CVE-2018-7750 PoC — Paramiko SSH服务器实现授权问题漏洞

Source

https://github.com/jm33-m0/CVE-2018-7750

Associated Vulnerability

Title:Paramiko SSH服务器实现授权问题漏洞 (CVE-2018-7750)
Description:transport.py in the SSH server implementation of Paramiko before 1.17.6, 1.18.x before 1.18.5, 2.0.x before 2.0.8, 2.1.x before 2.1.5, 2.2.x before 2.2.3, 2.3.x before 2.3.2, and 2.4.x before 2.4.1 does not properly check whether authentication is completed before processing other requests, as demonstrated by channel-open. A customized SSH client can simply skip the authentication step.

Description

an RCE (remote command execution) approach of CVE-2018-7750

Readme

# CVE-2018-7750
an RCE (remote command execution) approach of CVE-2018-7750

![poc](/img/poc.png)

- Exploit Title: Paramiko < 2.4.1 - Remote Code Execution
- Date: 2018-11-06
- Exploit Author: jm33-ng
- Vendor Homepage: https://www.paramiko.org
- Software Link: [https://github.com/paramiko/paramiko/archive/2.4.0.tar.gz](https://github.com/paramiko/paramiko/archive/2.4.0.tar.gz)
- Version: < 1.17.6, 1.18.x < 1.18.5, 2.0.x < 2.0.8, 2.1.x < 2.1.5, 2.2.x < 2.2.3, 2.3.x < 2.3.2, and 2.4.x < 2.4.1
- Tested on: Multiple platforms
- CVE: CVE-2018-7750

- This PoC provides a way to execute arbitrary commands via paramiko SSH server, using CVE-2018-7750.
- Details about CVE-2018-7750: [https://github.com/paramiko/paramiko/issues/1175](https://github.com/paramiko/paramiko/issues/1175)
- The original PoC, which makes use of SFTP, can be found at [https://www.exploit-db.com/exploits/45712](https://www.exploit-db.com/exploits/45712)

File Snapshot

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!