This repo pairs with the !exploitable Episode Two - Enter the Matrix blog post.
SSHNuke, aka the exploit used by Trinity in The Matrix Reloaded, attacks OpenSSH versions prior to 2.3.0.
The main.c re-implements the vulnerability in the simplest package. This
allows you to prototype your own basic exploits to understand this famous
vulnerability.
gcc -g main.c
That's it, you get an a.out which accepts the exploit buffer over stdin.
If you want to cheat, switch to the cheat branch and see a crash example.
- Code is 99% copy/pasted from OpenSSH with an attempt to retain all copywrites
- Dennis Goodlett of Doyensec wrote only the
mainfunction - Vulnerability originaly discovered by Michal Zalewski ref