Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SSH Scanner Bug #39

Closed
mikehacksthings opened this issue Sep 25, 2017 · 7 comments
Closed

SSH Scanner Bug #39

mikehacksthings opened this issue Sep 25, 2017 · 7 comments

Comments

@mikehacksthings
Copy link

There's an issue with the SSH credential scanner where it passes an invalid target to the connection. This raises gaierror Exception: [Errno -2] Name or service not known.

[16:25:58][scan_engine][_scan] 4 scanners remaining
[16:25:58][scanner][check_success] Invalid Raspberry Pi default cred pi:raspberry at ssh://192.168.1.162:22:22
[16:25:58][scanner][check_success] gaierror Exception: [Errno -2] Name or service not known
[16:25:58][scan_engine][_scan] 3 scanners remaining
[16:25:58][scanner][check_success] Invalid AT&T Arris NVG589 & NVG599 (SharknAT&To) default cred remotessh:5SaP9I26 at ssh://192.168.1.162:22:22
[16:25:58][scanner][check_success] gaierror Exception: [Errno -2] Name or service not known
[16:25:58][scan_engine][_scan] 2 scanners remaining
[16:25:58][scanner][check_success] Invalid ssh default cred root:password at ssh://192.168.1.162:22:22
[16:25:58][scanner][check_success] gaierror Exception: [Errno -2] Name or service not known
[16:25:58][scan_engine][_scan] 1 scanners remaining
[16:25:58][scanner][check_success] Invalid ssh default cred root:root at ssh://192.168.1.162:22:22
[16:25:58][scanner][check_success] gaierror Exception: [Errno -2] Name or service not known

This appears to be due to the fact that self.target in ssh.py contains the protocol and the port ssh://:22 when being passed as hostname to the paramiko connect() function in ssh.py.
@Graph-X
Copy link
Contributor

Graph-X commented Sep 28, 2017

What are the command line options you are using? I'm trying to replicate this issue and the stupid won't error out for me.

@mikehacksthings
Copy link
Author

I set up a target to test this out which was a raspberry pi running with default credentials. The command line options I used to test it were:
$ ./changeme.py --debug --verbose --protocols ssh ip

@ztgrace
Copy link
Owner

ztgrace commented Sep 28, 2017

I've been able to replicate this, and should have fixes pushed soon. I'm working to get some additional unit tests in place so similar regressions don't happen in the future.

@Graph-X
Copy link
Contributor

Graph-X commented Sep 28, 2017

I'm the only one that couldn't replicate? Wow, that's counter to normal process. I'm usually the one doing it wrong.

@ztgrace
Copy link
Owner

ztgrace commented Sep 28, 2017

The issue is that in the current paramiko connect statement, it uses self.target which calls the Target.__str__ method that includes the protocol and passes something like ssh://192.168.1.1 to paramiko which blows up. So the fix is to call self.target.host to get back the direct host/ip without the protocol.

ztgrace added a commit that referenced this issue Sep 28, 2017
@ztgrace
Fixing #39 and some other minor bugs
2cb87c9
@ztgrace ztgrace mentioned this issue Sep 28, 2017
Merged
@ztgrace
Copy link
Owner

ztgrace commented Sep 28, 2017

@mikehacksthings ssh & ssh_key scanners should be fixed

@mikehacksthings
Copy link
Author

Confirmed that the recent pull fixes this issue. Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@ztgrace @Graph-X @mikehacksthings