CVE-2018-7750 PoC — Paramiko SSH服务器实现授权问题漏洞

Source

Associated Vulnerability

Description

an RCE (remote command execution) approach of CVE-2018-7750

Readme

# CVE-2018-7750
an RCE (remote command execution) approach of CVE-2018-7750

![poc](/img/poc.png)

- Exploit Title: Paramiko < 2.4.1 - Remote Code Execution
- Date: 2018-11-06
- Exploit Author: jm33-ng
- Vendor Homepage: https://www.paramiko.org
- Software Link: [https://github.com/paramiko/paramiko/archive/2.4.0.tar.gz](https://github.com/paramiko/paramiko/archive/2.4.0.tar.gz)
- Version: < 1.17.6, 1.18.x < 1.18.5, 2.0.x < 2.0.8, 2.1.x < 2.1.5, 2.2.x < 2.2.3, 2.3.x < 2.3.2, and 2.4.x < 2.4.1
- Tested on: Multiple platforms
- CVE: CVE-2018-7750

- This PoC provides a way to execute arbitrary commands via paramiko SSH server, using CVE-2018-7750.
- Details about CVE-2018-7750: [https://github.com/paramiko/paramiko/issues/1175](https://github.com/paramiko/paramiko/issues/1175)
- The original PoC, which makes use of SFTP, can be found at [https://www.exploit-db.com/exploits/45712](https://www.exploit-db.com/exploits/45712)

File Snapshot

 [4.0K]  /data/pocs/8891ef00e1c989474d954aaca0d8f2b068b1f75d
├── [4.0K]  img
│   ├── [ 35K]  poc.png
│   └── [ 45K]  proceeding_without_auth.png
├── [ 34K]  LICENSE
├── [282K]  paramiko-2.4.0.tar.gz
├── [1.0K]  rce.py
├── [ 934]  README.md
└── [1.6K]  sample_ssh_server.py

1 directory, 7 files

Remarks