[AFS_Nemesis]

There is a PoC for certain i386 (32-bit) versions of OpenSSH where glibc is at a static base address, so no ASLR bypass is needed.

Since the approx exploitation time (or efforts, which is ~10k requests) is based on i386, it can be assumed that newer systems (those running x86_64 / AMD64) would take a lot longer to exploit due to the need for an ASLR bypass.

Late to the party but... from what I know, you'd have to send 3 particular packets that would have to include the exact memory return address via a bruteforce operation. ASLR would increase the bruteforce space. This is a real exploit but I only see it being real world exploitable on IoT devices.

Probability of exploitation, the chance of exploitation is above 0 without updating.

[rslimetempest]

What's the query in shodan to search all openssh?

The query for Shodan is product:"OpenSSH"

This is great. Thanks man!

This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Leeching | http://c66go4clkqodr7tdjfu76jztjs7w7d3fajdeypxn73v4ju3dt7g5yyyd.onion/Forum-Ban-Appeals if you feel this is incorrect.