## https://sploitus.com/exploit?id=4F2FBB06-E601-5EAD-9679-3395D24057DD
# CVE-2018-15473-Exploit
**Updated version with modern Python/Paramiko compatibility**
On August 15th, 2018, the following advisory was posted on the OSS-Security list: [http://openwall.com/lists/oss-security/2018/08/15/5](http://openwall.com/lists/oss-security/2018/08/15/5)
This is an improved version of the original exploit that works with modern Python environments and Paramiko versions (including 4.0.0+).
## ๐ What's New in This Fork
- โ **Fixed Paramiko compatibility** - Works with Paramiko 4.0.0+ and modern Alpine Linux
- โ **Updated Dockerfile** - Uses Alpine packages instead of pip to avoid PEP 668 issues
- โ **Simplified exploit version** - `sshUsernameEnumExploit_simple.py` with better reliability
- โ **Improved error handling** - Better feedback and debugging information
- โ **Modern Python support** - Works with Python 3.10+ environments
## ๐ Repository Structure
```
CVE-2018-15473-Exploit/
โโโ Dockerfile # Updated for modern Alpine Linux
โโโ README.md # This file
โโโ sshUsernameEnumExploit.py # Original exploit (with compatibility fixes)
โโโ sshUsernameEnumExploit_simple.py # Simplified, more reliable version
โโโ test_users.txt # Sample username list for testing
```
## ๐ณ Docker Usage (Recommended)
### Build the image:
```bash
docker build -t cve-2018-15473 .
```
### Run the exploit:
```bash
# Show help
docker run --rm cve-2018-15473 --help
# Test single username
docker run --rm cve-2018-15473 --username admin
# Test multiple usernames from file
docker run --rm -v /path/to/userlist.txt:/userlist.txt cve-2018-15473 --userList /userlist.txt
# Save results to file
docker run --rm -v /path/to/output:/output cve-2018-15473 --userList /userlist.txt --outputFile /output/results.json --outputFormat json
```
### Clean up:
```bash
# Remove containers and image
docker ps -a | awk '$2 == "cve-2018-15473" {print $1}' | xargs docker rm
docker rmi cve-2018-15473
```
## ๐ฅ๏ธ Local Usage
### Prerequisites
- Python 3.7+
- Paramiko library
### Installation
```bash
# Install paramiko
pip install paramiko
# Or use the simplified version (recommended for modern environments)
python3 sshUsernameEnumExploit_simple.py --help
```
## โ๏ธ Features
The exploit includes the following features:
* **Threading** - Default 5 threads (configurable)
* If more than 10 are used, often the OpenSSH service gets overwhelmed and causes retries
* **Single username evaluation** via `--username` parameter
* **Multiple username evaluation** via `--userList` parameter
* **File output** via `--outputFile` parameter
* **Multiple output formats** (list, json, csv) via `--outputFormat` parameter
* **Configurable timeout** for connection handling
* **Improved error messages** and debugging information
## ๐ Usage Examples
### Single Username Test
```bash
python3 sshUsernameEnumExploit_simple.py 192.168.1.100 --username admin
```
### Multiple Usernames from File
```bash
python3 sshUsernameEnumExploit_simple.py 192.168.1.100 --userList test_users.txt
```
### JSON Output to File
```bash
python3 sshUsernameEnumExploit_simple.py 192.168.1.100 --userList test_users.txt --outputFile results.json --outputFormat json
```
### With Custom Threading and Timeout
```bash
python3 sshUsernameEnumExploit_simple.py 192.168.1.100 --userList test_users.txt --threads 3 --timeout 15
```
## ๐ฏ Target Requirements
This exploit targets:
- **Vulnerable versions**: OpenSSH < 7.7
- **Attack vector**: Username enumeration via timing attack
- **Protocol**: SSH (default port 22)
## โ ๏ธ Important Notes
1. **Legal Use Only**: This tool should only be used for authorized penetration testing and security research
2. **Rate Limiting**: Use appropriate threading limits to avoid overwhelming target services
3. **Patched Systems**: Modern OpenSSH versions (7.7+) are not vulnerable to this attack
4. **Network Considerations**: Ensure you have permission to test the target systems
## ๐ Version Information
- **Original Author**: Justin Gardner, Penetration Tester @ SynerComm AssureIT
- **Original Repository**: [Rhynorater/CVE-2018-15473-Exploit](https://github.com/Rhynorater/CVE-2018-15473-Exploit)
- **This Fork**: Updated for modern Python/Paramiko compatibility by [jubeenshah](https://github.com/jubeenshah)
- **Date**: August 20, 2018 (Original) / October 26, 2025 (Updated)
## ๐ License
This project maintains the same license as the original repository. Use responsibly and in accordance with applicable laws and regulations.