|
86659 | 86659 | "session_types": false, |
86660 | 86660 | "needs_cleanup": null |
86661 | 86661 | }, |
| 86662 | + "exploit_linux/ssh/ssh_erlangotp_rce": { |
| 86663 | + "name": "Erlang OTP Pre-Auth RCE Scanner and Exploit", |
| 86664 | + "fullname": "exploit/linux/ssh/ssh_erlangotp_rce", |
| 86665 | + "aliases": [], |
| 86666 | + "rank": 600, |
| 86667 | + "disclosure_date": "2025-04-16", |
| 86668 | + "type": "exploit", |
| 86669 | + "author": [ |
| 86670 | + "Horizon3 Attack Team", |
| 86671 | + "Matt Keeley", |
| 86672 | + "Martin Kristiansen", |
| 86673 | + "mekhalleh (RAMELLA Sebastien)" |
| 86674 | + ], |
| 86675 | + "description": "This module detect and exploits CVE-2025-32433, a pre-authentication vulnerability in Erlang-based SSH\n servers that allows remote command execution. By sending crafted SSH packets, it executes a payload to\n establish a reverse shell on the target system.\n\n The exploit leverages a flaw in the SSH protocol handling to execute commands via the Erlang `os:cmd`\n function without requiring authentication.", |
| 86676 | + "references": [ |
| 86677 | + "CVE-2025-32433", |
| 86678 | + "URL-https://x.com/Horizon3Attack/status/1912945580902334793", |
| 86679 | + "URL-https://platformsecurity.com/blog/CVE-2025-32433-poc", |
| 86680 | + "URL-https://github.com/ProDefense/CVE-2025-32433" |
| 86681 | + ], |
| 86682 | + "platform": "Linux,Unix", |
| 86683 | + "arch": "cmd", |
| 86684 | + "rport": 22, |
| 86685 | + "autofilter_ports": [], |
| 86686 | + "autofilter_services": [], |
| 86687 | + "targets": [ |
| 86688 | + "Linux Command", |
| 86689 | + "Unix Command" |
| 86690 | + ], |
| 86691 | + "mod_time": "2025-05-02 13:41:47 +0000", |
| 86692 | + "path": "/modules/exploits/linux/ssh/ssh_erlangotp_rce.rb", |
| 86693 | + "is_install_path": true, |
| 86694 | + "ref_name": "linux/ssh/ssh_erlangotp_rce", |
| 86695 | + "check": true, |
| 86696 | + "post_auth": false, |
| 86697 | + "default_credential": false, |
| 86698 | + "notes": { |
| 86699 | + "Stability": [ |
| 86700 | + "crash-safe" |
| 86701 | + ], |
| 86702 | + "Reliability": [ |
| 86703 | + "repeatable-session" |
| 86704 | + ], |
| 86705 | + "SideEffects": [ |
| 86706 | + "ioc-in-logs" |
| 86707 | + ] |
| 86708 | + }, |
| 86709 | + "session_types": false, |
| 86710 | + "needs_cleanup": null |
| 86711 | + }, |
86662 | 86712 | "exploit_linux/ssh/symantec_smg_ssh": { |
86663 | 86713 | "name": "Symantec Messaging Gateway 9.5 Default SSH Password Vulnerability", |
86664 | 86714 | "fullname": "exploit/linux/ssh/symantec_smg_ssh", |
|
0 commit comments