CVE-2018-10933 PoC — libssh server-side state machine 安全漏洞

Source

https://github.com/nikhil1232/LibSSH-Authentication-Bypass

Associated Vulnerability

Title:libssh server-side state machine 安全漏洞 (CVE-2018-10933)
Description:A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4. A malicious client could create channels without first performing authentication, resulting in unauthorized access.

Description

LibSSH Authentication Bypass CVE-2018-10933

Readme

# LibSSH-Authentication-Bypass
LibSSH Authentication Bypass CVE-2018-10933

### Usage:                                                                                                                                     

To use this script type in: python3 LibAuth.py –help to see all the options and parameters we need to use.

So we need to specify the victim’s IP address, port no and finally the command that we want to execute in the victim machine.

The Final command would be 
### python3 LibAuth.py –host 192.168.0.100 -p 22 -c “uname -a”

![alt text](https://theblocksec.com/wp/wp-content/uploads/2018/12/Screenshot-216.png)

## References:
https://pentesterlab.com/exercises/cve-2018-10933/course

https://github.com/kn6869610/CVE-2018-10933

https://www.youtube.com/watch?v=ZSWQjmfcn4g

http://docs.paramiko.org

File Snapshot


 [4.0K]  /data/pocs/79b5af1267a331f4c94188ee76956cf9b5568f87
├── [ 967]  LibAuth.py
└── [ 833]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!