hongsolo9/iOS pentesting setup

## iOS pentesting setup
## Pre-requisites
1. A checkm8 vulnerable iOS device on iOS 15+ (A8 - A11) iPhone 6 to iPhone X
2. palera1n
3. USB A cable
4. Wifi connection
5. A macOS desktop/laptop


## Downloading palera1n (for macOS)
1. Go to https://github.com/palera1n/palera1n/releases
2. With the latest beta (on top) scroll down to the first Assets dropdown you see, and click on the arrow. A list of palera1n executables are seen here. Select the one that is for palera1n-macos-universal (https://github.com/palera1n/palera1n/releases/download/v2.0.0-beta.7/palera1n-macos-universal)
3. Follow the installation steps here (https://ios.cfw.guide/installing-palera1n/#installing-the-jailbreak)

## Jailbreaking the iOS device
1. Jailbreak the iPhone/iPad with palera1n, we will be using the rootful option via command line `palera1n -c -f`
Why rootful? Curently rootful permits installation of debugging tools like Frida (which is what we need).
2. This will take a while. If the iPhone hangs, hit Ctrl+C on the terminal app and rerun the same command above.
3. You will be prompted to enter a password twice. This password is for logging into the iOS device via ssh.

### Add Frida RE repository
Open the Sileo app and press the Earth icon that says Sources at the bottom of the app.
On the top right corner you will see the "+" sign. Press on it and you will be asked to add source.
To add the Frida RE repository, type in https://build.frida.re/ Then Add Source.

### Add Frida tools
Now to add Frida, still in Sileo press the Magnifying glass on the right corner. Type in Frida in the search box.
Press on Get, press on Queue, then press on Confirm. Frida will

### Add Mterm app
In the Sileo app, search for Mterm via the magnifying glass on the bottom right, then install it. This is for accessing the filesystem on the iOS device.

### Add Termius app
In Apple App store, search and install Termius app. This is for connecting to SSH servers remotely, with a great user interface.

### Add openssh-server and openssh-client tools
In the Sileo app, search for openssh-server via the magnifying glass on the bottom right, tThen install it.
Do the same for openssh-client. Installing openssh-server is for allow ssh connections to connect to the iOS device remotely.

### Add cycript tools
In the Sileo app, search for cycript  via the magnifying glass on the bottom right, then install it. This is for tweaks.

### Test ssh connection to the jailbroken device
1. Connect the jailbroken device and your mac to the same wifi network
2. Check the jailbroken device for its IP address. Go to Settings > Wifi > [your selected wifi network] > Press on the i with a circle (right) then scroll down for the IP address.
3. Go to the terminal app on the mac and type in `ssh mobile@<ip address seen above>`
4. The password is `alpine`.
	## Pre-requisites
	1. A checkm8 vulnerable iOS device on iOS 15+ (A8 - A11) iPhone 6 to iPhone X
	2. palera1n
	3. USB A cable
	4. Wifi connection
	5. A macOS desktop/laptop


	## Downloading palera1n (for macOS)
	1. Go to https://github.com/palera1n/palera1n/releases
	2. With the latest beta (on top) scroll down to the first Assets dropdown you see, and click on the arrow. A list of palera1n executables are seen here. Select the one that is for palera1n-macos-universal (https://github.com/palera1n/palera1n/releases/download/v2.0.0-beta.7/palera1n-macos-universal)
	3. Follow the installation steps here (https://ios.cfw.guide/installing-palera1n/#installing-the-jailbreak)

	## Jailbreaking the iOS device
	1. Jailbreak the iPhone/iPad with palera1n, we will be using the rootful option via command line `palera1n -c -f`
	Why rootful? Curently rootful permits installation of debugging tools like Frida (which is what we need).
	2. This will take a while. If the iPhone hangs, hit Ctrl+C on the terminal app and rerun the same command above.
	3. You will be prompted to enter a password twice. This password is for logging into the iOS device via ssh.

	### Add Frida RE repository
	Open the Sileo app and press the Earth icon that says Sources at the bottom of the app.
	On the top right corner you will see the "+" sign. Press on it and you will be asked to add source.
	To add the Frida RE repository, type in https://build.frida.re/ Then Add Source.

	### Add Frida tools
	Now to add Frida, still in Sileo press the Magnifying glass on the right corner. Type in Frida in the search box.
	Press on Get, press on Queue, then press on Confirm. Frida will

	### Add Mterm app
	In the Sileo app, search for Mterm via the magnifying glass on the bottom right, then install it. This is for accessing the filesystem on the iOS device.

	### Add Termius app
	In Apple App store, search and install Termius app. This is for connecting to SSH servers remotely, with a great user interface.

	### Add openssh-server and openssh-client tools
	In the Sileo app, search for openssh-server via the magnifying glass on the bottom right, tThen install it.
	Do the same for openssh-client. Installing openssh-server is for allow ssh connections to connect to the iOS device remotely.

	### Add cycript tools
	In the Sileo app, search for cycript via the magnifying glass on the bottom right, then install it. This is for tweaks.

	### Test ssh connection to the jailbroken device
	1. Connect the jailbroken device and your mac to the same wifi network
	2. Check the jailbroken device for its IP address. Go to Settings > Wifi > [your selected wifi network] > Press on the i with a circle (right) then scroll down for the IP address.
	3. Go to the terminal app on the mac and type in `ssh mobile@<ip address seen above>`
	4. The password is `alpine`.