fixed ssh on different port bugs

This commit is contained in:
Barak Hoffer 2015-10-12 17:42:54 +03:00
parent 92584a662a
commit 4731df114c
2 changed files with 11 additions and 10 deletions

View File

@ -31,6 +31,7 @@ class SSHExploiter(HostExploiter):
ssh.set_missing_host_key_policy(paramiko.WarningPolicy()) ssh.set_missing_host_key_policy(paramiko.WarningPolicy())
port = SSH_PORT port = SSH_PORT
# if ssh banner found on different port, use that port.
for servkey,servdata in host.services.items(): for servkey,servdata in host.services.items():
if servdata.get('name') == 'ssh' and servkey.startswith('tcp-'): if servdata.get('name') == 'ssh' and servkey.startswith('tcp-'):
port = int(servkey.replace('tcp-','')) port = int(servkey.replace('tcp-',''))

View File

@ -11,7 +11,7 @@ from network.tools import check_port_tcp
from model.host import VictimHost from model.host import VictimHost
SSH_PORT = 22 SSH_PORT = 22
SSH_SERVICE = 'tcp-22' SSH_SERVICE_DEFAULT = 'tcp-22'
SSH_REGEX = 'SSH-\d\.\d-OpenSSH' SSH_REGEX = 'SSH-\d\.\d-OpenSSH'
TIMEOUT = 10 TIMEOUT = 10
BANNER_READ = 1024 BANNER_READ = 1024
@ -22,8 +22,8 @@ class SSHFinger(HostFinger):
self._config = __import__('config').WormConfiguration self._config = __import__('config').WormConfiguration
self._banner_regex = re.compile(SSH_REGEX, re.IGNORECASE) self._banner_regex = re.compile(SSH_REGEX, re.IGNORECASE)
def _banner_match(self, host, banner): def _banner_match(self, service, host, banner):
host.services[SSH_SERVICE]['name'] = 'ssh' host.services[service]['name'] = 'ssh'
for dist in LINUX_DIST_SSH: for dist in LINUX_DIST_SSH:
if banner.lower().find(dist) != -1: if banner.lower().find(dist) != -1:
host.os['type'] = 'linux' host.os['type'] = 'linux'
@ -31,27 +31,27 @@ class SSHFinger(HostFinger):
if not host.os.has_key('version'): if not host.os.has_key('version'):
host.os['version'] = os_version host.os['version'] = os_version
else: else:
host.services[SSH_SERVICE]['os-version'] = os_version host.services[service]['os-version'] = os_version
break break
def get_host_fingerprint(self, host): def get_host_fingerprint(self, host):
assert isinstance(host, VictimHost) assert isinstance(host, VictimHost)
for service in host.services.values(): for name,data in host.services.items():
banner = service.get('banner', '') banner = data.get('banner', '')
if self._banner_regex.search(banner): if self._banner_regex.search(banner):
self._banner_match(host, banner) self._banner_match(name, host, banner)
return return
is_open, banner = check_port_tcp(host.ip_addr, SSH_PORT, TIMEOUT, True) is_open, banner = check_port_tcp(host.ip_addr, SSH_PORT, TIMEOUT, True)
if is_open: if is_open:
host.services[SSH_SERVICE] = {} host.services[SSH_SERVICE_DEFAULT] = {}
if banner: if banner:
host.services[SSH_SERVICE]['banner'] = banner host.services[SSH_SERVICE_DEFAULT]['banner'] = banner
if self._banner_regex.search(banner): if self._banner_regex.search(banner):
self._banner_match(host, banner) self._banner_match(SSH_SERVICE_DEFAULT, host, banner)
return True return True
return False return False