneos-arm.deb

# Install them
dpkg -i iconv_1.14-1_iphoneos-arm.deb
dpkg -i zlib_1.2.3-1_iphoneos-arm.deb
dpkg -i ruby_1.9.2-p180-1-1_iphoneos-arm.deb

# Delete them
rm -rf *.deb

# Go into /private var and svn checkout the msf trunk.
# Don't download the MSF tar.gz due to svn client versioning issues

cd /private/var
svn co https://www.metasploit.com/svn/framework3/trunk/ msf3
cd msf3/

# Check that Metasploit is running
ruby msfconsole

As no blog post is complete without a reverse shell screenshot, here’s a popped shell from the iPhone:

metasploit-iphone

UPDATE FOR 2020

Advanced Web Attacks and Exploitation

Advanced Web Attacks and Exploitation (AWAE)

Learn white box web application penetration testing and advanced source code review methods. Now with 50% more content, including a black box module.

Earn your OSWE

FOLLOW US ON TWITTER:

@offsectraining

@kalilinux

@exploitdb