## https://sploitus.com/exploit?id=09DAE153-1015-5324-B27A-FE80D50E2F75
<h1>CVE-2023-25136 POC</h1>
<h3>POC For A Pre Auth Double Free Vulnerability Affecting OpenSSH 9.1 To 9.2</h3>
<hr>
<h2>Neccessary libraries</h2>
<p>Please make sure you have the following dependencies installed:</p>
<ul>
<li>Python 3 (duh)</li>
<li>termcolor</li>
<li>argparse</li>
<li>fabric</li>
</ul>
<p>You can also install these libraries directly from the included requirements.txt file using pip.</p>
<p><code>python3 -m pip install -r requirements.txt</code></p>
<hr>
<h2>How to use:</h2>
<p>To use the script to check if OpenSSH is vulnerable on a single specified IP address, run the script with the <code>-t</code> or the <code>--target</code> parameter, followed by the IP address you wish to test.</p>
<p><b>NOTE: IT WILL AUTOMATICALLY DEFAULT TO PORT 22</b></p>
<p>Example: <code>python3 CVE-2023-25136_POC.py -t 127.0.0.1</code></p>
<p>To check for the vulnerability on more than one IP address, create a file with one IP per line and specify it to the script with the <code>-p</code> or the <code>--filepath</code> parameter.</p>
<p>Example: <code>python3 CVE-2023-25136_POC.py -f listofips.txt</code></p>
<hr>
<h2>Understanding output</h2>
<p>Pretty straight forward, if OpenSSH is exploitable, it will print it <code>127.0.0.1: Exploitable</code> in green</p>
<p>If it isn't, it will print it <code>127.0.0.1: Exploitable</code> in red
<hr>
<h2>Credits</h2>
<p>This vulnerability was found by Mantas Mikulėnas (<a href="https://github.com/grawity">grawity</a>) and all credit goes to him.</p>
<p>The proof of concept for this exploit was written by me, Lodzie Kotekya.</p>
<p>You can find me on <a href="https://t.me/lodzie">Telegram</a> or <a href="https://twitter.com/LodzieIsHere">Twitter.</p>
<hr>
<h2>License</h2>
<p>This code was proudly written and published under Daddy Stallmans <a href="https://www.gnu.org/licenses/gpl-3.0.txt">GPL v3 license</a>