blacknbunny/CVE-2018-10933 blacknbunny/CVE-2018-10933

  • Stars
    star
    495
  • Rank 88,361 (Top 2 %)
  • Language
    Python
  • Created almost 6 years ago
  • Updated 9 months ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
blacknbunny/CVE-2018-10933
github

blacknbunny

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Spawn to shell without any credentials by using CVE-2018-10933 (LibSSH)

libSSH-Authentication-Bypass

Spawn to shell without any credentials by using CVE-2018-10933

Exploit-DB : https://www.exploit-db.com/exploits/45638

Information about CVE-2018-10933 by libSSH : https://www.libssh.org/security/advisories/CVE-2018-10933.txt

Bugfix Release by libSSH : https://www.libssh.org/2018/10/16/libssh-0-8-4-and-0-7-6-security-and-bugfix-release/

Usage

// If paramiko==2.0.8 doesn't works try : pip install paramiko==2.4.2

pip install -r requirements.txt
python libsshauthbypass.py --help

Example:
python libsshauthbypass.py --host 0.0.0.0 --port 22 --command "cat /etc/passwd" --logfile newlogfile.log

Youtube videos that shows how to exploit libSSH by using this PoC (Proof Of Concept)

PoC_1

PoC_2

Find the right server with these fingerprints:

https://gist.github.com/0x4D31/35ddb0322530414bbb4c3288292749cc

Check the version of server that you trying to bypass with testversionofserver.py

If output is 0.7.5, 0.6.*, or lowest then the server is vulnerable.

If isn't then it's probably patched, truncated or not using libSSH.

Shodan.io libSSH

( 22 Port is default, other ports like (2222, 3333, 4444) might be including libSSH )

More Repositories

1

mcreator

Encoded Reverse Shell Generator With Techniques To Bypass AV's
Python
147
star
2

peanalyzer

Advanced Portable Executable File Analyzer And Disassembler 32 & 64 Bit
Python
101
star
3

shellcode2assembly

💻 ARCH : ARM, ARM64, MIPS, PPC, X86
Python
84
star
4

encdecshellcode

Shellcode Encrypter & Decrypter via XOR Cipher
Python
57
star
5

gmail-leak-test-python

Little tool that i made to test big gmail leak wordlist with SMTP
Python
5
star
6

blacknbunny.github.io

BlacknBunny blog page.
HTML
5
star
7

Text-Obfuscator-Deobfuscator

Golang Basic Text Obfuscator And Deobfuscator
Go
4
star
8

ValidatorPCAP

Tool that allows you to find ip addresses in PCAP file by making comparison between two .txt list of ip addresses.
Python
4
star
9

C-UDP-Client-Server

C UDP Protocol Client And Server
C
3
star
10

blogbook

A blog page for everyone.
HTML
3
star
11

Google-Trends-CLI

Google Trends CLI
JavaScript
2
star
12

atom-christmas-ui

Beautiful Christmas UI For Atom
CSS
2
star
13

Webpack-Babel-React-Sample

Webpack & Babel & React.JS : Simple Hello World
JavaScript
2
star
14

C-mySQL-friend-operations

An application that uses local network via MySQL to make friend operations
C
2
star
15

Golang-Image-Processor

Golang CLI Image Processor
Go
1
star
16

ES6-Ornekleri

Ecmascript6 örnekleri.
JavaScript
1
star
17

user-panel-interface

Backbone.JS - Underscore.JS - Bootstrap - JQuery : User Panel Interface
HTML
1
star
18

Golang-Fibonacci-Algorithm

Go
1
star
19

C-TCP-Client-Server

C TCP Protocol Client And Server
C
1
star