Here's a fun PoC I built thanks to Ben's dataset.

I don't want to ruin the surprise, so just try this command. (It's harmless.)


For the security crowd: don't worry, I don't have any OpenSSH 0day and even if I did I wouldn't burn them on my blog. Also, ssh is designed to log into untrusted servers.

Update 2016-01-16: yeah, the roaming bug, I know. Kinda called it. Anyway, the server will act as a test now and warn you if you connect with roaming enabled (i.e. if you are vulnerable). Still, you should not trust me and update first!

The server you will connect to is open source and written in Go, by the way!

