Скачать или смотреть libSSH Authentication Bypass Exploit (CVE-2018-10933) Demo

In this demo, we will be exploiting the libSSH Authentication Bypass Vulnerability (CVE-2018-10933) to execute commands remotely to a vulnerable server.

Note: libSSH is not OpenSSH. While the vulnerability isn't difficult to exploit, it seems quite hard to find circumstances to exploit vulnerability and gain arbitrary code execution.

For the exploit in the video, the Paramiko Python module was used to send the SSH2_MSG_USERAUTH_SUCCESS on the vulnerable libSSH running that will successfully authenticate us in the server without any credentials.

libssh versions 0.6 and above have an authentication bypass vulnerability in the server code. By presenting the server an SSH2_MSG_USERAUTH_SUCCESS message in place of the SSH2_MSG_USERAUTH_REQUEST message which the server would expect to initiate authentication, the attacker could successfully authenticate without any credentials.

More information about CVE-2018-10933 can be found on the libSSH website: https://www.libssh.org/security/advis...

Bugfix Release can also be found on libSSH website: https://www.libssh.org/2018/10/16/lib...

Disclaimer: This material is for educational and research purposes only. Do not attempt to violate the law with anything contained here. I am not responsible for any direct or indirect damage caused due to the usage of the information provided on this video.

https://ethicalhackers.club