-
Notifications
You must be signed in to change notification settings - Fork 280
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Remove the exxxit command #41
Comments
From desaster on May 27, 2011 10:54:13 There are many ways to detect kippo, as it's very far from a real system. My plan is to fix these as soon as I see them being used in the wild. So far I've never seen the 'exxxit' command being used by the attackers. The purpose of the 'exxxit' command is for the administrators to be able to exit from the kippo instance without getting caught by the trick where kippo actually doesn't exit when you type 'exit'. Now this isn't really that important to keep in there, and I might remove it anyway. In fact, maybe I'll make it work only from 127.0.0.1 or something. It's there just for my own convenience :) Hmm.. ok.. instead of closing this as WontFix, let's keep it open until i fix it like that :) Thanks for your bugreport, much appreciated! Status: Accepted |
From nicolas.surribas on May 27, 2011 14:01:28 I like the idea of the command only accessed by 127.0.0.1 ;-) |
From MichaelNargang on September 12, 2012 20:39:53 Maybe you could make the command user definable in the config? |
From desaster on November 10, 2012 06:45:28 exxxit now only available if the client ip is 127.0.0.* Status: Fixed |
From nicolas.surribas on May 27, 2011 17:52:39
Hello !
The file commands/base.py contains a command called 'exxxit' 'for testing purposes' that can be used by attackers to detect if they are on a Kippo server or on a normal SSH server.
I suggest to remove this command from the source code.
Original issue: http://code.google.com/p/kippo/issues/detail?id=41
The text was updated successfully, but these errors were encountered: