[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : FreeSSHD Remote Authentication Bypass Zeroday Exploit
# Published : 2012-12-02
# Author :
# Previous Title : Oracle Business Transaction Management FlashTunnelService Remote Code Execution
# Next Title : Avaya IP Office Customer Call Reporter ImageUpload.ashx Remote Command Execution
FreeSSHD all version Remote Authentication Bypass ZERODAY
Discovered & Exploited by Kingcope
Year 2011
http://www.exploit-db.com/sploits/23080.zip
Run like:
ssh.exe -l<valid username> <host>
valid username might be:
root
admin
administrator
webadmin
sysadmin
netadmin
guest
user
web
test
ssh
sftp
ftp
or anything you can imagine.
The vulnerable banner of the most recent version is:
SSH-2.0-WeOnlyDo 2.1.3
For your pleasure,
KingcopeFreeSSHD all version Remote Authentication Bypass ZERODAY
Discovered & Exploited by Kingcope
Year 2011
Run like:
ssh.exe -l<valid username> <host>
valid username might be:
root
admin
administrator
webadmin
sysadmin
netadmin
guest
user
web
test
ssh
sftp
ftp
or anything you can imagine.
The vulnerable banner of the most recent version is:
SSH-2.0-WeOnlyDo 2.1.3
For your pleasure,
Kingcope