/kippo

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Remove the exxxit command #41

Closed
ghost opened this Issue May 27, 2014 · 4 comments

Comments

Assignees
No one assigned
Labels
Projects
None yet
Milestone
No milestone
0 participants
@ghost

ghost commented May 27, 2014

From nicolas.surribas on May 27, 2011 17:52:39

Hello !

The file commands/base.py contains a command called 'exxxit' 'for testing purposes' that can be used by attackers to detect if they are on a Kippo server or on a normal SSH server.

I suggest to remove this command from the source code.

Original issue: http://code.google.com/p/kippo/issues/detail?id=41
@ghost

This comment has been minimized.

Show comment
Hide comment
@ghost

ghost May 27, 2014

From desaster on May 27, 2011 10:54:13

There are many ways to detect kippo, as it's very far from a real system. My plan is to fix these as soon as I see them being used in the wild. So far I've never seen the 'exxxit' command being used by the attackers.

The purpose of the 'exxxit' command is for the administrators to be able to exit from the kippo instance without getting caught by the trick where kippo actually doesn't exit when you type 'exit'.

Now this isn't really that important to keep in there, and I might remove it anyway. In fact, maybe I'll make it work only from 127.0.0.1 or something. It's there just for my own convenience :)

Hmm.. ok.. instead of closing this as WontFix, let's keep it open until i fix it like that :)

Thanks for your bugreport, much appreciated!

Status: Accepted

ghost commented May 27, 2014

From desaster on May 27, 2011 10:54:13

There are many ways to detect kippo, as it's very far from a real system. My plan is to fix these as soon as I see them being used in the wild. So far I've never seen the 'exxxit' command being used by the attackers.

The purpose of the 'exxxit' command is for the administrators to be able to exit from the kippo instance without getting caught by the trick where kippo actually doesn't exit when you type 'exit'.

Now this isn't really that important to keep in there, and I might remove it anyway. In fact, maybe I'll make it work only from 127.0.0.1 or something. It's there just for my own convenience :)

Hmm.. ok.. instead of closing this as WontFix, let's keep it open until i fix it like that :)

Thanks for your bugreport, much appreciated!

Status: Accepted
@ghost

This comment has been minimized.

Show comment
Hide comment
@ghost

ghost May 27, 2014

From nicolas.surribas on May 27, 2011 14:01:28

I like the idea of the command only accessed by 127.0.0.1 ;-)

ghost commented May 27, 2014

From nicolas.surribas on May 27, 2011 14:01:28

I like the idea of the command only accessed by 127.0.0.1 ;-)
@ghost

This comment has been minimized.

Show comment
Hide comment
@ghost

ghost May 27, 2014

From MichaelNargang on September 12, 2012 20:39:53

Maybe you could make the command user definable in the config?

ghost commented May 27, 2014

From MichaelNargang on September 12, 2012 20:39:53

Maybe you could make the command user definable in the config?
@ghost

This comment has been minimized.

Show comment
Hide comment
@ghost

ghost May 27, 2014

From desaster on November 10, 2012 06:45:28

exxxit now only available if the client ip is 127.0.0.*

Status: Fixed

ghost commented May 27, 2014

From desaster on November 10, 2012 06:45:28

exxxit now only available if the client ip is 127.0.0.*

Status: Fixed

@ghost ghost closed this May 27, 2014

This issue was closed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment