Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2023-25136 PoC — OpenSSH 资源管理错误漏洞

Source
https://github.com/axylisdead/CVE-2023-25136_POC
Associated Vulnerability
Title:OpenSSH 资源管理错误漏洞 (CVE-2023-25136)
Description:OpenSSH(OpenBSD Secure Shell)是加拿大OpenBSD计划组的一套用于安全访问远程计算机的连接工具。该工具是SSH协议的开源实现,支持对所有的传输进行加密,可有效阻止窃听、连接劫持以及其他网络级的攻击。 OpenSSH 存在资源管理错误漏洞,该漏洞源于options.kex_algorithms 处理期间引入了双重释放漏洞。
Description
CVE-2023-25136 POC written by axylisdead
Readme
<h1>CVE-2023-25136 POC</h1>
<h3>POC For A Pre Auth Double Free Vulnerability Affecting OpenSSH 9.1 To 9.2</h3>
<hr>
<h2>Neccessary libraries</h2>
<p>Please make sure you have the following dependencies installed:</p>
<ul>
<li>Python 3 (duh)</li>
<li>termcolor</li>
<li>argparse</li>
<li>fabric</li>
</ul>
<p>You can also install these libraries directly from the included requirements.txt file using pip.</p>
<p><code>python3 -m pip install -r requirements.txt</code></p>
<hr>
<h2>How to use:</h2>
<p>To use the script to check if OpenSSH is vulnerable on a single specified IP address, run the script with the <code>-t</code> or the <code>--target</code> parameter, followed by the IP address you wish to test.</p>
<p><b>NOTE: IT WILL AUTOMATICALLY DEFAULT TO PORT 22</b></p>
<p>Example: <code>python3 CVE-2023-25136_POC.py -t 127.0.0.1</code></p>
<p>To check for the vulnerability on more than one IP address, create a file with one IP per line and specify it to the script with the <code>-p</code> or the <code>--filepath</code> parameter.</p>
<p>Example: <code>python3 CVE-2023-25136_POC.py -f listofips.txt</code></p>
<hr>
<h2>Understanding output</h2>
<p>Pretty straight forward, if OpenSSH is exploitable, it will print it <code>127.0.0.1: Exploitable</code> in green</p>
<p>If it isn't, it will print it <code>127.0.0.1: Exploitable</code> in red
<hr>
<h2>Credits</h2>
<p>This vulnerability was found by Mantas Mikulėnas (<a href="https://github.com/grawity">grawity</a>) and all credit goes to him.</p>
<p>The proof of concept for this exploit was written by me, Lodzie Kotekya.</p>
<p>You can find me on <a href="https://t.me/lodzie">Telegram</a> or <a href="https://twitter.com/LodzieIsHere">Twitter.</p>
<hr>
<h2>License</h2>
<p>This code was proudly written and published under Daddy Stallmans <a href="https://www.gnu.org/licenses/gpl-3.0.txt">GPL v3 license</a>
File Snapshot

 [4.0K]  /data/pocs/8b21f271f4d734c8dd9399114d72b9b18f63795a
├── [1.5K]  CVE-2023-25136_POC.py
├── [ 34K]  LICENSE
├── [1.8K]  README.md
└── [  25]  requirements.txt

0 directories, 4 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.