POC详情: 387dd3eaebace2b729aa9b0b3b434214224106af

来源
https://github.com/te0rwx/CVE-2025-32433-Detection
关联漏洞
标题: Erlang/OTP 访问控制错误漏洞 (CVE-2025-32433)
描述:Erlang/OTP是Erlang/OTP开源的一个JavaScript编写的处理处理异常的库。该库可以捕捉node.js内置API引发的异常。 Erlang/OTP 27.3.3之前版本存在访问控制错误漏洞,该漏洞源于SSH协议消息处理缺陷,可能导致远程代码执行。
介绍
# CVE-2025-32433 YARA Detection Rule

**Author:** te0rwx  
**Date:** 2025-08-27 

## Description

This YARA rule is designed to detect:

- CVE-2025-32433 Erlang SSH remote code execution exploits.
- Reverse shells (Bash, nc, Erlang `os:cmd`) including obfuscated payloads (Base64, Hex, XOR, fragmented).
- Python, Go, and Bash scanners targeting Erlang SSH.
- Stealthy execution patterns, backgrounding, and sleep-delayed commands.

The rule **minimizes false positives** by requiring multiple exploit markers or multiple scanner indicators before matching.

---

## Usage

```bash
yara -r rule-cve-2025-32433.yar /path/to/scan
文件快照

 [4.0K]  /data/pocs/387dd3eaebace2b729aa9b0b3b434214224106af
├── [ 11K]  LICENSE
├── [ 628]  README.md
└── [4.0K]  YARA
    └── [3.2K]  rule-cve-2025-32433.yar

1 directory, 3 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。