TA的每日心情 | 擦汗 2021-3-6 19:29 |
---|
签到天数: 33 天 [LV.5]常住居民I
|
本帖最后由 微笑smile 于 2015-1-3 22:56 编辑
本人已经搭建好
跑出密码
Password Found!!
Generating Token....
Saved to Disk...
Success! The password is:*****************************
今天,9to5Mac 作者在 GitHub 上发现了一个新上传的密码破解工具 iDict,该工具宣称可以破解任何一个 iCloud 账号,而且似乎可以绕开苹果为了防范暴力破解而增加的保护措施。去年 9 月份的时候,苹果就修复了一个暴力破解密码漏洞。
这个工具的代码已经上传到 GitHub 上,从运行机制来看,这款软件会“假扮 iPhone”从使用其内置的 500 个密码的词库中对一个 iCloud 账号尝试登录,如果你的账号有这个词库里的密码,那么 iDict 将 100% 破解你的 iCloud 账号。
如果你的密码并没有出现在这个列表中,也不要放松警惕。整个工具的代码已经上传,黑客只需要修改密码词库就可以继续更大规模的破解,如果你的密码过于简单,也有可能被破解。
我们相信苹果公司会在看到这个工具的时候就着手进行相关修复工作,毕竟这个软件的假冒 iPhone 身份很容易被发现。但是,苹果居然留下了这么一个漏洞,也让人难以相信。
下面大家仔细看看 不懂请百度 OK?
Disclaimer: Do whatever you want with this code as long as you give me credit (@Pr0x13)
Check and make sure its legal in your country to use this tool before doing so.
I'm not responsible for any damage done whatsoever to anyones iCloud account or iDevice.
I Didn't exploit any accounts while writing this, as well i didn't even test it out (Hope it works lol).
I merely observed and reported.
Install:
Put in HtDocs Folder in your Xampp installation.
Install cUrl for your OS
Navigate to http://127.0.0.1/iDict/ in your web browser (preferably Firefox, Chrome, or Safari).
Wordlist.txt is from iBrute and it satisfies iCloud password Requirements
It's been reported if icloud server responds with an error restart xampp or your computer
-=Reports coming in that Server is now Patched with Rate Limiter=-
-=Server Fully Patched, Discontinue use if you don't want to lock your account!!=-
What is this?
A 100% Working iCloud Apple ID Dictionary attack that bypasses
Account Lockout restrictions and Secondary Authentication on any account.
What this isn't:
A bypass or fully automated removal
Why?
This bug is painfully obvious and was only a matter of time before it was
privately used for malicious or nefarious activities, I publicly disclosed it so apple will patch it.
@Pr0x13
|
|