On August 15th, 2018, the following advisory was posted on the OSS-Security list: http://openwall.com/lists/oss-security/2018/08/15/5
The ShelIntel team decided to invest some time and write an exploit for this vulnerability. The exploit below has the following features:
- Threading - default 5
- If more than 10 are used, often the OpenSSH service gets overwhelmed and causes retries
- Single username evaluation via
usernameparameter - Multiple username evaluation via
userListparameter - Multiple username evaluation file output via
outputFileparameter - Multiple output formats (list, json, csv) via
outputFormatparameter
An example username input file is given in exampleInput.txt
An example results output file in List format is given in exampleOutput.txt
An example results output file in JSON format is given in exampleOutput.json
An example results output file in CSV format is given in exampleOutput.csv
=======
docker build -t cve-2018-15473 .
docker run cve-2018-15473 -h
docker ps -a | awk '$2 == "cve-2018-15473" {print $1}' | xargs docker rm docker rmi cve-2018-15473
这个exp运行出现TypeError: 'property' object has no attribute 'getitem'错误,把33行、124行、125行的_handler_table改成_client_handler_table可以解决。这个exp调用了paramiko库的非公开接口实现功能,这个库升级后内部接口改名了