Saturday, September 6, 2008

IPhone Port Scan

Just out of interest I thought I would port scan my IPhone.

After issuing just nmap ipaddress I had no response So I turned off the ping first option and tried again.

nmap -P0

Okay so I found it. The MAC ties up with my phones MAC address.

Next I'll just try all TCP ports to see what I get.

nmap -P0 -p1-65535

So I found one TCP port open. I'lll use the -sV switch to get the version.

nmap -P0 -sV -p62087

Hmmm. Still nothing. Maybe an OS Scan would be interesting.

nmap -P0 -O

So it got the right OS

Okay. So I know there is still that open port. What if I send something to it and see what comes back.

So using TCPDump I throw on a filter for just the IPhone IP address.

tcpdump -i eth0 host

Thats a bit noisey. I want just my target port for now.

tcpdump -i eth0 host && port 62078

now In a seperate window, I create a test file by echoing "test" to a file and thow that at the port using nc.

nc 62078 < face="georgia">Okay, so that went well. I'll repeat the process and capture the results to analyse in Wireshark using the -w switch with tcpdump:

tcpdump -i eth0 -w iphone-capture.pcap host && port 62078

Okay. I'll be honest. The results were not good. I'm still clueless. Maybe i'll resort to good old Google.

2 Mins later................................

Okay, now i find that the leg work has already been done. It's a port used when synching with iTunes.

Oh well, i suppose it was one way to waste an hour.

P.S - If you do try port scanning the Iphone, you might find that it needs a hard reset before it will synch properly.


Douglas said...

don't know if I am happy or pissed you posted this. I am REALLY bored at work and was going to waste time port scanning my phone. But NOOOOO you had to go do it first and post a well document blog on - great - well on to port scanning BlackBerry's - I guess I could try to pretend to do some work instead.....

SynJunkie said...

Sorry Douglas, looks like you'll have to do some work then ;-)

George said...

Fun fact: When you run web-based apps, FacBook mobile, TextFree, EliminatePro, etc etc, more ports open up! =) A vulnerability in amy of these apps could bring exploitation to the iPhone once again.
I found this out by running nmap on myself in MobileTerminal while having TextFree open.

SynJunkie said...

Why doesn't any of this surprise me. Good job the iPhone doesn't run as root.......ohhh errrr...FAIL!

Mr x said...

It's a port left open so your phone can be wiped over the network