Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ssh_enumusers.rb: Change default value of 'CHECK_FALSE' to true (closes #17810) #17813

Merged
merged 1 commit into from
Mar 29, 2023
Merged

ssh_enumusers.rb: Change default value of 'CHECK_FALSE' to true (closes #17810) #17813

merged 1 commit into from
Mar 29, 2023

Conversation

samueloph
Copy link
Contributor

The default action "Malformed Packet" reports all users as found even
though they don't exist.

Setting "CHECK_FALSE" to true will make the scanner bail out as it
realizes the target is patched.

Closes: #17810

@samueloph
ssh_enumusers.rb: Change default value of 'CHECK_FALSE' to true (closes
d77113d 
rapid7#17810)

 The default action "Malformed Packet" reports all users as found even
 though they don't exist.

 Setting "CHECK_FALSE" to true will make the scanner bail out as it
 realizes the target is patched.
@bcoles bcoles added the usability Usability improvements label Mar 24, 2023
@sempervictus
Copy link
Contributor

This looks like it adds a failed authentication log entry by default to every scanned target which will effect how brute force detection works (OSSEC/fail2ban/etc) on the defending side.

Maybe we change the default action given that it uses a flaw not commonly present in the protocol?

@bcoles
Copy link
Contributor

bcoles commented Mar 24, 2023

This looks like it adds a failed authentication log entry by default to every scanned target which will effect how brute force detection works (OSSEC/fail2ban/etc) on the defending side.

Maybe we change the default action given that it uses a flaw not commonly present in the protocol?

I don't follow. Is your commentary related to the change in this PR? Or are you suggesting changing the default action in addition to the change in this PR?

@sempervictus
Copy link
Contributor

Suggesting we not default to attempting authentication with a nonexistent name as that will create the type of log entry such tools look for in their tailing of the log files/channels.

@bcoles
Copy link
Contributor

bcoles commented Mar 25, 2023

Suggesting we not default to attempting authentication with a nonexistent name as that will create the type of log entry such tools look for in their tailing of the log files/channels.

As opposed to the subsequent hundreds (or thousands) of requests?

@sempervictus
Copy link
Contributor

Ah! Gotcha, its not failing to scan its failing to stop scanning; thanks. Pardon, withdrawn 😄.

@bcoles bcoles added the rn-enhancement release notes enhancement label Mar 26, 2023
@space-r7 space-r7 self-assigned this Mar 29, 2023
@space-r7 space-r7 merged commit 1f32004 into rapid7:master Mar 29, 2023
@samueloph samueloph deleted the samueloph/ssh_enumusers_check_false_default branch March 29, 2023 17:33
@space-r7
Copy link
Contributor

space-r7 commented Mar 29, 2023
edited by bcoles
Loading

Release Notes

This sets the CHECK_FALSE option to true by default so that the auxiliary/scanner/ssh/ssh_enumusers scanner module will bail upon detecting false positive results.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bcoles bcoles bcoles approved these changes

Assignees

@space-r7 space-r7

Labels
rn-enhancement release notes enhancement usability Usability improvements
Projects
Metasploit Kanban
Archived in project
Milestone
No milestone
4 participants
@samueloph @sempervictus @bcoles @space-r7