rhynorater / cve-2018-15473-exploit Goto Github PK
View Code? Open in Web Editor NEWExploit written in Python for CVE-2018-15473 with threading and export formats
Exploit written in Python for CVE-2018-15473 with threading and export formats
python3.7 sshUsernameEnumExploit.py
Traceback (most recent call last):
File "sshUsernameEnumExploit.py", line 33, in <module>
old_parse_service_accept = paramiko.auth_handler.AuthHandler._handler_table[paramiko.common.MSG_SERVICE_ACCEPT]
TypeError: 'property' object is not subscriptable
I copy the code and save on my user_enum_new.py
file i am not good in python
after giving execute permission i ran this command ./user_enum_new.py --username root 2.2.2.2
for exploit the CVE and find username this give mi error
Traceback (most recent call last):
File "user_enum_new.py", line 24, in <module>
import paramiko
ImportError: No module named paramiko
After this error i run this cmd for install paramiko module pip install paramiko
this give me successful response already satisfy
Requirement already satisfied: paramiko in /usr/lib/python3/dist-packages (2.7.2)
now i go to run again this cmd ./user_enum_new.py --username root 2.2.2.2
this give me also same error
Traceback (most recent call last):
File "user_enum_new.py", line 24, in <module>
import paramiko
ImportError: No module named paramiko
i tried some other method which i know this not working give same error
what i need to do here kindly help me !!
Also i clone hole repository CVE-2018-15473-Exploit
After cloning i install requirements.txt file with this cmd also got same response satisfied
but also got same error after running this cmd ./sshUsernameEnumExploit.py --username root 2.2.2.2
Thank you
I'm trying to get the data in json and I'm not able to, I only get the data in console, I use this command:
python3 sshUsernsame<enumExploit.py --port --outputFile <name_file> --outputFormat json --userList
I would like to know how can I get the data in json and if I am launching the command wrong or not.
Thank you.
I patched commit f8dc16b to get paramiko working.
However, for any host (patched or unpatched) I've tried I get:
$ docker run cve-2018-15473 --port 22 --username admin 10.193.247.57
/usr/lib/python2.7/site-packages/paramiko/kex_ecdh_nist.py:39: CryptographyDeprecationWarning: encode_point has been deprecated on EllipticCurvePublicNumbers and will be removed in a future version. Please use EllipticCurvePublicKey.public_bytes to obtain both compressed and uncompressed point encoding.
m.add_string(self.Q_C.public_numbers().encode_point())
/usr/lib/python2.7/site-packages/paramiko/kex_ecdh_nist.py:92: CryptographyDeprecationWarning: Support for unsafe construction of public numbers from encoded data will be removed in a future version. Please use EllipticCurvePublicKey.from_encoded_point
self.curve, Q_S_bytes
/usr/lib/python2.7/site-packages/paramiko/kex_ecdh_nist.py:103: CryptographyDeprecationWarning: encode_point has been deprecated on EllipticCurvePublicNumbers and will be removed in a future version. Please use EllipticCurvePublicKey.public_bytes to obtain both compressed and uncompressed point encoding.
hm.add_string(self.Q_C.public_numbers().encode_point())
Target host most probably is not vulnerable or already patched, exiting...
Would you mind adding a license to make it possible to use the code?
CC0, or a permissive (like Apache 2.0, MIT or BSD) maybe?
Thank you!
./sshUsernameEnumExploit.py --port 22 --outputFile /tmp/tst.txt --username collin 192.168.56.3
/home/user/.local/lib/python2.7/site-packages/paramiko/kex_ecdh_nist.py:39: CryptographyDeprecationWarning: encode_point has been deprecated on EllipticCurvePublicNumbers and will be removed in a future version. Please use EllipticCurvePublicKey.public_bytes to obtain both compressed and uncompressed point encoding.
m.add_string(self.Q_C.public_numbers().encode_point())
/home/user/.local/lib/python2.7/site-packages/paramiko/kex_ecdh_nist.py:92: CryptographyDeprecationWarning: Support for unsafe construction of public numbers from encoded data will be removed in a future version. Please use EllipticCurvePublicKey.from_encoded_point
self.curve, Q_S_bytes
/home/user/.local/lib/python2.7/site-packages/paramiko/kex_ecdh_nist.py:103: CryptographyDeprecationWarning: encode_point has been deprecated on EllipticCurvePublicNumbers and will be removed in a future version. Please use EllipticCurvePublicKey.public_bytes to obtain both compressed and uncompressed point encoding.
hm.add_string(self.Q_C.public_numbers().encode_point())
collin is not a valid user!
No output file available after doing this, could be due to deprecated functions.
If using this with a large number of usernames, the execution could take some time. Therefore, if an unhandled exception occurs (e.g. communication failure, I/O error, etc.), the script will stop executing, and all intermediate results will be lost.
If the script were to write results incrementally (i.e. once per attempt), instead of at the end of the execution, any intermediate fatal issues wouldn't compromise the output data. This would work well for CSV/text output, but might need some special handling for JSON.
try run this script.
get some error stack dispaly
Unknown exception: Traceback (most recent call last): File "D:\python3\lib\site-packages\paramiko\transport.py", line 1949, in run handler(self.auth_handler, m) File "C:\Users\Administrator\CVE-2018-15473-Exploit\sshUsernameEnumExploit.py", line 47, in call_error raise BadUsername() __mp_main__.BadUsername
but the exception Should not be displayed
File "sshUsernameEnumExploit.py", line 33, in
old_parse_service_accept = paramiko.auth_handler.AuthHandler._handler_table[paramiko.common.MSG_SERVICE_ACCEPT]
TypeError: 'property' object has no attribute 'getitem'
master# cat ./Dockerfile
FROM debian:9
LABEL maintainer "Ilya Glotov [email protected]"
RUN apt-get update; apt-get -y install build-essential libffi-dev python-pip python-dev libssl-dev python; pip install pip install --upgrade pip; pip install paramiko==2.4.1
COPY sshUsernameEnumExploit.py /sshUsernameEnumExploit.py
RUN chmod +x /sshUsernameEnumExploit.py
$ docker build -t cve-2018-15473 .
...
Successfully tagged cve-2018-15473:latest
$ docker run cve-2018-15473 -h
Traceback (most recent call last):
File "sshUsernameEnumExploit.py", line 33, in <module>
old_parse_service_accept = paramiko.auth_handler.AuthHandler._handler_table[paramiko.common.MSG_SERVICE_ACCEPT]
TypeError: 'property' object has no attribute '__getitem__'
$ git log |head
* ae8cb41 Thu Sep 13 11:09:33 2018 -0400 (HEAD, origin/master, origin/HEAD, master) Update README.md
* 55a59ab Wed Aug 29 10:02:34 2018 -0400 Merge pull request #7 from klau2005/master
|\
| * 359ceb2 Sun Aug 26 10:16:13 2018 +0300 Added simple test to check if target is vulnerable to this exploit
|/
* 776a3a3 Thu Aug 23 09:23:27 2018 -0400 Merge pull request #6 from KonradIT/windows-fix
|\
| * 8871e96 Thu Aug 23 09:20:34 2018 -0400 Fixing spaces
| * 65ff7b4 Wed Aug 22 14:01:34 2018 -0700 Add windows fix
* | 14934d9 Thu Aug 23 09:16:30 2018 -0400 Merge pull request #5 from KonradIT/master
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.