Hacking like a Hipster

So picture this scene. You arrive at your favourite Starbucks, order your caramel iced latte, and sit down to Tweet about the benefits of a soy-based diet. Then suddenly you remember you left your Apple MacBook at home and all you have with you is your iPad. Travesty! But, what if there was a way to use this iPad for a higher purpose and you could pop all the shells you wanted from the comfort of a air-conditioned coffee shop, whilst looking trendy and hip. Well this post will talk you through everything you need to go from a basement dwelling hacker to one who pays for over-priced coffee and looks cool. All you need to follow along is an iPad, an external keyboard, and access to a cloud provider to host your VPS. However, in this demo I am using a local machine as my VPS.

Building your hacking VPS

To begin with you need to ditch iPad OS and find something more suitable like Kali or Parrot. These Operating Systems come packed with useful tools which will aid you in hacking all the things. Or you could choose the more bespoke route and opt for Ubuntu or Arch and install all the tools you need manually. Either way your going to need to setup a Virtual Private Server (VPS) with one of these distributions installed and running. For a more detailed guide on doing this see 🖥 How to Build a Hacking VPS 🏹. I’ll show you how to set up a Kali… | by Robert Scocca | Medium.

Once this is setup you will need to install OpenSSH on the machine so that you can SSH into the machine from your iPad and run all your favourite hacking tools. In Debian based systems this can be done with sudo apt install ssh. Then to start the SSH service run sudo system ssh start and to check it’s status run sudo system ssh status.

Connecting to your VPS

With your hacking VPS up and running, now you need to connect to it from your iPad. This can be done by installing the “Blink Shell & Code Editor” from the app store.

Blink Shell is a professional, desktop grade terminal for iOS. With Mosh & SSH clients for iOS, lightning fast and fully customizable. The best terminal for iOS and iPadOS.

For our purposes, we will be using it as an SSH client to connect to our hacking VPS. To do this, download Blink Shell and run ssh <username>@<vps_ip> to connect to your VPS server. This will prompt you to trust the hash and provide a password to login as the username specified.

Just like that you are connected to your hacking VPS and can pop all the shells you want!

Lets be a little more secure

Using SSH to connect a your VPS is all well and good but password-based logins are not considered the most secure way of doing your business. All the cool kids nowadays use key-based authentication because it’s more secure and you don’t need to type in a password every time you want to connect. To setup key-based authentication using the Blink Shell:

  1. run config , go to Keys & Certificates, and select the + icon and click Generate New from the dropdown menu.

2. then fill in the details for this key and Save.

3. back at the Blink command line run ssh-copy-id <identity_file> <user>@<host> to copy your SSH key file across to the remote VPS.

4. Now while connected to the remote VPS you need to disable password authentication and enable public key authentication. This is done by editing the /etc/ssh/sshd_config file and making the following adjustments in the configuration file:

  • PubkeyAuthentication yes
  • PasswordAuthentication no

5. now back at your Blink Shell, you can use the SSH key you generate to login to your VPS securely with ssh -i <key> <user>@<host>

Now you have securely logged into your hacking VPS and can run Nmap to your heart’s content!

I want pretty pictures though

So maybe the terminal is not for you and you want all the pretty graphics a graphical desktop manager provides. Well unfortunately they’re are not (at time of writing) any free solutions to make this possible. There are paid solutions, such as AnyDesk or RealVNC, but these are targeted at enterprises for business use cases. That said, you can sign up an pay a monthly fee to use these services and securely remote desktop into your hacking VPS.

A better (free) solution would be setting up a VNC server on your hacking VPS and then using a VNC client on your iPad to connect. However, there is no feasible VNC clients available on the app store which are not locked behind a paywall and, as such, at this time this solution is not an option. So it looks like you may need to learn to use the command line.

But to not end on a glum note, you can get VSCode for all your programming needs. This can be done either for free (with code-server), for free but with ads (through Blink Shell), or you could use a paid solution such as Code App. Stick around to see programming on your iPad.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Adam Goss

Adam Goss

Cyber security professional who merges offensive and defensive paradigms to solve new and exciting security challenges | Penetration Tester | Threat Hunter