关联漏洞
标题:
OpenSSH 安全漏洞
(CVE-2024-6387)
描述:OpenSSH(OpenBSD Secure Shell)是加拿大OpenBSD计划组的一套用于安全访问远程计算机的连接工具。该工具是SSH协议的开源实现,支持对所有的传输进行加密,可有效阻止窃听、连接劫持以及其他网络级的攻击。 OpenSSH 存在安全漏洞,该漏洞源于信号处理程序中存在竞争条件,攻击者利用该漏洞可以在无需认证的情况下远程执行任意代码并获得系统控制权。
描述
CVE-2024-6387 exploit
介绍
# SSH Vulnerability Scanner
The SSH Vulnerability Scanner is a Python script that uses Nmap to scan a list of domains for vulnerable SSH versions. It checks multiple ports for SSH services and identifies versions that are known to have security vulnerabilities.
## Features
- Scans multiple domains from a file, one domain per line.
- Checks all ports for SSH service (comprehensive port scanning).
- Identifies and highlights vulnerable SSH versions.
- Uses threading for concurrent scanning to improve performance.
- Handles errors gracefully, including DNS resolution failures.
- Outputs results with colored formatting for clear visibility.
## Requirements
- Python 3.x
- Python `nmap` library (`python3-nmap`)
- Python `termcolor` library (`termcolor`)
## Installation
1. Clone the repository:
```
git clone https://github.com/thegenetic/CVE-2024-6387-exploit.git
cd CVE-2024-6387-exploit
```
2. Install dependencies:
```
pip install -r requirements.txt
```
## Usage
1. Create a text file (`domains.txt`) containing domains to scan, with one domain per line.
2. Run the script with the file path as an argument:
```
python CVE-2024-6387.py domains.txt
```
## Options
- The script uses Nmap with the following options:
- `-Pn`: Treat all hosts as online (skip host discovery).
- `-sV`: Probe open ports to determine service/version info.
- `-p-`: Scan all 65535 ports.
- `--script ssh2-enum-algos,ssh-auth-methods,ssh-hostkey,ssh-run,sshv1`: Use SSH specific scripts for more detailed information.
## Example Output
```
$ python CVE-2024-6387.py domains.txt
Scanning example.com (93.184.216.34)...
[example.com] SSH version detected on port 22: SSH-2.0-OpenSSH_8.8p1
[example.com] SSH version detected on port 2222: SSH-2.0-OpenSSH_8.6p1
...
Scan Results:
example.com (22): SSH-2.0-OpenSSH_8.8p1
example.com (2222): SSH-2.0-OpenSSH_8.6p1
example.com (none): No SSH version detected on open ports
...
$ cat domains.txt
example.com
...
```
文件快照
[4.0K] /data/pocs/18b6c21a41be91da28d8dc08c69595631742a0d7
├── [3.4K] CVE-2024-6387.py
├── [2.0K] README.md
└── [ 23] requirements.txt
0 directories, 3 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。