Yesterday was released a new OpenSSH bug (CVE-2016-0777) affecting versions between 5.4 to 7.1 in which the ssh_config option “UseRoaming yes” (allows for resuming SSH connections) could be exploited by tricking the SSH client to connect to a fake/compromised server allowing it to steal clients SSH keys.

After some hours I saw this tweet on my timeline:

twitter cve-2016-0777 Obviously a classical exploit doesn’t fit in this type of bug so I checked the shellcode.

The quickest method I know is using Python. You just need to define the shellcode as a variable and print it:

Python-sc-checkNever trust anyone 😉

P.S.1: or if you are an ASM freak try rasm2 -d 6a0b58995266682d6389e7…

rasm2-dP.S.2: or even more