POC详情: 8517ebe6489c69fbd2849fbcf810b34eb0baabe0

来源
https://github.com/jobroche/libssh-scanner
关联漏洞
标题: libssh server-side state machine 安全漏洞 (CVE-2018-10933)
描述:libssh是一个用于访问SSH服务的C语言开发包,它能够执行远程命令、文件传输,同时为远程的程序提供安全的传输通道。server-side state machine是其中的一个服务器端状态机。 libssh的server-side state machine 0.7.6之前版本和0.8.4之前版本中存在安全漏洞。攻击者可借助恶意的客户端利用该漏洞在不进行身份验证的情况下创建通道,进而获取未授权的访问权限。
描述
Script to identify hosts vulnerable to CVE-2018-10933
介绍
# libssh scanner

## Introduction

* * *

This is a python based script to identify hosts vulnerable to CVE-2018-10933. Libssh scanner has two modes: passive (banner grabbing) and aggressive (bypass auth) to validate vulnerability's existence. By default, libssh scanner uses passive mode but supply the -a argument and aggressive mode will be used which provides more accurate results.

The vulnerability is present on versions of libssh 0.6+ and was remediated by a patch present in libssh 0.7.6 and 0.8.4. For more details: <https://www.libssh.org/2018/10/16/libssh-0-8-4-and-0-7-6-security-and-bugfix-release/>

## Installation

* * *

Run `pip install -r requirements.txt` within the cloned libssh-scanner directory.

## Help

* * *

    libssh Scanner - Find vulnerable libssh services by Leap Security (@LeapSecurity)

    positional arguments:
      target                An ip address or new line delimited file containing
                            IPs to search for the vulnerability.

    optional arguments:
      -h, --help            show this help message and exit
      -v, --version         show program's version number and exit
      -p PORT, --port PORT  Set port of SSH service
      -a, --aggressive      Identify vulnerable hosts by bypassing authentication
文件快照

 [4.0K]  /data/pocs/8517ebe6489c69fbd2849fbcf810b34eb0baabe0
├── [4.8K]  libsshscan.py
├── [1.0K]  LICENSE
├── [1.3K]  README.md
└── [  31]  requirements.txt

0 directories, 4 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。