## https://sploitus.com/exploit?id=9C4B9838-9B34-5ECF-88C6-1F085707B73E
# CVE-2023-25136
OpenSSH 9.1 vulnerability mass scan and exploit
# Description
OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. This is fixed in OpenSSH 9.2. The double free can be leveraged, by an unauthenticated remote attacker in the default configuration, to jump to any location in the sshd address space. One third-party report states "remote code execution is theoretically possible."
https://nvd.nist.gov/vuln/detail/CVE-2023-25136
# Use
1. Run the scan.py script and enter the file name with IP addresses python scan.py
![Screenshot_1](https://user-images.githubusercontent.com/118097522/235245971-2eef4f46-a0e3-4a2b-bfef-420bc13106d8.png)
2. Run the exploit.py script and enter the vulnerable IP address python exploit.py
![Screenshot_2](https://user-images.githubusercontent.com/118097522/235246694-0945bdeb-5550-43a9-a86f-526165edb200.png)
# Requirements
The script runs in Python3
If you don't have the libraries installed, they will be installed when you run the program
โข paramiko: to install it just type pip install paramiko
โข colorama: to install it just type pip install colorama