来源

关联漏洞

描述

This script is a custom security tool designed to test for a critical pre-authentication vulnerability in systems running Erlang-based SSH servers

介绍

# CVE-2025-32433_Erlang-OTP
This script is a custom security tool designed to test for a critical pre-authentication vulnerability in systems running Erlang-based SSH servers

This script is a custom security tool designed to test for a critical pre-authentication vulnerability in systems running Erlang-based SSH servers (such as those used in embedded systems, IoT devices, and some backend services). The vulnerability being tested for is similar to CVE-2025-32433, which allows unauthenticated remote command execution during the SSH handshake phase.

# How It Works
## Target Enumeration:
- Accepts either a single IP:port or bulk IPs and ports from ips.txt and ports.txt.
- Matches IPs and ports line-by-line to scan environments systematically.

## SSH Protocol Emulation:
- Initiates a raw TCP connection and mimics a legitimate SSH client.
- Sends a valid SSH banner and KEXINIT packet to initiate key exchange.

## Brute-Force Channel Types:
- Tries multiple SSH CHANNEL_OPEN types (e.g., session, direct-tcpip, etc.).
- Some vulnerable servers respond differently based on accepted channel types.

## Command Injection:
- If a channel is successfully opened pre-auth, it sends a payload (e.g., whoami or a reverse shell).
- Designed to detect execution capability without crashing or alerting services unnecessarily.

## Resilience and Reporting:
- Automatically reconnects if the server disconnects.
- Supports multithreading for faster scans across large inventories.
- Includes timestamps, logs all results to results.txt, and provides a live progress bar.

文件快照

 [4.0K]  /data/pocs/a82fabe3b726d7d96433d24d609e9c6e7237fc9f
├── [ 13K]  erLang.py
├── [   0]  ips.txt
├── [1.0K]  LICENSE
├── [   0]  ports.txt
└── [1.5K]  README.md

0 directories, 5 files

备注