Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2023-25136 PoC — OpenSSH 资源管理错误漏洞

Source
https://github.com/mrmtwoj/CVE-2023-25136
Associated Vulnerability
Title:OpenSSH 资源管理错误漏洞 (CVE-2023-25136)
Description:OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. This is fixed in OpenSSH 9.2. The double free can be leveraged, by an unauthenticated remote attacker in the default configuration, to jump to any location in the sshd address space. One third-party report states "remote code execution is theoretically possible."
Description
This vulnerability is of the "double-free" type, which occurs during the processing of key exchange (KEX) algorithms in OpenSSH. A "double-free" vulnerability happens when memory that has already been freed is freed again. This issue can indirectly lead to remote code execution (RCE) by an attacker.
Readme
# OpenSSH Vulnerability Testing Tool for CVE-2023-25136

This repository provides a **Proof of Concept (PoC)** for testing the **CVE-2023-25136** vulnerability in OpenSSH versions 9.0 and 9.1. The vulnerability allows for potential security risks and this tool helps identify if a server is running a vulnerable version of OpenSSH.

The tool checks the version of OpenSSH running on the server and alerts if it is affected by this vulnerability.

## Features
- Checks for OpenSSH versions **9.0** and **9.1** which may be vulnerable to **CVE-2023-25136**.
- Easy-to-use command-line interface to test one or multiple SSH servers.
- Option to check using a proxy server.
- Provides a detailed report with vulnerability warnings for the affected versions.
- Supports checking a list of servers from a file.

## How It Works
The tool attempts to establish an SSH connection to the target server and retrieves the OpenSSH version using the `ssh -V` command. It then compares the version to known vulnerable versions (9.0 and 9.1) and alerts the user if the server is affected by **CVE-2023-25136**.

### Testing Targets
The tool checks for OpenSSH versions on the following targets:
- **Single target**: Check one server by IP address.
- **Multiple targets**: Provide a list of servers from a text file to check multiple targets.

## Getting Started

### Prerequisites
- **Python 3.x** installed on your system.
- **Paramiko** library to establish SSH connections.

## Installation
Clone this repository:
``` bash
git clone https://github.com/mrmtwoj/CVE-2023-25136.git
cd CVE-2023-25136
```
## Usage
To use the tool, provide the target IP address you want to test using the -target flag:
python3 cve-2023-25136.py -target 192.168.1.100

``` bash
python3 cve-2023-25136.py -target <target-ip>
```
File Snapshot

 [4.0K]  /data/pocs/695efb2e43ca0e56a3262aa080747c369284790d
├── [2.8K]  cve-2023-25136.py
└── [1.8K]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →