Libssh any vulnerable server (CVE-2018-10933)?

hacking

(Occupi) #21

Do you want me to grab both sets separately or just the product:libssh set?


#22

I’m not sure but I don’t want let you to waste credits. so grab only libssh (https://www.shodan.io/search?query=libssh) because should already have product:libssh query results itself


(Occupi) #23

Voila, in CSV format (and gzipped for compression)
http://www.fast-files.com/getfile.aspx?file=176052


#24

File does not exist anymore on the server


(Occupi) #25

Ugh, okay. Uploaded the results to one of our webhosts for now: https://bit.ly/2Rc5giU


(Zain) #26

Ight… let me see what I can do. :stuck_out_tongue:

I payed the one time fee.


(Zain) #27

Ight, so my script is ready and it can be used for multiple different purposes. Please use it, but also edit it as need be… currently gonna add a scanner for libssh if need be but we should be fine… only issue with current scripts for a scanner is that they’d have to take file input. Also, a note on the script, I added the ability to input the number of pages to query. If the pages doesn’t exist, it’ll return a error saying query isn’t valid or something like that. For libssh purposes do the math… lol. 100 results are returned per page with the API, but also, you must have a valid API key too. Currently I don’t have enough credits until next month. @occupi, feel free to use this script especially. :stuck_out_tongue:

Code here:

Any other questions feel free to ask. I’m very busy to so please bear with me. :slight_smile:

Also, @pry0cc, don’t know, but shouldn’t this script have its own post by now? lol. It has been a while since I worked on it. lolol.

With that being said, ~Cheers!

–Techno Forg–


#28

I’m still testing all 6300 server automatically of @occupi list with my script since yesterday.


(Zain) #29

Are you mass scanning them?


(Security Architect & Founder) #30

It’s fine here for now. I don’t think it warrants another post.


#31

All right, I tested all 6300 servers of Shodan, all servers that have vulnerable versions of libssh are ALL unexploitable.
Most common exceptions and reasons are:

·Secsh channel 0 open FAILED: : Administratively prohibited => So Undefinied Exception. Probably channel is closed or not PortForwarded.
·Server down
·Oops, unhandled type 3 ('unimplemented') => So Undefinied Exception.  Probably channel is closed or not PortForwarded.

This vulnerability it’s a bullshit, now is confirmed.


(Zain) #32

Let’s not call BS on it quite yet… the scripts thus far could incomplete. I still need to study a bit longer. Please bear with me. :slight_smile:


(bretph0t0n) #33

X2go is vulnerable ; Shodan doesn’t give a good number. Lot of application working for sehll ssh and not working with openssh


(fxbg) #34

Isn’t it the library that’s vulnerable, and not the ssh server itself? Probably why none of them are exploitable.