A: Hack what? Google has the answer to any questions you have. "Hack" is a very general term. Hacking has nothing to do with malicious intent. Its simply a brilliant way of say, having no boundaries and pushing the limits of technology. You may be thinking of a "Cracker" Hackers have no interest in dealing with "Crackers" those who have no knowledge of computing security and just want to get spoon fed and cause trouble. Get lost!
Q: What sources should I add?
Q: How do I get root access in Mobile Terminal (Terminal)?
A: Good question Bro!! Since 90% of the command functions you'll be doing start there!! Here's what you do: Fire up your Terminal App. Type in these commands with return after each command:
- su - This is a knock telling terminal you want in.
- alpine - This is the default password. And won't show as you type it. This should be changed first thing after a jailbreak.
- cd - This changes the directory from /var/mobile to root.
- passwd - This tells terminal you want to change your password.
- Type in your new password. Just like when you typed alpine to get root access it will not show as you type it. You will be prompted again to retype your password make sure they match. Hit enter and you're done.
- The same can be done with your mobile password. Do this by typing passwd mobile <return> and do the same as you did for password.
Q: Where do I get the 520 version of mobile terminal?
A: Here's the link to get the 520 version of Mobile Terminal.
Q: What is Ettercap??
A: Ettercap was born as a sniffer for switched LAN (and obviously even "hubbed" ones), but during the development process it has gained more and more features that have changed it to a powerful and flexible tool for man-in-the-middle attacks. It supports active and passive dissection of many protocols (even ciphered ones) and includes many features for network and host analysis (such as OS fingerprint).
This was taken directly from the Ettercap manual.
Q: Where to I get Ettercap from?
A: Add this repository to Cydia:
Automatically, it will upgrade some libnet and network-cmds packages. This is completely normal and is even recommended. Also grab libtool from "The Worm Repository" or else you will get errors when starting Ettercap.
Q:L3_ERROR WTF is that? Ettercap wont work!
A: I have no idea what this is, I have had success with redirects on both secure and insecure routers. As long as your forwarding the packets by using promisc mode or enabling IP forwarding after issuing the Ettercap command. It should work fine. That's really all I can tell you , there are many subjects on Google about this. I am not an Ettercap expert, it took a long long time before I discovered how to get it working. I did not have the privilege of asking someone on the internet, I had to Google, Google, Google. Until it finally clicked. I am not interested in Ettercap really anymore, moving on to bigger and better things.
Q: How do I use SET? I heard you can do "cool" things like redirects and such with it and break into computers? haha hehe
A: Whoa, whoa, slow down their cowboy. If that's all your interested in than get lost. SET has many, many uses other than the attacks I used in my videos. However I do have SET on my repository, and I even went through the trouble of editing the configuration file to be used on iPhone with Ettercap and Metasploit thank you very much. First Ettercap can severely mess up your router if you don't know what your doing, only temporarily, but that is one less support thread we can weed out. Second, Metasploit has been integrated into many of SET's attacks. Its anti-virus encoding, server, and payload implementations rely on the Metasploit framework. You need to install Metasploit for the specific attack I used in my video to work if you really want to do so.
Q: How do i get Metasploit on a 3G+ device?
A: Download it here, extract the files with iFile, change the name to "framework3", then move the folder to /var/mobile/pentest/exploits. In terminal, as root, type "cd /var/mobile/pentest/exploits/framework3" then "./msfconsole".
Q: How do I get Metasploit working on a 2G Device?
A: First off, because the 2Gs are old models, they have very little RAM. RAM determines how many things you can be doing at once on your device. To increase your RAM, download "iMemoryEnhancer" from this repo: http://iphoneame.com/repo/ to use it, activate SBSettings, hit Processes, then Free Memory. That will temporarily give yiu more RAM. Secondly, this Metasploit uses Perl, which is a really large programing language that can be used on many devices. If you don't have it already, download the "Perl Install Script" from my Repo above, then refresh your sources after you've ran the Terminal Command (installperl). You should have a ton of new packages. To make things simple, download "Harvester" from my repo and that will add all of the necessary parts. After you have perl, you need to download a package called "Subversion". Make sure your filter is on "Developer". Once you have it, go in terminal and type "su" then your password (The default is "alpine"), then "cd /var/mobile/pentest/exploits" and after that, "svn co http://www.metasploi...amework2/trunk/ framework2". Then type "p" so you accept the source. Now wait 10 minutes for you to download it all. After that's done, activate iMemoryEnhancer are open Terminal again. Then type "su", then "alpine", then "cd /var/mobile/pentest/exploits/framework2" and finally, "./msfconsole"
Q: Are there some good video tutorials on metasploit framework?
A: Check out these links to video tutorials.
Q: How do I get and use TOR on my Device?
A: 1. Download this .deb file: http://sid77.slackwa...phoneos-arm.deb
2. Install it with iFile (Click on the file and click "Installer")
3. Click the "Refresh" button in Cydia.
4. Download the "Tor Toggle" for SBSettings.
5. To activate it, turn the toggle on, then go to Settings -> Wifi -> Your Wifi Network. Now scroll down to "http proxy" and click "Manuel". Set the port to "8118" and the server to "127.0.0.1"
6. Now close Settings and browse the web
Q: How do I SMS Bomb with iPwN?
A: Okay skippy this is an easy to do thing. 1st you need to make a fake G-Mail account. The G-Mail address will show up in the messages so don't be a dummy and use your regular account unless you want them to know who bombed them. If that is the case then you have declared war. Start iPwN and follow the steps. When you are asked for the g-mail account input the whole thing including the .com. When it comes to the part for phone number use the area code also. When it asks for the carrier that's your targets carrier silly not yours. When it asks the number to send send no more than 250. This should lockup their phone and/or send it into an aploptic fit. 25 text bombs is annoying. 50 - 75 is brutal. 100 is torture. 250 is just plain merciless. Have fun and play smart and safe.
Q: I heard you can steal peoples passwords over wifi! How do I do that?
A: Well, yes you can, but you can't just get any of their passwords that easily. You can run whats known as an MITM, or Man In The Middle, attack. What this does is uses ARP spoofing to trick the target computer/s into sending their traffic through your computer or iPod, and you use a packet recorder and sniffer combo to read the passwords, urls, etc such as pirni and derv or firesheep. But an MITM attack isn't guaranteed to get the password. If the website they are logging onto uses https, which is a secure version of http, hence the S, you aren't going to be able to get a password. In this case you will need to be a little more creative. You will need to be a bit more skilled. You will need to copy the login page of the site you want the password for, like facebook, with wget. Then you will need to put that in your webservers main page as index.html, along with a script that records the input into the username and password field into a .txt file. When you have that all ready you just need to run iPwN, use the dns spoof attack, and DON'T use the wildcard target! How suspicious would it look if you wanted to go to google but you get sent to facebook? Just say no to a wildcard and put in the URL of the login page. Now there you go! Leave that run for a bit and check the .txt file for passwords.
Q: But when they visit the URL I'm faking it says "http://192.168.1.2:80/var/www/index.html" How do I make it different?
A: Now that is an excellent question! Unfortunately, you cannot change the ip of the URL, but you CAN change the directory so it looks less suspicious. If you are using Lighttpd from cydia go to /etc/lighttpd2.conf and change the first line, which should say 'server.document-root = "/var/www" '
Change the directory to any that you want. For example, if you are getting a facebook login, change it to something like "/facebook/default_login". Then just make a directory to there and put your index.html there and your keylogger. There you go! You can now get people's passwords!
Q: I can't find those lovely PDF manuals in the files of my favorite exploit!!! How can I read it if I can't find it?
A: Well sport you're asking a good question. Ironman has compiled a library of Exploit Manuals and How To's in an easy to deal with PDF format. Put them in iBooks to read at your leisure. Here's a link to the library.
Hacking is not easy, if it were the internet would be one big mess don't you think? You have to learn how to solve your own problems. That pretty much applies to life in general. I do not know everything about "hacking", I simply have a passion for programming and technology. Actually, I "get off" (lol) more when I get a new tool, or port a new program, and let YOU GUYS test it out and use it day to day. Your compliments are what keep me going, I could not thank you enough for that. That's my thing, I have no interest in invading anyone's privacy lol. Simply solving these problems elegantly is my goal and passion, and is what I will continue to do.