Giter Club home page Giter Club logo

pub's People

Contributors

chenull avatar tintinweb avatar

Stargazers

 avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar

Watchers

 avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar

pub's Issues

CVE-2016-2563

when i run poc.py error:ImportError: No module named py3compat

[CVE-2016-2563] confused with PoC

Hi, @tintinweb !

I am getting lost when I am trying to reproduce this bug.

What is step 5 of PoC? Everything is reproduced until step 5. Is it the output of some other utility that is not specified in README?

My understanding is that the error message should be output of pscp. Am I getting is right?

Best,
Victor

dropbear

楼主在吗,有问题咨询,关于dropbear

Problem about poc.py of CVE-2016-3115

environment:

clients:

  • openssh 7.7p1
  • openssl 1.0.2o
  • kali 2018-2
  • python 2.7.15

server:

  • openssh 6.6.1p1
  • openssl 1.0.1f
  • Ubuntu 14.0.4.1-LTS
  • X11Forward yes

It seemed that I used this poc.py login as user2 successfully.
But when i typed ".info" or any other commands, it crashed like this.

Traceback (most recent call last):
  File "poc.py", line 152, in <module>
    LOGGER.info(ex.exploit_fwd_readfile(cmd.split(" ",1)[1]))
  File "poc.py", line 52, in exploit_fwd_readfile
    data = self.exploit("xxxx\nsource %s\n"%path)
  File "poc.py", line 38, in exploit
    session.request_x11(auth_cookie=cmd)
  File "/usr/lib/python2.7/dist-packages/paramiko/channel.py", line 63, in _check
    return func(self, *args, **kwds)
  File "/usr/lib/python2.7/dist-packages/paramiko/channel.py", line 474, in request_x11
    self._wait_for_event()
  File "/usr/lib/python2.7/dist-packages/paramiko/channel.py", line 1198, in _wait_for_event
    raise e
paramiko.ssh_exception.SSHException: Channel closed.

poc.py for cve-2016-3116?

Hello

Is there a chance you are going to release the proof of concept for cve-2016-3116?
I am testing IoT devices and this cve came up in a couple, it would be nice to see if they can be exploited.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.