Discuss [1.1.3] Beware of OpenSSH default password at the General - Hackint0sh.org; As you probably know there are some issues with OpenSSH in 1.1.3:
-you cant easily ...
[1.1.3] Beware of OpenSSH default password
As you probably know there are some issues with OpenSSH in 1.1.3:
-you cant easily change the default password,
-the icon does not appear in the springboard,
-sometimes you cant uninstall OpenSSH via Installer.
The iphone automatically connects to known networks and since most OpenSSH instalation have default password this leaves a possible attack scenario.
[Accesing Iphones with OpenSSH default password]
1) Using airodump we can see the Known Networks that the Iphone automatically connects to.
2) Using the Evil Twin / Fake Access Point technique we can make the Iphone connect to us.
3) With any sniffer o from the routers interface we can know its IP.
4) We connect with any SSH client and use the default account root:alpine
5) We are root so we can do anything like install a troyan that forwards
Limitation of the attack:
Some interesting files:
See some emails: cat /private/var/mobile/Library/Mail/Envelope\ Index
Plaintext Notes: cat /private/var/mobile/Library/Notes/notes.db
Apollos Plaintext IM passwords: cat
hosts file: /private/var/mobile/Library/Preferences/hosts
-You must have default password,
-You must have prefered/known networks and they must be open auth,
-When phone is autolocked WiFi is off so the is little time for the script to work ...
[Changing the default password]
You can use one of the following methods, first one worked for me:
[cypt(3) and vi /etc/master.passwd]
Type your password then click "Encrypt password" and use the salt "/s".
Edit /etc/master.passwd with vi to change password.
Run http://winandmac.com/files/SSH-pass.zip and then you can change the password.
By Techguy in forum Installation
Last Post: 03-02-2010, 09:38 AM
By sura in forum Free Toolchain Software (Cydia App's)
Last Post: 07-24-2008, 06:48 PM
By bob616 in forum Free Toolchain Software (Cydia App's)
Last Post: 05-12-2008, 12:08 AM
By Master in forum iPhone "2G" (Rev. 1)
Last Post: 12-06-2007, 07:27 AM