Hello! First of all, I just want to say that I hope this is just the first of many tutorials. I thought I'd do something easy to start out and then I could take requests if people wanted to see some specific tutorials. So feel free to make requests!
Step 1) Jailbreaking your iOS device. I'll leave this up to you figure out (If you can't figure that out you probably don't belong here anyway), but you must jailbreak your device in order...well to do much of anything hacking related on your device. Make sure you install Cydia as well. redsn0w is my personal jailbreaking tool of choice.
Step 2) Go into Cydia and select Developer (under Manage > Settings) if it doesn't already pop up, and then go to Changes > Refresh. Now go to Search and look for OpenSSH and download and install it. (You will not see an OpenSHH app in SpringBoard or anything. OpenSSH just gives you SSH access from a computer)
Step 3) Obviously, you must be connected to Wifi on your device with the same network as the computer you plan SSHing from. You can find your ip address by clicking on the Settings app and going to Wi-fi and clicking on the blue arrow next to your network.
Step 4) On your computer, open a Terminal and connect to the device by typing
ssh -l root x.x.x.x
Where x.x.x.x is your ip address. After some time, you may be prompted by the RSA key exchange, you can enter 'yes' and continue on. You will be prompted for a password. So here's the funny thing about iOS devices, the root password for every device is exactly the same! Anyone should realize that this is extremely dangerous which is why many people jailbreak their device just to change the password. Anyway, the default root password is 'alpine'. Enter it and you should be in the device. Feel free to poke around as you please!
***Now, any sort of attack would assume either some physical access to the device, or you might get lucky enough that someone has installed OpenSSH but hasn't changed the default password. Nonetheless, this is definitely just a good start to see what you can do with these devices***
Step 5) At this point, you can pretty much have at a lot of the user's information as you please. SMS messages, addressbook, etc. are all at your disposal. Feel free to look around /private/var/mobile/Library to find some excellent things to grab. If you find something interesting you can grab it with scp. So from another terminal window (outside SSH)
scp root@x.x.x.x:/private/var/mobie/Library/SMS/sms.db sms.db
enter the root password again, and the sms database is all yours. You can view it with sqlite and look through all the user's SMS messages. Kinda creepy if you ask me lol, but there you go!
