Skip to content

Erlang opt ssh rce (CVE-2025-32433)#366

Open
girlier wants to merge 14 commits into
cliffe:masterfrom
girlier:erlang-opt-ssh-rce
Open

Erlang opt ssh rce (CVE-2025-32433)#366
girlier wants to merge 14 commits into
cliffe:masterfrom
girlier:erlang-opt-ssh-rce

Conversation

@girlier
Copy link
Copy Markdown

@girlier girlier commented May 27, 2026

Erlang OTP SSH RCE (CVE-2025-32433)

Vulnerability module paired with an example CTF (ssh-it happens).
The Erlang OPT SSH daemon vulnerability is configured on port 2222 and can be exploited through Metasploit.

girlier and others added 14 commits March 23, 2026 18:32
@girlier
Add Erlang/OTP SSH RCE module metadata (CVE-2025-32433)
7bef580 
- Create secgen_metadata.xml with vulnerability details
- Set CVSS 10.0, difficulty low, privilege root_rwx
- Add CyBOK mappings and references
- Document affected versions and exploit hints
@girlier
Add Puppet entry point for erlang_otp_ssh_rce module
1ca0e98 
- Include install, config, and service classes
@girlier
Add install manifest for Erlang/OTP SSH module
99f1839 
- Install erlang package (vulnerable version 25.x on Debian 12)
- Install screen for daemon persistence
- Create erlang_ssh user for daemon and flag storage
@girlier
Add config manifest and templates for Erlang SSH daemon
8b3f0b0 
- Create ssh_daemon.erl template with vulnerable SSH server
- Create start_ssh.sh startup script template
- Configure flag storage for CTF
- Set up SSH keys directory
@girlier
Add service manifest for Erlang SSH daemon
cc8bd6e 
- Compile Erlang SSH daemon module
- Generate SSH host keys
- Start daemon in screen session
- Verify port is listening
@girlier
Add init.pp main class for erlang_otp_ssh_rce
edfb7f1 
- Define class ordering: install -> config -> service
@girlier
Add post-provision test for Erlang SSH module
ea6ee44 
- Test Erlang installation
- Verify SSH daemon is running on port 2222
- Check vulnerability exists (OTP version 25.x or 26.x)
- Verify flag files created
- Verify beam file compiled
@girlier
Add CTF scenario for Erlang/OTP SSH RCE vulnerability
3b9bf99 
- Create erlang_ssh_rce scenario targeting Debian 12
- Include new erlang_otp_ssh_rce vulnerability module
- Configure SSH daemon on port 2222
- Add CyBOK mappings for CVE-2025-32433
@girlier
Fix Erlang SSH daemon using vulhub escript approach
7063027 
- Replace complex Erlang module with simple escript (matches vulhub)
- Start applications in correct order: asn1, crypto, public_key, ssh
- Remove unused template files
- Simplify config.pp and service.pp
- Fix 'ssh_not_started' error by properly initializing dependencies
@girlier
Refine Erlang OTP SSH RCE provisioning and runtime
129745e
@girlier
Use prebuilt Erlang package and remove source tarball
953266c
@girlier
Refactor: Move Erlang SSH RCE module to SSH category, rename to ssh_e…
8bcaea8 
…rlangotp_rce, and update scenarios
@girlier
Remove secgen_test folder and update ssh_erlangotp_rce module metadat…
7821352 
…a and SSH_it_happens scenario
@girlier
Merge branch 'cliffe:master' into erlang-opt-ssh-rce
66dd062
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@girlier