Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2018-10933 PoC — libssh server-side state machine 安全漏洞

Source
https://github.com/bidaoui4905/CVE-2018-10933
Associated Vulnerability
Title:libssh server-side state machine 安全漏洞 (CVE-2018-10933)
Description:A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4. A malicious client could create channels without first performing authentication, resulting in unauthorized access.
Description
LibSSH authentification bypass
Readme
# CVE-2018-10933 - SSH Authentication Bypass PoC

## Description
CVE-2018-10933 is an authentication bypass vulnerability in the server-side implementation of **libssh**. The flaw allows an attacker to send a `SSH2_MSG_USERAUTH_SUCCESS` message without any prior authentication, gaining unauthorized access.

## Impacted Systems
Any server using vulnerable versions of **libssh**  for SSH services is affected.

## Vulnerable Versions
- libssh 0.6 and above
- Fixed in versions: 0.7.6 and 0.8.4

---

## Usage

1. Replace `ip` in the script with the target's IP address.
2. Run the script:

```bash
pip install paramiko
python3 CVE_2018_10933.py
File Snapshot

 [4.0K]  /data/pocs/a5fa0866b06722e5ab42c3ed4554a97aa8ee3182
├── [ 646]  README.md
└── [ 956]  SSH_auth_bypass.py

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →