FreeSSHD 2.1.3 - Remote Authentication Bypass Exploit 0day

2012-12-02T00:00:00
ID EDB-ID:23080
Type exploitdb
Reporter kingcope
Modified 2012-12-02T00:00:00

Description

FreeSSHD 2.1.3 - Remote Authentication Bypass Exploit (0day). CVE-2012-6066. Remote exploit for windows platform

                                        
                                            FreeSSHD all version Remote Authentication Bypass ZERODAY
Discovered & Exploited by Kingcope
Year 2011

## Exploit-DB mirror: https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/23080.zip

Run like:

ssh.exe -l<valid username> <host>

valid username might be:

root
admin
administrator
webadmin
sysadmin
netadmin
guest
user
web
test
ssh
sftp
ftp

or anything you can imagine.


The vulnerable banner of the most recent version is:

SSH-2.0-WeOnlyDo 2.1.3


For your pleasure,

KingcopeFreeSSHD all version Remote Authentication Bypass ZERODAY
Discovered & Exploited by Kingcope
Year 2011

Run like:

ssh.exe -l<valid username> <host>

valid username might be:

root
admin
administrator
webadmin
sysadmin
netadmin
guest
user
web
test
ssh
sftp
ftp

or anything you can imagine.


The vulnerable banner of the most recent version is:

SSH-2.0-WeOnlyDo 2.1.3


For your pleasure,

Kingcope