Share
## https://sploitus.com/exploit?id=4F2FBB06-E601-5EAD-9679-3395D24057DD
# CVE-2018-15473-Exploit

**Updated version with modern Python/Paramiko compatibility**

On August 15th, 2018, the following advisory was posted on the OSS-Security list: [http://openwall.com/lists/oss-security/2018/08/15/5](http://openwall.com/lists/oss-security/2018/08/15/5)

This is an improved version of the original exploit that works with modern Python environments and Paramiko versions (including 4.0.0+).

## ๐Ÿš€ What's New in This Fork

- โœ… **Fixed Paramiko compatibility** - Works with Paramiko 4.0.0+ and modern Alpine Linux
- โœ… **Updated Dockerfile** - Uses Alpine packages instead of pip to avoid PEP 668 issues
- โœ… **Simplified exploit version** - `sshUsernameEnumExploit_simple.py` with better reliability
- โœ… **Improved error handling** - Better feedback and debugging information
- โœ… **Modern Python support** - Works with Python 3.10+ environments

## ๐Ÿ“ Repository Structure

```
CVE-2018-15473-Exploit/
โ”œโ”€โ”€ Dockerfile                      # Updated for modern Alpine Linux
โ”œโ”€โ”€ README.md                       # This file
โ”œโ”€โ”€ sshUsernameEnumExploit.py      # Original exploit (with compatibility fixes)
โ”œโ”€โ”€ sshUsernameEnumExploit_simple.py # Simplified, more reliable version
โ””โ”€โ”€ test_users.txt                 # Sample username list for testing
```

## ๐Ÿณ Docker Usage (Recommended)

### Build the image:
```bash
docker build -t cve-2018-15473 .
```

### Run the exploit:
```bash
# Show help
docker run --rm cve-2018-15473 --help

# Test single username
docker run --rm cve-2018-15473  --username admin

# Test multiple usernames from file
docker run --rm -v /path/to/userlist.txt:/userlist.txt cve-2018-15473  --userList /userlist.txt

# Save results to file
docker run --rm -v /path/to/output:/output cve-2018-15473  --userList /userlist.txt --outputFile /output/results.json --outputFormat json
```

### Clean up:
```bash
# Remove containers and image
docker ps -a | awk '$2 == "cve-2018-15473" {print $1}' | xargs docker rm
docker rmi cve-2018-15473
```

## ๐Ÿ–ฅ๏ธ Local Usage

### Prerequisites
- Python 3.7+
- Paramiko library

### Installation
```bash
# Install paramiko
pip install paramiko

# Or use the simplified version (recommended for modern environments)
python3 sshUsernameEnumExploit_simple.py --help
```

## โš™๏ธ Features

The exploit includes the following features:

* **Threading** - Default 5 threads (configurable)
  * If more than 10 are used, often the OpenSSH service gets overwhelmed and causes retries
* **Single username evaluation** via `--username` parameter
* **Multiple username evaluation** via `--userList` parameter  
* **File output** via `--outputFile` parameter
* **Multiple output formats** (list, json, csv) via `--outputFormat` parameter
* **Configurable timeout** for connection handling
* **Improved error messages** and debugging information

## ๐Ÿ“ Usage Examples

### Single Username Test
```bash
python3 sshUsernameEnumExploit_simple.py 192.168.1.100 --username admin
```

### Multiple Usernames from File
```bash
python3 sshUsernameEnumExploit_simple.py 192.168.1.100 --userList test_users.txt
```

### JSON Output to File
```bash
python3 sshUsernameEnumExploit_simple.py 192.168.1.100 --userList test_users.txt --outputFile results.json --outputFormat json
```

### With Custom Threading and Timeout
```bash
python3 sshUsernameEnumExploit_simple.py 192.168.1.100 --userList test_users.txt --threads 3 --timeout 15
```

## ๐ŸŽฏ Target Requirements

This exploit targets:
- **Vulnerable versions**: OpenSSH < 7.7
- **Attack vector**: Username enumeration via timing attack
- **Protocol**: SSH (default port 22)

## โš ๏ธ Important Notes

1. **Legal Use Only**: This tool should only be used for authorized penetration testing and security research
2. **Rate Limiting**: Use appropriate threading limits to avoid overwhelming target services
3. **Patched Systems**: Modern OpenSSH versions (7.7+) are not vulnerable to this attack
4. **Network Considerations**: Ensure you have permission to test the target systems

## ๐Ÿ”„ Version Information

- **Original Author**: Justin Gardner, Penetration Tester @ SynerComm AssureIT
- **Original Repository**: [Rhynorater/CVE-2018-15473-Exploit](https://github.com/Rhynorater/CVE-2018-15473-Exploit)
- **This Fork**: Updated for modern Python/Paramiko compatibility by [jubeenshah](https://github.com/jubeenshah)
- **Date**: August 20, 2018 (Original) / October 26, 2025 (Updated)

## ๐Ÿ“„ License

This project maintains the same license as the original repository. Use responsibly and in accordance with applicable laws and regulations.