CVE-2018-10933 PoC — libssh server-side state machine 安全漏洞

Source

https://github.com/jas502n/CVE-2018-10933

Associated Vulnerability

Title:libssh server-side state machine 安全漏洞 (CVE-2018-10933)
Description:A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4. A malicious client could create channels without first performing authentication, resulting in unauthorized access.

Description

libssh CVE-2018-10933

Readme

# CVE-2018-10933
libssh 服务端权限认证绕过漏洞（CVE-2018-10933）


```
libssh是一个提供ssh相关接口的开源库，包含服务端、客户端等。其服务端代码中存在一处逻辑错误，攻击者可以在认证成功前发送MSG_USERAUTH_SUCCESS消息，绕过认证过程，未授权访问目标SSH服务器。


```

## 0x00 docker for libssh vuln

https://github.com/vulhub/vulhub/blob/master/libssh/CVE-2018-10933/README.md

## 0x01 nmap scan libssh version

![](./nmap.jpg)


## 0x02 payload user

![](./exp.jpg)

File Snapshot


 [4.0K]  /data/pocs/e694e20c7a6584ef6b1696509b7c2346bd45f255
├── [539K]  exp.jpg
├── [1.3K]  libssh-CVE-2018-10933-jas502n.py
├── [660K]  nmap.jpg
└── [ 549]  README.md

0 directories, 4 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!