forked from p15670423/monkey
fixed ssh on different port bugs
This commit is contained in:
parent
92584a662a
commit
4731df114c
|
@ -31,6 +31,7 @@ class SSHExploiter(HostExploiter):
|
||||||
ssh.set_missing_host_key_policy(paramiko.WarningPolicy())
|
ssh.set_missing_host_key_policy(paramiko.WarningPolicy())
|
||||||
|
|
||||||
port = SSH_PORT
|
port = SSH_PORT
|
||||||
|
# if ssh banner found on different port, use that port.
|
||||||
for servkey,servdata in host.services.items():
|
for servkey,servdata in host.services.items():
|
||||||
if servdata.get('name') == 'ssh' and servkey.startswith('tcp-'):
|
if servdata.get('name') == 'ssh' and servkey.startswith('tcp-'):
|
||||||
port = int(servkey.replace('tcp-',''))
|
port = int(servkey.replace('tcp-',''))
|
||||||
|
|
|
@ -11,7 +11,7 @@ from network.tools import check_port_tcp
|
||||||
from model.host import VictimHost
|
from model.host import VictimHost
|
||||||
|
|
||||||
SSH_PORT = 22
|
SSH_PORT = 22
|
||||||
SSH_SERVICE = 'tcp-22'
|
SSH_SERVICE_DEFAULT = 'tcp-22'
|
||||||
SSH_REGEX = 'SSH-\d\.\d-OpenSSH'
|
SSH_REGEX = 'SSH-\d\.\d-OpenSSH'
|
||||||
TIMEOUT = 10
|
TIMEOUT = 10
|
||||||
BANNER_READ = 1024
|
BANNER_READ = 1024
|
||||||
|
@ -22,8 +22,8 @@ class SSHFinger(HostFinger):
|
||||||
self._config = __import__('config').WormConfiguration
|
self._config = __import__('config').WormConfiguration
|
||||||
self._banner_regex = re.compile(SSH_REGEX, re.IGNORECASE)
|
self._banner_regex = re.compile(SSH_REGEX, re.IGNORECASE)
|
||||||
|
|
||||||
def _banner_match(self, host, banner):
|
def _banner_match(self, service, host, banner):
|
||||||
host.services[SSH_SERVICE]['name'] = 'ssh'
|
host.services[service]['name'] = 'ssh'
|
||||||
for dist in LINUX_DIST_SSH:
|
for dist in LINUX_DIST_SSH:
|
||||||
if banner.lower().find(dist) != -1:
|
if banner.lower().find(dist) != -1:
|
||||||
host.os['type'] = 'linux'
|
host.os['type'] = 'linux'
|
||||||
|
@ -31,27 +31,27 @@ class SSHFinger(HostFinger):
|
||||||
if not host.os.has_key('version'):
|
if not host.os.has_key('version'):
|
||||||
host.os['version'] = os_version
|
host.os['version'] = os_version
|
||||||
else:
|
else:
|
||||||
host.services[SSH_SERVICE]['os-version'] = os_version
|
host.services[service]['os-version'] = os_version
|
||||||
break
|
break
|
||||||
|
|
||||||
def get_host_fingerprint(self, host):
|
def get_host_fingerprint(self, host):
|
||||||
assert isinstance(host, VictimHost)
|
assert isinstance(host, VictimHost)
|
||||||
|
|
||||||
for service in host.services.values():
|
for name,data in host.services.items():
|
||||||
banner = service.get('banner', '')
|
banner = data.get('banner', '')
|
||||||
if self._banner_regex.search(banner):
|
if self._banner_regex.search(banner):
|
||||||
self._banner_match(host, banner)
|
self._banner_match(name, host, banner)
|
||||||
return
|
return
|
||||||
|
|
||||||
is_open, banner = check_port_tcp(host.ip_addr, SSH_PORT, TIMEOUT, True)
|
is_open, banner = check_port_tcp(host.ip_addr, SSH_PORT, TIMEOUT, True)
|
||||||
|
|
||||||
if is_open:
|
if is_open:
|
||||||
host.services[SSH_SERVICE] = {}
|
host.services[SSH_SERVICE_DEFAULT] = {}
|
||||||
|
|
||||||
if banner:
|
if banner:
|
||||||
host.services[SSH_SERVICE]['banner'] = banner
|
host.services[SSH_SERVICE_DEFAULT]['banner'] = banner
|
||||||
if self._banner_regex.search(banner):
|
if self._banner_regex.search(banner):
|
||||||
self._banner_match(host, banner)
|
self._banner_match(SSH_SERVICE_DEFAULT, host, banner)
|
||||||
return True
|
return True
|
||||||
|
|
||||||
return False
|
return False
|
Loading…
Reference in New Issue