https://github.com/doyensec/sshnuke_info

SSH Nuke Info
https://github.com/doyensec/sshnuke_info

exploit exploit-development sshd vulnerability

Last synced: 11 days ago
JSON representation

SSH Nuke Info

• Host: GitHub
• URL: https://github.com/doyensec/sshnuke_info
• Owner: doyensec
• Created: 2025-02-26T18:23:14.000Z (4 months ago)
• Default Branch: main
• Last Pushed: 2025-03-04T17:29:36.000Z (4 months ago)
• Last Synced: 2025-05-14T02:51:46.666Z (about 1 month ago)
• Topics: exploit, exploit-development, sshd, vulnerability
• Language: C
• Homepage: https://blog.doyensec.com/2025/03/04/exploitable-sshd.html
• Size: 7.81 KB
• Stars: 5
• Watchers: 1
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

        
# SSHNuke_info

> This repo pairs with the [!exploitable Episode Two - Enter the Matrix](https://blog.doyensec.com/2025/03/04/exploitable-sshd.html) blog post.

SSHNuke, aka the exploit used by Trinity in *The Matrix Reloaded*, attacks

OpenSSH versions prior to 2.3.0. 

The `main.c` re-implements the vulnerability in the simplest package. This

allows you to prototype your own basic exploits to understand this famous

vulnerability.

# build instructions

```

gcc -g main.c

```

That's it, you get an `a.out` which accepts the exploit buffer over `stdin`.

## alt

If you want to cheat, switch to the cheat branch and see a crash example.

# Credit

* Code is 99% copy/pasted from OpenSSH with an attempt to retain all copywrites

* Dennis Goodlett of Doyensec wrote only the `main` function

* Vulnerability originaly discovered by Michal Zalewski [ref](https://web.archive.org/web/20020205102640/http://razor.bindview.com/publish/advisories/adv_ssh1crc.html)