<h1>CVE-2023-25136 POC</h1>
<h3>POC For A Pre Auth Double Free Vulnerability Affecting OpenSSH 9.1 To 9.2</h3>
<h2>Neccessary libraries</h2>
<p>Please make sure you have the following dependencies installed:</p>
<li>Python 3 (duh)</li>
<p>You can also install these libraries directly from the included requirements.txt file using pip.</p>
<p><code>python3 -m pip install -r requirements.txt</code></p>
<h2>How to use:</h2>
<p>To use the script to check if OpenSSH is vulnerable on a single specified IP address, run the script with the <code>-t</code> or the <code>--target</code> parameter, followed by the IP address you wish to test.</p>
<p>Example: <code>python3 -t</code></p>
<p>To check for the vulnerability on more than one IP address, create a file with one IP per line and specify it to the script with the <code>-p</code> or the <code>--filepath</code> parameter.</p>
<p>Example: <code>python3 -f listofips.txt</code></p>
<h2>Understanding output</h2>
<p>Pretty straight forward, if OpenSSH is exploitable, it will print it <code> Exploitable</code> in green</p>
<p>If it isn't, it will print it <code> Exploitable</code> in red
<p>This vulnerability was found by Mantas Mikulėnas (<a href="">grawity</a>) and all credit goes to him.</p>
<p>The proof of concept for this exploit was written by me, Lodzie Kotekya.</p>
<p>You can find me on <a href="">Telegram</a> or <a href="">Twitter.</p>
<p>This code was proudly written and published under Daddy Stallmans <a href="">GPL v3 license</a>