-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathcheck_ssh_regression_exploit.sh
121 lines (95 loc) · 3.05 KB
/
check_ssh_regression_exploit.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
#!/bin/bash
USAGE="
#===========================================================#
| ___ _ ____ |
| / _ \ ___| |__ ___ _ __ _ __ ___| _ \ _ __ ___ |
| | | | / __| '_ \ / _ \| '__| '_ \ / _ \ |_) | '__/ _ \ |
| | |_| \__ \ |_) | (_) | | | | | | __/ __/| | | (_) | |
| \___/|___/_.__/ \___/|_| |_| |_|\___|_| |_| \___/ |
#-----------------------------------------------------------#
| If you can't beat 'em, tech 'em! | https://osbornepro.com |
#===========================================================#
SYNTAX:
$0 [-h] [-H | -A]
DESCRIPTION:
This script is used to check if OpenSSH is vulnerable to CVE-2024-6387 the RegreSSHion exploit
REFERENCE:
https://www.qualys.com/regresshion-cve-2024-6387/
REQUIREMENTS:
1.) Internet access
2.) OpenSSH is installed
CONTACT INFORMATION
Author: Robert H. Osborne (OsbornePro)
Contact: rosborne@osbornepro.com
Website: https://osbornepro.com
USAGE:
$0 [-h]
OPTIONS:
-h : Displays the help information for the command.
EXAMPLES:
$0 -h
# This example returns the help information on how to use this command
"
OSID=$(grep ID_LIKE /etc/os-release | cut -d"=" -f 2)
# Function to allow ctrl + c stopage
function allow_ctrlc {
# Allow Ctrl+C to stop execution
trap '
trap - INT # restore default INT handler
kill -s INT "$$"
' INT
} # End function allow_ctrlc
# Function to print help info
function print_usage {
printf "$USAGE\n" >&2
exit 3
} # End function print_usage
# Function to check SSH version
check_ssh_version() {
ssh_version_output=$(ssh -V 2>&1)
echo "$ssh_version_output"
}
# Function to parse SSH version
parse_ssh_version() {
ssh_version_output=$1
ssh_version=$(echo "$ssh_version_output" | awk '{print $1}' | awk -F'[_ ]' '{print $2}')
echo "$ssh_version"
}
# Function to determine vulnerability status
is_vulnerable() {
ssh_version=$1
# Compare versions using sort -V
if [[ $(printf '%s\n' "$ssh_version" "4.4p1" | sort -V | head -n1) == "$ssh_version" ]] || \
([[ $(printf '%s\n' "$ssh_version" "8.5p1" | sort -V | head -n1) != "$ssh_version" ]] && \
[[ $(printf '%s\n' "$ssh_version" "9.8p1" | sort -V | head -n1) == "$ssh_version" ]]); then
echo "true"
else
echo "false"
fi
}
# Main script
allow_ctrlc
while [ ! -z "$1" ]; do
case "$1" in
-h)
shift
print_uage
exit 1
;;
esac
shift
done
ssh_version_output=$(check_ssh_version)
echo "Current SSH Version: $ssh_version_output"
ssh_version=$(parse_ssh_version "$ssh_version_output")
if [ -n "$ssh_version" ]; then
vulnerable=$(is_vulnerable "$ssh_version")
if [ "$vulnerable" == "true" ]; then
echo "OpenSSH version $ssh_version is vulnerable to the RegreSSHion exploit."
else
echo "OpenSSH version $ssh_version is NOT vulnerable to RegreSSHion :-)"
fi
else
echo "Failed to determine SSH version."
exit 1
fi