关联漏洞
标题:
OpenSSH 竞争条件问题漏洞
(CVE-2018-15473)
描述:OpenSSH(OpenBSD Secure Shell)是OpenBSD计划组的一套用于安全访问远程计算机的连接工具。该工具是SSH协议的开源实现,支持对所有的传输进行加密,可有效阻止窃听、连接劫持以及其他网络级的攻击。 OpenSSH 7.7及之前版本中存在竞争条件问题漏洞。该漏洞源于网络系统或产品在运行过程中,并发代码需要互斥地访问共享资源时,对于并发访问的处理不当。
描述
Test CVE-2018-15473 exploit on Shodan IP
介绍
Here is a simple script to test CVE-2018-15473 exploit on 100 IP addresses referenced by Shodan. Usernames tested are contained in users.txt
The file that has to be executed is main.py. It works on Linux and you have to get your own API key from www.shodan.io
The results only appear on the standard output. Expect the IP list which is save under ips.txt.
CVE attack forked from https://github.com/Sait-Nuri/CVE-2018-15473
Make sure you have the libraries argparse, shodan and paramiko.
You also can try the following command: chmod +x cve.py
The purpose of this project is purely educational.
文件快照
[4.0K] /data/pocs/6ec2ce7f3137bcce034b132d3e726626db7ba875
├── [3.1K] cve.py
├── [ 579] main.py
├── [ 599] README.md
└── [ 244] users.txt
0 directories, 4 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。