fixed ssh on different port bugs

chaos_monkey/exploit/sshexec.py

@@ -31,6 +31,7 @@ class SSHExploiter(HostExploiter):
         ssh.set_missing_host_key_policy(paramiko.WarningPolicy())
 
         port = SSH_PORT
+        # if ssh banner found on different port, use that port.
         for servkey,servdata in host.services.items():
             if servdata.get('name') == 'ssh' and servkey.startswith('tcp-'):
                 port = int(servkey.replace('tcp-',''))

chaos_monkey/network/sshfinger.py

@@ -11,7 +11,7 @@ from network.tools import check_port_tcp
 from model.host import VictimHost
 
 SSH_PORT = 22
-SSH_SERVICE = 'tcp-22'
+SSH_SERVICE_DEFAULT = 'tcp-22'
 SSH_REGEX = 'SSH-\d\.\d-OpenSSH'
 TIMEOUT = 10
 BANNER_READ = 1024
@@ -22,8 +22,8 @@ class SSHFinger(HostFinger):
         self._config = __import__('config').WormConfiguration
         self._banner_regex = re.compile(SSH_REGEX, re.IGNORECASE)
 
-    def _banner_match(self, host, banner):
+    def _banner_match(self, service, host, banner):
-        host.services[SSH_SERVICE]['name'] = 'ssh'
+        host.services[service]['name'] = 'ssh'
         for dist in LINUX_DIST_SSH:
             if banner.lower().find(dist) != -1:
                 host.os['type'] = 'linux'
@@ -31,27 +31,27 @@ class SSHFinger(HostFinger):
                 if not host.os.has_key('version'):
                     host.os['version'] = os_version
                 else:
-                    host.services[SSH_SERVICE]['os-version'] = os_version
+                    host.services[service]['os-version'] = os_version
                 break
 
     def get_host_fingerprint(self, host):
         assert isinstance(host, VictimHost)
 
-        for service in host.services.values():
+        for name,data in host.services.items():
-            banner = service.get('banner', '')
+            banner = data.get('banner', '')
             if self._banner_regex.search(banner):
-                self._banner_match(host, banner)
+                self._banner_match(name, host, banner)
                 return
 
         is_open, banner = check_port_tcp(host.ip_addr, SSH_PORT, TIMEOUT, True)
 
         if is_open:
-            host.services[SSH_SERVICE] = {}
+            host.services[SSH_SERVICE_DEFAULT] = {}
 
             if banner:
-                host.services[SSH_SERVICE]['banner'] = banner
+                host.services[SSH_SERVICE_DEFAULT]['banner'] = banner
                 if self._banner_regex.search(banner):
-                    self._banner_match(host, banner)
+                    self._banner_match(SSH_SERVICE_DEFAULT, host, banner)
                 return True
 
         return False