Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1020 CNY

100%
Buy Us a Coffee

CVE-2024-6387 PoC — Openssh: regresshion - race condition in ssh allows rce/dos

Source
https://github.com/thegenetic/CVE-2024-6387-exploit
Associated Vulnerability
Title:Openssh: regresshion - race condition in ssh allows rce/dos (CVE-2024-6387)
Description:A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.
Description
CVE-2024-6387 exploit
Readme
# SSH Vulnerability Scanner

The SSH Vulnerability Scanner is a Python script that uses Nmap to scan a list of domains for vulnerable SSH versions. It checks multiple ports for SSH services and identifies versions that are known to have security vulnerabilities.

## Features

- Scans multiple domains from a file, one domain per line.
- Checks all ports for SSH service (comprehensive port scanning).
- Identifies and highlights vulnerable SSH versions.
- Uses threading for concurrent scanning to improve performance.
- Handles errors gracefully, including DNS resolution failures.
- Outputs results with colored formatting for clear visibility.

## Requirements

- Python 3.x
- Python `nmap` library (`python3-nmap`)
- Python `termcolor` library (`termcolor`)

## Installation

1. Clone the repository:
   ```
   git clone https://github.com/thegenetic/CVE-2024-6387-exploit.git
   cd CVE-2024-6387-exploit
   ```

2. Install dependencies:
   ```
   pip install -r requirements.txt
   ```

## Usage

1. Create a text file (`domains.txt`) containing domains to scan, with one domain per line.
2. Run the script with the file path as an argument:
   ```
   python CVE-2024-6387.py domains.txt
   ```

## Options

- The script uses Nmap with the following options:
  - `-Pn`: Treat all hosts as online (skip host discovery).
  - `-sV`: Probe open ports to determine service/version info.
  - `-p-`: Scan all 65535 ports.
  - `--script ssh2-enum-algos,ssh-auth-methods,ssh-hostkey,ssh-run,sshv1`: Use SSH specific scripts for more detailed information.

## Example Output

```
$ python CVE-2024-6387.py domains.txt

Scanning example.com (93.184.216.34)...
[example.com] SSH version detected on port 22: SSH-2.0-OpenSSH_8.8p1
[example.com] SSH version detected on port 2222: SSH-2.0-OpenSSH_8.6p1
...

Scan Results:
example.com (22): SSH-2.0-OpenSSH_8.8p1
example.com (2222): SSH-2.0-OpenSSH_8.6p1
example.com (none): No SSH version detected on open ports

...

$ cat domains.txt
example.com
...
```
File Snapshot

 [4.0K]  /data/pocs/18b6c21a41be91da28d8dc08c69595631742a0d7
├── [3.4K]  CVE-2024-6387.py
├── [2.0K]  README.md
└── [  23]  requirements.txt

0 directories, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →