关联漏洞
标题:
OpenSSH 安全漏洞
(CVE-2024-6387)
描述:OpenSSH(OpenBSD Secure Shell)是加拿大OpenBSD计划组的一套用于安全访问远程计算机的连接工具。该工具是SSH协议的开源实现,支持对所有的传输进行加密,可有效阻止窃听、连接劫持以及其他网络级的攻击。 OpenSSH 存在安全漏洞,该漏洞源于信号处理程序中存在竞争条件,攻击者利用该漏洞可以在无需认证的情况下远程执行任意代码并获得系统控制权。
描述
This Python script exploits a remote code execution vulnerability (CVE-2024-6387) in OpenSSH.
介绍
<div align="center">
# 🇮🇱 **#BringThemHome #NeverAgainIsNow** 🇮🇱
**We demand the safe return of all citizens who have been taken hostage by the terrorist group Hamas. We will not rest until every hostage is released and returns home safely. You can help bring them back home.
https://stories.bringthemhomenow.net/**
</div>
# OpenSSH CVE-2024-6387 Exploit 🚀
This repository contains a Python script designed to exploit the remote code execution (RCE) vulnerability in OpenSSH (CVE-2024-6387). This vulnerability involves a signal handler race condition that can lead to arbitrary code execution, allowing attackers to gain root access. This proof-of-concept is intended for educational purposes only.
## Overview 📖
OpenSSH's CVE-2024-6387 is a critical vulnerability caused by a regression of a previously fixed issue. It involves a race condition in the signal handler that can be exploited to execute arbitrary code as root.
## Features 🌟
- **Multithreading**: Increases the chances of winning the race condition.
- **Success Event**: Stops attempts once the exploit succeeds.
- **Timing Adjustments**: Fine-tunes the timing required to trigger the race condition.
- **IPv4 and IPv6 Support**: Handles both IPv4 and IPv6 addresses for broader compatibility. [oferchen](https://github.com/oferchen)
- **Command-Line Arguments**: Allows flexible configuration of target IP, port, maximum attempts, number of threads, and glibc base address. [oferchen](https://github.com/oferchen)
## Usage 🚀
### Prerequisites
- Python 3.x
### Running the Exploit
1. **Clone the repository**:
```sh
git clone https://github.com/d0rb/CVE-2024-6387.git
cd CVE-2024-6387-exploit
```
2. **Execute the script**:
```sh
python exploit_cve_2024_6387.py <target_ip> <target_port> --max_attempts 10000 --num_threads 10 --glibc_base 0xb7400000
```
Example:
```sh
python exploit_cve_2024_6387.py 192.168.1.100 22 --max_attempts 10000 --num_threads 10 --glibc_base 0xb7400000
```
## Explanation 🛠️
### Enhancing the Race Condition
To improve the chances of winning the race condition, the script uses multithreading, which allows multiple attempts to be made simultaneously. Each thread tries to exploit the vulnerability, increasing the likelihood of success. A threading event (`success_event`) is used to signal when the exploit has succeeded, stopping all further attempts. The script also adjusts the timing slightly after each attempt to better synchronize with the race condition.
### Credits
Special thanks to [Ofer Chen](https://github.com/oferchen) for his valuable contributions to improving this script.
## Legal Disclaimer ⚠️
This exploit is for educational purposes only. Unauthorized use on systems without explicit permission is illegal and unethical. Always follow legal guidelines and obtain explicit permission before testing security on any system.
## Contact 📬
For any issues or inquiries, please open an issue on GitHub.
---
**Stay safe and responsible!** 🔒💻
文件快照
[4.0K] /data/pocs/87772a07be5cfa51de3456d5c265b8a2b2c49694
├── [3.1K] PoCipv6.py
├── [3.0K] PoC.py
└── [3.0K] README.md
0 directories, 3 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。