hershell
cve-2021-3449
hershell | cve-2021-3449 | |
---|---|---|
1 | 4 | |
579 | 225 | |
- | - | |
0.0 | 0.0 | |
about 4 years ago | over 2 years ago | |
Go | Go | |
BSD 3-clause "New" or "Revised" License | - |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
hershell
cve-2021-3449
-
CVE 2021 3449 exploit method
I am trying to understand how to use the information in https://github.com/terorie/cve-2021-3449 to check in my server which has UI and supports TLS 1.2. It does not support renegotiation though but I still wanted to check with exploit to verify whether or not, it is impacted. The link mentions βgo run . -host host:portβ but I am not able to figure out how to use it as there seem no script to run. Any help would be appreciated.
- CVE-2021-3499 OpenSSL denial-of-service PoC
-
Do these vulns affect Fortigate devices? CVE-2021-3449 - CVE-2021-3450
FortiOS(web gui/sslvpn) is "vulnerable" to CVE-2021-3449, tested using POC https://github.com/terorie/cve-2021-3449 Impact is basically limited to filling up your crashlog, but if you have fortigates your used to that :)
-
OpenSSL Security Advisory [25 March 2021]
Does anyone have a PoC? Someone posted this on Github but the git log is squashed and doesn't show the changes they made. https://github.com/terorie/cve-2021-3449
What are some alternatives?
stunner - Stunner is a tool to test and exploit STUN, TURN and TURN over TCP servers.
Caddy - Fast and extensible multi-platform HTTP/1-2-3 web server with automatic HTTPS
reverse-ssh - Statically-linked ssh server with reverse shell functionality for CTFs and such
httpd - Docker Official Image packaging for Apache HTTP Server
reverse_ssh - SSH based reverse shell
rospo - πΈ Simple, reliable, persistent ssh tunnels with embedded ssh server
OpenSSL - TLS/SSL and crypto library
notionterm - π₯οΈπ Embed reverse shell in Notion pages
mkcert - A simple zero-config tool to make locally trusted development certificates with any names you'd like.
Girsh - Automatically spawn a reverse shell fully interactive for Linux or Windows victim
traitor - :arrow_up: :skull_and_crossbones: :fire: Automatic Linux privesc via exploitation of low-hanging fruit e.g. gtfobins, pwnkit, dirty pipe, +w docker.sock