FreeSSHD - Remote Authentication Bypass Exploit (0day)



EDB-ID: 23080 CVE: 2012-6066 OSVDB-ID: 88006
Author: kingcope Published: 2012-12-02 Verified: Verified
Exploit Code:   Download Vulnerable App:   N/A

Rating

(0.0)
Prev Home Next
FreeSSHD all version Remote Authentication Bypass ZERODAY
Discovered & Exploited by Kingcope
Year 2011

http://www.exploit-db.com/sploits/23080.zip

Run like:

ssh.exe -l<valid username> <host>

valid username might be:

root
admin
administrator
webadmin
sysadmin
netadmin
guest
user
web
test
ssh
sftp
ftp

or anything you can imagine.


The vulnerable banner of the most recent version is:

SSH-2.0-WeOnlyDo 2.1.3


For your pleasure,

KingcopeFreeSSHD all version Remote Authentication Bypass ZERODAY
Discovered & Exploited by Kingcope
Year 2011

Run like:

ssh.exe -l<valid username> <host>

valid username might be:

root
admin
administrator
webadmin
sysadmin
netadmin
guest
user
web
test
ssh
sftp
ftp

or anything you can imagine.


The vulnerable banner of the most recent version is:

SSH-2.0-WeOnlyDo 2.1.3


For your pleasure,

Kingcope