From de27812fe4d5a4b497c37ac5f29a99fbfb87245b Mon Sep 17 00:00:00 2001 From: batrick Date: Mon, 18 Aug 2014 03:12:00 +0000 Subject: [PATCH] Revert libssh2 branch, for now. $ svn merge -r r33518:r33513 . and removed added scripts to the script.db. The branch needs further refinement/testing for Windows and Mac before merging into the trunk. There is also the latent EOF bug which is giving performance issues. Further work on the branch will continue in Devin's latest branch: /nmap-exp/devin/nmap-libssh2 --- Makefile.in | 7 +- aclocal.m4 | 59 ++--- configure | 183 +------------- configure.ac | 32 --- nmap_config.h.in | 2 - nse_libssh2.cc | 463 ----------------------------------- nse_libssh2.h | 8 - nse_main.cc | 4 - nselib/libssh2.luadoc | 71 ------ nselib/ssh1.lua | 6 - scripts/script.db | 1 - scripts/ssh-auth-methods.nse | 37 --- scripts/ssh-brute.nse | 118 --------- scripts/ssh-vuln-hostkey.nse | 128 ---------- 14 files changed, 27 insertions(+), 1092 deletions(-) delete mode 100644 nse_libssh2.cc delete mode 100644 nse_libssh2.h delete mode 100644 nselib/libssh2.luadoc delete mode 100644 scripts/ssh-auth-methods.nse delete mode 100644 scripts/ssh-brute.nse delete mode 100644 scripts/ssh-vuln-hostkey.nse diff --git a/Makefile.in b/Makefile.in index 94e7fe217..325e102c3 100644 --- a/Makefile.in +++ b/Makefile.in @@ -50,7 +50,7 @@ export CFLAGS = $(CXXFLAGS) # CFLAGS = $(DEFS) $(INCLS) STATIC = LDFLAGS = @LDFLAGS@ $(DBGFLAGS) $(STATIC) -LIBS = @LIBNBASE_LIBS@ @LIBNSOCK_LIBS@ @LIBPCRE_LIBS@ @LIBPCAP_LIBS@ $(OPENSSL_LIBS) libnetutil/libnetutil.a @LIBDNET_LIBS@ @LIBLUA_LIBS@ @LIBLINEAR_LIBS@ @LIBSSH2_LIBS@ @LIBS@ +LIBS = @LIBNBASE_LIBS@ @LIBNSOCK_LIBS@ @LIBPCRE_LIBS@ @LIBPCAP_LIBS@ $(OPENSSL_LIBS) libnetutil/libnetutil.a @LIBDNET_LIBS@ @LIBLUA_LIBS@ @LIBLINEAR_LIBS@ @LIBS@ OPENSSL_LIBS = @OPENSSL_LIBS@ # LIBS = -lefence @LIBS@ # LIBS = -lrmalloc @LIBS@ @@ -89,11 +89,6 @@ ifneq (@LIBLUA_LIBS@,) NSE_SRC=nse_main.cc nse_utility.cc nse_nsock.cc nse_dnet.cc nse_fs.cc nse_nmaplib.cc nse_debug.cc nse_pcrelib.cc nse_binlib.cc nse_bit.cc nse_lpeg.cc NSE_HDRS=nse_main.h nse_utility.h nse_nsock.h nse_dnet.h nse_fs.h nse_nmaplib.h nse_debug.h nse_pcrelib.h nse_binlib.h nse_bit.h nse_lpeg.h NSE_OBJS=nse_main.o nse_utility.o nse_nsock.o nse_dnet.o nse_fs.o nse_nmaplib.o nse_debug.o nse_pcrelib.o nse_binlib.o nse_bit.o nse_lpeg.o -ifneq (@LIBSSH2_LIBS@,) -NSE_SRC+=nse_libssh2.cc -NSE_HDRS+=nse_libssh2.h -NSE_OBJS+=nse_libssh2.o -endif ifneq (@OPENSSL_LIBS@,) NSE_SRC+=nse_openssl.cc nse_ssl_cert.cc NSE_HDRS+=nse_openssl.h nse_ssl_cert.h diff --git a/aclocal.m4 b/aclocal.m4 index 69c2277ee..09beee396 100644 --- a/aclocal.m4 +++ b/aclocal.m4 @@ -1,4 +1,4 @@ -# generated automatically by aclocal 1.14.1 -*- Autoconf -*- +# generated automatically by aclocal 1.11.6 -*- Autoconf -*- # Copyright (C) 1996-2014 Free Software Foundation, Inc. @@ -11,9 +11,8 @@ # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. -m4_ifndef([AC_CONFIG_MACRO_DIRS], [m4_defun([_AM_CONFIG_MACRO_DIRS], [])m4_defun([AC_CONFIG_MACRO_DIRS], [_AM_CONFIG_MACRO_DIRS($@)])]) # nls.m4 serial 5 (gettext-0.18) -dnl Copyright (C) 1995-2003, 2005-2006, 2008-2013 Free Software Foundation, +dnl Copyright (C) 1995-2003, 2005-2006, 2008-2010 Free Software Foundation, dnl Inc. dnl This file is free software; the Free Software Foundation dnl gives unlimited permission to copy and/or distribute it, @@ -45,12 +44,14 @@ AC_DEFUN([AM_NLS], AC_SUBST([USE_NLS]) ]) -# Copyright (C) 1999-2013 Free Software Foundation, Inc. +# Copyright (C) 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2008, 2009, +# 2011 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. +# serial 2 # AM_PATH_PYTHON([MINIMUM-VERSION], [ACTION-IF-FOUND], [ACTION-IF-NOT-FOUND]) # --------------------------------------------------------------------------- @@ -79,7 +80,7 @@ AC_DEFUN([AM_PATH_PYTHON], dnl Find a Python interpreter. Python versions prior to 2.0 are not dnl supported. (2.0 was released on October 16, 2000). m4_define_default([_AM_PYTHON_INTERPRETER_LIST], -[python python2 python3 python3.3 python3.2 python3.1 python3.0 python2.7 dnl +[python python2 python3 python3.2 python3.1 python3.0 python2.7 dnl python2.6 python2.5 python2.4 python2.3 python2.2 python2.1 python2.0]) AC_ARG_VAR([PYTHON], [the Python interpreter]) @@ -95,11 +96,10 @@ AC_DEFUN([AM_PATH_PYTHON], dnl A version check is needed. if test -n "$PYTHON"; then # If the user set $PYTHON, use it and don't search something else. - AC_MSG_CHECKING([whether $PYTHON version is >= $1]) + AC_MSG_CHECKING([whether $PYTHON version >= $1]) AM_PYTHON_CHECK_VERSION([$PYTHON], [$1], - [AC_MSG_RESULT([yes])], - [AC_MSG_RESULT([no]) - AC_MSG_ERROR([Python interpreter is too old])]) + [AC_MSG_RESULT(yes)], + [AC_MSG_ERROR(too old)]) am_display_PYTHON=$PYTHON else # Otherwise, try each interpreter until we find one that satisfies @@ -148,25 +148,6 @@ AC_DEFUN([AM_PATH_PYTHON], [am_cv_python_platform=`$PYTHON -c "import sys; sys.stdout.write(sys.platform)"`]) AC_SUBST([PYTHON_PLATFORM], [$am_cv_python_platform]) - # Just factor out some code duplication. - am_python_setup_sysconfig="\ -import sys -# Prefer sysconfig over distutils.sysconfig, for better compatibility -# with python 3.x. See automake bug#10227. -try: - import sysconfig -except ImportError: - can_use_sysconfig = 0 -else: - can_use_sysconfig = 1 -# Can't use sysconfig in CPython 2.7, since it's broken in virtualenvs: -# -try: - from platform import python_implementation - if python_implementation() == 'CPython' and sys.version[[:3]] == '2.7': - can_use_sysconfig = 0 -except ImportError: - pass" dnl Set up 4 directories: @@ -183,14 +164,7 @@ except ImportError: else am_py_prefix=$prefix fi - am_cv_python_pythondir=`$PYTHON -c " -$am_python_setup_sysconfig -if can_use_sysconfig: - sitedir = sysconfig.get_path('purelib', vars={'base':'$am_py_prefix'}) -else: - from distutils import sysconfig - sitedir = sysconfig.get_python_lib(0, 0, prefix='$am_py_prefix') -sys.stdout.write(sitedir)"` + am_cv_python_pythondir=`$PYTHON -c "import sys; from distutils import sysconfig; sys.stdout.write(sysconfig.get_python_lib(0,0,prefix='$am_py_prefix'))" 2>/dev/null` case $am_cv_python_pythondir in $am_py_prefix*) am__strip_prefix=`echo "$am_py_prefix" | sed 's|.|.|g'` @@ -225,14 +199,7 @@ sys.stdout.write(sitedir)"` else am_py_exec_prefix=$exec_prefix fi - am_cv_python_pyexecdir=`$PYTHON -c " -$am_python_setup_sysconfig -if can_use_sysconfig: - sitedir = sysconfig.get_path('platlib', vars={'platbase':'$am_py_prefix'}) -else: - from distutils import sysconfig - sitedir = sysconfig.get_python_lib(1, 0, prefix='$am_py_prefix') -sys.stdout.write(sitedir)"` + am_cv_python_pyexecdir=`$PYTHON -c "import sys; from distutils import sysconfig; sys.stdout.write(sysconfig.get_python_lib(1,0,prefix='$am_py_exec_prefix'))" 2>/dev/null` case $am_cv_python_pyexecdir in $am_py_exec_prefix*) am__strip_prefix=`echo "$am_py_exec_prefix" | sed 's|.|.|g'` @@ -280,12 +247,14 @@ for i in list(range(0, 4)): minverhex = (minverhex << 8) + minver[[i]] sys.exit(sys.hexversion < minverhex)" AS_IF([AM_RUN_LOG([$1 -c "$prog"])], [$3], [$4])]) -# Copyright (C) 2001-2013 Free Software Foundation, Inc. +# Copyright (C) 2001, 2003, 2005, 2011 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. +# serial 1 + # AM_RUN_LOG(COMMAND) # ------------------- # Run COMMAND, save the exit status in ac_status, and log it. diff --git a/configure b/configure index 19863ad6f..2c82adbad 100755 --- a/configure +++ b/configure @@ -661,7 +661,6 @@ DNET_BUILD DNET_DEPENDS LIBDNETDIR LIBDNET_LIBS -LIBSSH2_LIBS PCRE_DIST_CLEAN PCRE_CLEAN PCRE_BUILD @@ -782,7 +781,6 @@ with_nping with_openssl with_libpcap with_libpcre -with_libssh2 with_libdnet with_liblua with_liblinear @@ -1441,7 +1439,6 @@ Optional Packages: --with-libpcre=DIR Use an existing (compiled) pcre lib from DIR/include and DIR/lib. --with-libpcre=included Always use the version included with Nmap - --with-libssh2=DIR Use speficic copy of libssh2 --with-libdnet=DIR Use an existing (compiled) dnet lib from DIR/include and DIR/lib. This is NOT RECOMMENDED because we have made many important fixes to our included libdnet, @@ -5466,8 +5463,8 @@ if test "$with_ndiff" != "no"; then if test -n "$PYTHON"; then # If the user set $PYTHON, use it and don't search something else. - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $PYTHON version is >= 2.4" >&5 -$as_echo_n "checking whether $PYTHON version is >= 2.4... " >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $PYTHON version >= 2.4" >&5 +$as_echo_n "checking whether $PYTHON version >= 2.4... " >&6; } prog="import sys # split strings by '.' and convert to numeric. Append some zeros # because we need at least 4 digits for the hex conversion. @@ -5485,9 +5482,7 @@ sys.exit(sys.hexversion < minverhex)" { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - as_fn_error $? "Python interpreter is too old" "$LINENO" 5 + as_fn_error $? "too old" "$LINENO" 5 fi am_display_PYTHON=$PYTHON else @@ -5499,7 +5494,7 @@ if ${am_cv_pathless_PYTHON+:} false; then : $as_echo_n "(cached) " >&6 else - for am_cv_pathless_PYTHON in python python2 python3 python3.3 python3.2 python3.1 python3.0 python2.7 python2.6 python2.5 python2.4 python2.3 python2.2 python2.1 python2.0 none; do + for am_cv_pathless_PYTHON in python python2 python3 python3.2 python3.1 python3.0 python2.7 python2.6 python2.5 python2.4 python2.3 python2.2 python2.1 python2.0 none; do test "$am_cv_pathless_PYTHON" = none && break prog="import sys # split strings by '.' and convert to numeric. Append some zeros @@ -5615,25 +5610,6 @@ $as_echo "$am_cv_python_platform" >&6; } PYTHON_PLATFORM=$am_cv_python_platform - # Just factor out some code duplication. - am_python_setup_sysconfig="\ -import sys -# Prefer sysconfig over distutils.sysconfig, for better compatibility -# with python 3.x. See automake bug#10227. -try: - import sysconfig -except ImportError: - can_use_sysconfig = 0 -else: - can_use_sysconfig = 1 -# Can't use sysconfig in CPython 2.7, since it's broken in virtualenvs: -# -try: - from platform import python_implementation - if python_implementation() == 'CPython' and sys.version[:3] == '2.7': - can_use_sysconfig = 0 -except ImportError: - pass" { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $am_display_PYTHON script directory" >&5 @@ -5647,14 +5623,7 @@ else else am_py_prefix=$prefix fi - am_cv_python_pythondir=`$PYTHON -c " -$am_python_setup_sysconfig -if can_use_sysconfig: - sitedir = sysconfig.get_path('purelib', vars={'base':'$am_py_prefix'}) -else: - from distutils import sysconfig - sitedir = sysconfig.get_python_lib(0, 0, prefix='$am_py_prefix') -sys.stdout.write(sitedir)"` + am_cv_python_pythondir=`$PYTHON -c "import sys; from distutils import sysconfig; sys.stdout.write(sysconfig.get_python_lib(0,0,prefix='$am_py_prefix'))" 2>/dev/null` case $am_cv_python_pythondir in $am_py_prefix*) am__strip_prefix=`echo "$am_py_prefix" | sed 's|.|.|g'` @@ -5691,14 +5660,7 @@ else else am_py_exec_prefix=$exec_prefix fi - am_cv_python_pyexecdir=`$PYTHON -c " -$am_python_setup_sysconfig -if can_use_sysconfig: - sitedir = sysconfig.get_path('platlib', vars={'platbase':'$am_py_prefix'}) -else: - from distutils import sysconfig - sitedir = sysconfig.get_python_lib(1, 0, prefix='$am_py_prefix') -sys.stdout.write(sitedir)"` + am_cv_python_pyexecdir=`$PYTHON -c "import sys; from distutils import sysconfig; sys.stdout.write(sysconfig.get_python_lib(1,0,prefix='$am_py_exec_prefix'))" 2>/dev/null` case $am_cv_python_pyexecdir in $am_py_exec_prefix*) am__strip_prefix=`echo "$am_py_exec_prefix" | sed 's|.|.|g'` @@ -5770,8 +5732,8 @@ if test "$with_zenmap" != "no"; then if test -n "$PYTHON"; then # If the user set $PYTHON, use it and don't search something else. - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $PYTHON version is >= 2.4" >&5 -$as_echo_n "checking whether $PYTHON version is >= 2.4... " >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $PYTHON version >= 2.4" >&5 +$as_echo_n "checking whether $PYTHON version >= 2.4... " >&6; } prog="import sys # split strings by '.' and convert to numeric. Append some zeros # because we need at least 4 digits for the hex conversion. @@ -5789,9 +5751,7 @@ sys.exit(sys.hexversion < minverhex)" { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - as_fn_error $? "Python interpreter is too old" "$LINENO" 5 + as_fn_error $? "too old" "$LINENO" 5 fi am_display_PYTHON=$PYTHON else @@ -5803,7 +5763,7 @@ if ${am_cv_pathless_PYTHON+:} false; then : $as_echo_n "(cached) " >&6 else - for am_cv_pathless_PYTHON in python python2 python3 python3.3 python3.2 python3.1 python3.0 python2.7 python2.6 python2.5 python2.4 python2.3 python2.2 python2.1 python2.0 none; do + for am_cv_pathless_PYTHON in python python2 python3 python3.2 python3.1 python3.0 python2.7 python2.6 python2.5 python2.4 python2.3 python2.2 python2.1 python2.0 none; do test "$am_cv_pathless_PYTHON" = none && break prog="import sys # split strings by '.' and convert to numeric. Append some zeros @@ -5919,25 +5879,6 @@ $as_echo "$am_cv_python_platform" >&6; } PYTHON_PLATFORM=$am_cv_python_platform - # Just factor out some code duplication. - am_python_setup_sysconfig="\ -import sys -# Prefer sysconfig over distutils.sysconfig, for better compatibility -# with python 3.x. See automake bug#10227. -try: - import sysconfig -except ImportError: - can_use_sysconfig = 0 -else: - can_use_sysconfig = 1 -# Can't use sysconfig in CPython 2.7, since it's broken in virtualenvs: -# -try: - from platform import python_implementation - if python_implementation() == 'CPython' and sys.version[:3] == '2.7': - can_use_sysconfig = 0 -except ImportError: - pass" { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $am_display_PYTHON script directory" >&5 @@ -5951,14 +5892,7 @@ else else am_py_prefix=$prefix fi - am_cv_python_pythondir=`$PYTHON -c " -$am_python_setup_sysconfig -if can_use_sysconfig: - sitedir = sysconfig.get_path('purelib', vars={'base':'$am_py_prefix'}) -else: - from distutils import sysconfig - sitedir = sysconfig.get_python_lib(0, 0, prefix='$am_py_prefix') -sys.stdout.write(sitedir)"` + am_cv_python_pythondir=`$PYTHON -c "import sys; from distutils import sysconfig; sys.stdout.write(sysconfig.get_python_lib(0,0,prefix='$am_py_prefix'))" 2>/dev/null` case $am_cv_python_pythondir in $am_py_prefix*) am__strip_prefix=`echo "$am_py_prefix" | sed 's|.|.|g'` @@ -5995,14 +5929,7 @@ else else am_py_exec_prefix=$exec_prefix fi - am_cv_python_pyexecdir=`$PYTHON -c " -$am_python_setup_sysconfig -if can_use_sysconfig: - sitedir = sysconfig.get_path('platlib', vars={'platbase':'$am_py_prefix'}) -else: - from distutils import sysconfig - sitedir = sysconfig.get_python_lib(1, 0, prefix='$am_py_prefix') -sys.stdout.write(sitedir)"` + am_cv_python_pyexecdir=`$PYTHON -c "import sys; from distutils import sysconfig; sys.stdout.write(sysconfig.get_python_lib(1,0,prefix='$am_py_exec_prefix'))" 2>/dev/null` case $am_cv_python_pyexecdir in $am_py_exec_prefix*) am__strip_prefix=`echo "$am_py_exec_prefix" | sed 's|.|.|g'` @@ -6740,92 +6667,6 @@ fi - -have_libssh2=no - -# Check whether --with-libssh2 was given. -if test "${with_libssh2+set}" = set; then : - withval=$with_libssh2; case "$with_libssh2" in - yes) - have_libssh2=yes - ;; - included) - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: \"Libssh2 is not included with Nmap. Will try to find system version\"" >&5 -$as_echo "$as_me: WARNING: \"Libssh2 is not included with Nmap. Will try to find system version\"" >&2;} - ;; - *) - have_libssh2=yes - CPPFLAGS="-I$with_libssh2/include $CPPFLAGS" - LDFLAGS="-L$with_libssh2/lib $LDFLAGS" - ;; - esac - -fi - - -if test $have_libssh2 != yes; then - for ac_header in libssh2.h -do : - ac_fn_c_check_header_mongrel "$LINENO" "libssh2.h" "ac_cv_header_libssh2_h" "$ac_includes_default" -if test "x$ac_cv_header_libssh2_h" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_LIBSSH2_H 1 -_ACEOF - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for libssh2_version in -lssh2" >&5 -$as_echo_n "checking for libssh2_version in -lssh2... " >&6; } -if ${ac_cv_lib_ssh2_libssh2_version+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_check_lib_save_LIBS=$LIBS -LIBS="-lssh2 -lm $LIBS" -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char libssh2_version (); -int -main () -{ -return libssh2_version (); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - ac_cv_lib_ssh2_libssh2_version=yes -else - ac_cv_lib_ssh2_libssh2_version=no -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_ssh2_libssh2_version" >&5 -$as_echo "$ac_cv_lib_ssh2_libssh2_version" >&6; } -if test "x$ac_cv_lib_ssh2_libssh2_version" = xyes; then : - have_libssh2=yes; break -fi - - -fi - -done - -fi - -LIBSSH2_LIBS= -if test $have_libssh2 = yes; then - LIBSSH2_LIBS="-lssh2" - $as_echo "#define HAVE_LIBSSH2 1" >>confdefs.h - -fi - - have_dnet=no requested_included_dnet=no LIBDNETDIR=libdnet-stripped diff --git a/configure.ac b/configure.ac index 9a32e6db6..e8394859d 100644 --- a/configure.ac +++ b/configure.ac @@ -509,38 +509,6 @@ AC_SUBST(PCRE_BUILD) AC_SUBST(PCRE_CLEAN) AC_SUBST(PCRE_DIST_CLEAN) - -have_libssh2=no -AC_ARG_WITH(libssh2, -AC_HELP_STRING([--with-libssh2=DIR], [Use speficic copy of libssh2]), -[ case "$with_libssh2" in - yes) - have_libssh2=yes - ;; - included) - AC_MSG_WARN("Libssh2 is not included with Nmap. Will try to find system version") - ;; - *) - have_libssh2=yes - CPPFLAGS="-I$with_libssh2/include $CPPFLAGS" - LDFLAGS="-L$with_libssh2/lib $LDFLAGS" - ;; - esac] -) - -if test $have_libssh2 != yes; then - AC_CHECK_HEADERS([libssh2.h], - AC_CHECK_LIB(ssh2, libssh2_version, [have_libssh2=yes; break],, [-lm]) - ) -fi - -LIBSSH2_LIBS= -if test $have_libssh2 = yes; then - LIBSSH2_LIBS="-lssh2" - AC_DEFINE(HAVE_LIBSSH2) -fi -AC_SUBST(LIBSSH2_LIBS) - have_dnet=no requested_included_dnet=no LIBDNETDIR=libdnet-stripped diff --git a/nmap_config.h.in b/nmap_config.h.in index 24ab46e19..f16fc77ad 100644 --- a/nmap_config.h.in +++ b/nmap_config.h.in @@ -175,8 +175,6 @@ #undef HAVE_PCRE_H -#undef HAVE_LIBSSH2 - #undef HAVE_PCRE_PCRE_H #undef BSD_NETWORKING diff --git a/nse_libssh2.cc b/nse_libssh2.cc deleted file mode 100644 index ab07c6699..000000000 --- a/nse_libssh2.cc +++ /dev/null @@ -1,463 +0,0 @@ -/* Binding for the libssh2 library. Note that there is not a one-to-one correspondance - * between functions in libssh2 and the binding. - * Currently, during the ssh2 handshake, a call to nsock.recieve may result in an EOF - * error. This appears to only occur when stressing the ssh server (ie during a brute - * force attempt) or while behind a restrictive firewall/IDS. - * by Devin Bjelland - */ - -extern "C" { - #include "lua.h" - #include "lauxlib.h" -} - -#include "nse_debug.h" -#include "nse_nsock.h" -#include "nse_utility.h" - -#include - -#include -#include -#include - -#include -#include -#include - -#include -#include -#include -#include - -enum { - SSH2_UDATA = lua_upvalueindex(1) -}; - -struct ssh_userdata { - int sp[2]; - LIBSSH2_SESSION *session; -}; - -static int ssh_error (lua_State *L, LIBSSH2_SESSION *session, const char *msg) -{ - char *errmsg; - libssh2_session_last_error(session, &errmsg, NULL, 0); - return nseU_safeerror(L, "%s: %s", msg, errmsg); -} - -static int finish_send (lua_State *L) -{ - if (lua_toboolean(L, -2)) { - return 0; - } else { - return lua_error(L); /* uses idx 6 */ - } -} - -static int finish_read (lua_State *L) -{ - struct ssh_userdata *sshu = (struct ssh_userdata *) nseU_checkudata(L, 1, SSH2_UDATA, "ssh2"); - - if (lua_toboolean(L, -2)) { - size_t n = 0; - size_t l; - lua_getuservalue(L, 1); - lua_getfield(L, -1, "sp_buff"); - lua_pushvalue(L, 3); - lua_concat(L, 2); - const char *data = lua_tolstring(L, -1, &l); - lua_pushliteral(L, ""); - lua_setfield(L, 4, "sp_buff"); - while (n < l) { - int rc = write(sshu->sp[1], data+n, l-n); - if(rc == -1 && errno != EAGAIN) { - luaL_error(L, "Writing to socket pair: %s", strerror(errno)); - } else if(rc == -1 && errno == EAGAIN) { - lua_pushlstring(L, data+n, l-n); - lua_setfield(L, 4, "sp_buff"); - break; - } else { - n += rc; - } - } - return 0; - } else { - return lua_error(L); /* uses idx 6 */ - } -} - -static int filter (lua_State *L) -{ - int rc; - char data[4096]; - struct ssh_userdata *sshu = (struct ssh_userdata *) nseU_checkudata(L, 1, SSH2_UDATA, "ssh2"); - - lua_getuservalue(L, 1); - lua_getfield(L, -1, "sock"); - lua_replace(L, -2); - - rc = read(sshu->sp[1], data, sizeof(data)); - if (rc > 0) { - //write data to nsock socket - lua_getfield(L, -1, "send"); - lua_insert(L, -2); /* swap */ - lua_pushlstring(L, data, rc); - lua_callk(L, 2, 2, 0, finish_send); - return finish_send(L); - } else if (rc == -1 && errno != EAGAIN) { - luaL_error(L, "%s", strerror(errno)); - } - - lua_getfield(L, -1, "receive"); - lua_insert(L, -2); /* swap */ - lua_callk(L, 1, 2, 0, finish_read); - return finish_read(L); -} - -static int do_session_handshake (lua_State *L) -{ - int rc; - struct ssh_userdata *sshu; - - assert(lua_gettop(L) == 4); - - sshu = (struct ssh_userdata *) nseU_checkudata(L, 3, SSH2_UDATA, "ssh2"); - while((rc = libssh2_session_handshake(sshu->session, sshu->sp[0])) == LIBSSH2_ERROR_EAGAIN) { - luaL_getmetafield(L, 3, "filter"); - lua_pushvalue(L, 3); - lua_callk(L, 1, 0, 0, do_session_handshake); - } - - if (rc) - luaL_error(L, "Unable to complete libssh2 handshake."); - - lua_pushvalue(L, 3); - return 1; -} - -static int finish_session_open (lua_State *L) { - assert(lua_gettop(L) == 6); - if (lua_toboolean(L, -2)) { - lua_pop(L, 2); - return do_session_handshake(L); - } else { - return lua_error(L); - } -} - -/* Creates libssh2 session, connects to hostname:port and tries to perform a - * ssh handshake on socket. Returns ssh_state on success - * - * session_open(hostname, port) - */ -static int l_session_open(lua_State *L) { - int rc; - - luaL_checkint(L, 2); - - lua_settop(L, 2); - - ssh_userdata *state = (ssh_userdata *)lua_newuserdata(L, sizeof(ssh_userdata)); /* index 3 */ - assert(lua_gettop(L) == 3); - state->session = NULL; - state->sp[0] = -1; - state->sp[1] = -1; - lua_pushvalue(L, lua_upvalueindex(1)); /* metatable */ - lua_setmetatable(L, 3); - lua_newtable(L); - lua_setuservalue(L, 3); - lua_getuservalue(L, 3); /* index 4 */ - assert(lua_gettop(L) == 4); - - state->session = libssh2_session_init(); - libssh2_session_set_blocking(state->session, 0); - - if (socketpair(AF_UNIX, SOCK_STREAM, 0, state->sp) == -1) { - return nseU_safeerror(L, "trying to create socketpair"); - } - rc = fcntl(state->sp[1], F_GETFD); - if (rc == -1) - return nseU_safeerror(L, "%s", strerror(errno)); - rc |= O_NONBLOCK; - rc = fcntl(state->sp[1], F_SETFL, rc); - if (rc == -1) - return nseU_safeerror(L, "%s", strerror(errno)); - - lua_getglobal(L, "nmap"); - lua_getfield(L, -1, "new_socket"); - lua_replace(L, -2); - lua_call(L, 0, 1); - lua_setfield(L, 4, "sock"); - - lua_pushliteral(L, ""); - lua_setfield(L, 4, "sp_buff"); - - assert(lua_gettop(L) == 4); - - lua_getfield(L, 4, "sock"); - lua_getfield(L, -1, "connect"); - lua_insert(L, -2); /* swap */ - lua_pushvalue(L, 1); - lua_pushvalue(L, 2); - lua_callk(L, 3, 2, 3, finish_session_open); - return finish_session_open(L); -} - -/* Returns the SHA1 or MD5 hostkey hash of provided session or nil if it is not available - * - */ -static int l_hostkey_hash(lua_State *L) { - static int hash_option[] = {LIBSSH2_HOSTKEY_HASH_MD5, LIBSSH2_HOSTKEY_HASH_SHA1}; - static int hash_length[] = {16, 20}; - static const char *hashes[] = {"md5", "sha1", NULL}; - - luaL_Buffer B; - struct ssh_userdata *state = (struct ssh_userdata *) nseU_checkudata(L, 1, SSH2_UDATA, "ssh2"); - int type = luaL_checkoption(L, 2, "sha1", hashes); - const unsigned char *hash = (const unsigned char *) libssh2_hostkey_hash(state->session, hash_option[type]); - - if (hash == NULL) - return nseU_safeerror(L, "could not get hostkey hash"); - - luaL_buffinit(L, &B); - for (int i = 0; i < hash_length[type]; i++) { - char byte[3]; /* with space for NUL */ - snprintf(byte, sizeof(byte), "%02X", (unsigned int) hash[i]); - if (i) - luaL_addchar(&B, ':'); - luaL_addlstring(&B, byte, 2); - } - luaL_pushresult(&B); - - return 1; -} - -static int l_set_timeout(lua_State *L) { - struct ssh_userdata *state = (struct ssh_userdata *) nseU_checkudata(L, 1, SSH2_UDATA, "ssh2"); - long timeout = luaL_checklong(L, 2); - libssh2_session_set_timeout(state->session, timeout); - - return 0; -} - -/* Return list of supported authenication methods - * - */ -static int l_userauth_list(lua_State *L) { - struct ssh_userdata *state = (struct ssh_userdata *) nseU_checkudata(L, 1, SSH2_UDATA, "ssh2"); - const char *username = luaL_checkstring(L, 2); - char *auth_list; - - while((auth_list = libssh2_userauth_list(state->session, username, lua_rawlen(L, 2))) == NULL && libssh2_session_last_errno(state->session) == LIBSSH2_ERROR_EAGAIN) { - luaL_getmetafield(L, 1, "filter"); - lua_pushvalue(L, 1); - lua_callk(L, 1, 0, 0, l_userauth_list); - } - - if(auth_list) { - const char *auth = strtok(auth_list, ","); - lua_newtable(L); - do { - lua_pushstring(L, auth); - lua_rawseti(L, -2, lua_rawlen(L, -2)+1); - } while((auth = strtok(NULL, ","))); - libssh2_free(state->session, (void *)auth_list); - } else if (libssh2_userauth_authenticated(state->session)) { - lua_pushliteral(L, "none_auth"); - } else { - return ssh_error(L, state->session, "userauth_list"); - } - return 1; -} - -static int l_userauth_publickey(lua_State *L) { - int rc; - const char *username, *private_key_file, *passphrase, *public_key_file; - struct ssh_userdata *state = (struct ssh_userdata *) nseU_checkudata(L, 1, SSH2_UDATA, "ssh2"); - username = luaL_checkstring(L, 2); - private_key_file = luaL_checkstring(L, 3); - if (lua_isstring(L, 4)) { - passphrase = lua_tostring(L, 4); - } - else { - passphrase = NULL; - } - if (lua_isstring(L, 5)) { - public_key_file = lua_tostring(L, 5); - } - else { - public_key_file = NULL; - } - - while ((rc = libssh2_userauth_publickey_fromfile(state->session, username, public_key_file, private_key_file, passphrase)) == LIBSSH2_ERROR_EAGAIN) { - luaL_getmetafield(L, 1, "filter"); - lua_pushvalue(L, 1); - lua_callk(L, 1, 0, 0, l_userauth_publickey); - } - - if(rc == 0) { - lua_pushboolean(L, 1); - } else { - lua_pushboolean(L, 0); - } - return 1; - - -} - -static int l_read_publickey(lua_State *L) { - FILE *fd; - char c; - const char* publickeyfile = luaL_checkstring(L, 1); - luaL_Buffer publickey_data; - fd = fopen(publickeyfile, "r"); - if (!fd) { - luaL_error(L, "Error reading file"); - } - - luaL_buffinit(L, &publickey_data); - while(fread(&c, 1, 1, fd) && '\r' && c != '\n' && c != ' ') continue; - - while(fread(&c, 1, 1, fd) && '\r' && c != '\n' && c != ' ') { - luaL_addchar (&publickey_data, c); - } - fclose(fd); - - lua_getglobal(L, "require"); - lua_pushstring(L, "base64"); - lua_call(L, 1, 1); - lua_getfield(L, -1, "dec"); - - luaL_pushresult(&publickey_data); - lua_call(L, 1, 1); - - return 1; -} - -static int publickey_canauth_cb(LIBSSH2_SESSION *session, unsigned char **sig, size_t *sig_len, const unsigned char *data, size_t data_len, void **abstract) { - return 0; -} - -static int l_publickey_canauth(lua_State *L) { - char *errmsg; - int errlen; - int rc; - const char *username; - unsigned const char *publickey_data; - size_t len; - struct ssh_userdata *state = (struct ssh_userdata *) nseU_checkudata(L, 1, SSH2_UDATA, "ssh2"); - username = luaL_checkstring(L, 2); - if (lua_isstring(L, 3)) { - publickey_data = (unsigned const char*) lua_tolstring(L, 3, &len); - } else { - luaL_error(L, "Invalid public key"); - } - - while ((rc = libssh2_userauth_publickey(state->session, username, publickey_data, len, &publickey_canauth_cb, NULL)) == LIBSSH2_ERROR_EAGAIN) { - luaL_getmetafield(L, 1, "filter"); - lua_pushvalue(L, 1); - lua_callk(L, 1, 0, 0, l_publickey_canauth); - } - libssh2_session_last_error(state->session, &errmsg, &errlen, 0); - if(rc == LIBSSH2_ERROR_ALLOC || rc == LIBSSH2_ERROR_PUBLICKEY_UNVERIFIED) { - lua_pushboolean(L, 1); - //Username/PublicKey combination invalid - } else if(rc == LIBSSH2_ERROR_AUTHENTICATION_FAILED) { - lua_pushboolean(L, 0); - } else { - luaL_error(L, "Invalid Publickey"); - } - return 1; -} - -/* Attempts to authenticate session with provided username and password - * returns true on success and false otherwise - * - * userauth_password(state, username, password) - */ -static int l_userauth_password(lua_State *L) { - int rc; - const char *username, *password; - struct ssh_userdata *state = (struct ssh_userdata *) nseU_checkudata(L, 1, SSH2_UDATA, "ssh2"); - username = luaL_checkstring(L, 2); - password = luaL_checkstring(L, 3); - - while((rc = libssh2_userauth_password(state->session, username, password)) == LIBSSH2_ERROR_EAGAIN) { - luaL_getmetafield(L, 1, "filter"); - lua_pushvalue(L, 1); - lua_callk(L, 1, 0, 0, l_userauth_password); - } - if(rc == 0) { - lua_pushboolean(L, 1); - } else { - lua_pushboolean(L, 0); - } - return 1; -} - -static int l_session_close(lua_State *L) { - struct ssh_userdata *state = (struct ssh_userdata *) nseU_checkudata(L, 1, SSH2_UDATA, "ssh2"); - int rc; - while ((rc = libssh2_session_disconnect(state->session, "Normal Shutdown")) == LIBSSH2_ERROR_EAGAIN) { - luaL_getmetafield(L, 1, "filter"); - lua_pushvalue(L, 1); - lua_callk(L, 1, 0, 0, l_session_close); - } - - if (rc < 0) - luaL_error(L, "unable to disconnect session"); - - if (libssh2_session_free(state->session) < 0) { - luaL_error(L, "unable to free session"); - } - return 0; -} - -static const struct luaL_Reg libssh2 [] = { - {"session_open", l_session_open}, - {"hostkey_hash", l_hostkey_hash}, - {"set_timeout", l_set_timeout}, - {"userauth_list", l_userauth_list}, - {"userauth_publickey", l_userauth_publickey}, - {"read_publickey", l_read_publickey}, - {"publickey_canauth", l_publickey_canauth}, - {"userauth_password", l_userauth_password}, - {"session_close", l_session_close}, - {NULL, NULL} -}; - -static int gc (lua_State *L) -{ - struct ssh_userdata *sshu = (struct ssh_userdata *) nseU_checkudata(L, 1, SSH2_UDATA, "ssh2"); - if (sshu) { - lua_pushvalue(L, lua_upvalueindex(1)); - lua_getfield(L, -1, "session_close"); - lua_insert(L, -2); /* swap */ - lua_pcall(L, 1, 0, 0); /* if an error occurs, don't do anything */ - } - close(sshu->sp[0]); - close(sshu->sp[1]); - return 0; -} - -int luaopen_libssh2 (lua_State *L) { - lua_settop(L, 0); /* clear the stack */ - - luaL_newlibtable(L, libssh2); - - lua_newtable(L); /* ssh2 session metatable */ - lua_pushvalue(L, -1); - lua_pushcclosure(L, gc, 1); - lua_setfield(L, -2, "__gc"); - lua_pushvalue(L, -1); - lua_pushcclosure(L, filter, 1); - lua_setfield(L, -2, "filter"); - - luaL_setfuncs(L, libssh2, 1); - - if(libssh2_init(0) != 0) { - luaL_error(L, "unable to open libssh2"); - } - return 1; -} diff --git a/nse_libssh2.h b/nse_libssh2.h deleted file mode 100644 index 578696f5b..000000000 --- a/nse_libssh2.h +++ /dev/null @@ -1,8 +0,0 @@ -#ifndef LIBSSH2 - -#define LIBSSH2 -#define LIBSSH2LIBNAME "libssh2" - -LUALIB_API int luaopen_libssh2 (lua_State *L); - -#endif diff --git a/nse_main.cc b/nse_main.cc index 29b55cc27..cfc0f809b 100644 --- a/nse_main.cc +++ b/nse_main.cc @@ -20,7 +20,6 @@ #include "nse_openssl.h" #include "nse_debug.h" #include "nse_lpeg.h" -#include "nse_libssh2.h" #define NSE_MAIN "NSE_MAIN" /* the main function */ @@ -546,9 +545,6 @@ static void set_nmap_libraries (lua_State *L) {BITLIBNAME, luaopen_bit}, {LFSLIBNAME, luaopen_lfs}, {LPEGLIBNAME, luaopen_lpeg}, -#ifdef HAVE_LIBSSH2 - {LIBSSH2LIBNAME, luaopen_libssh2}, -#endif #ifdef HAVE_OPENSSL {OPENSSLLIBNAME, luaopen_openssl}, #endif diff --git a/nselib/libssh2.luadoc b/nselib/libssh2.luadoc deleted file mode 100644 index 2800761a1..000000000 --- a/nselib/libssh2.luadoc +++ /dev/null @@ -1,71 +0,0 @@ --- --- Provides a binding for the libssh2 library. --- --- SSH2 is a complex protocol and libssh2 simplifies many tasks involved in --- interacting with ssh servers. This module provides bindings for some of the --- most commonly used libssh2 functions. --- --- For perfomance reasons, the modules reuses the NSE's existing nsock socket --- pool. In order to accomplish this, libssh2 is a given a unix socket pair --- instead of a network socket. As a result, this library is *nix only at the --- current time. --- --- @author Devin Bjelland --- @copyright same as Nmap - -module "libssh2" - ---- Creates libssh2 session and performs handshake --- @param host Host to connect to. --- @param port Port to connect to. --- @return session or nil on failure -function session_open(host, port) - ---- Returns SHA1 or MD5 hostkey hash of session --- @param session Connected libssh2 session. --- @param hashtype (optional) "sha1" or "md5" (sha1 is default) --- @return hostkey hash of server -function hostkey_hash(session, hashtype) - ---- Sets timeout of libssh2 session --- @param session Connected libssh2 session. --- @param timeout Timeout for session in milliseconds. -function set_timeout(session, timeout) - ---- Returns list of authentication methods supported by the server --- @param session Connected libssh2 session. --- @return List of supported authentication methods/ -function userauth_list(session) - ---- Attempts to authenicate libssh2 session using provided credentials --- @param username Username to authenicate as. --- @param password Password to authenicate with. --- @return true/false, depending on success -function userauth_password(session, username, password) - ---- Attempts to authenticate libssh2 session using provided publickey --- @param session Connected libssh2 session --- @param username Username to authenicate as --- @param privatekeyfile File containing privatekey --- @param passphrase Passphrase for privatekey --- @param publickeyfile File containing publickey. Not necessary if libssh2 is --- compiled against OpenSSL --- @return true/false, depending on success -function userauth_publickey(session, username, privatekeyfile, passphrase publickeyfile) - ---- Read publickey from id_*.pub type key file --- @param publickeyfile File containing publickey --- @return string containing raw key data -function read_publickey(publickeyfile) - ---- Checks to see if ssh server accepts public key for authentication as given user. --- This doesn't require the private key as it doesn't finish authenticating. --- @param session Connected libssh2 session --- @param username Username to authenicate as --- @param publickeydata String containing raw publickey blob --- @return true/false, depending on whether user can authenticate with given key -function publickey_canauth(session, username, publickeydata) - ---- Gracefully closes connected libssh2 session --- @param session Connected libssh2 session -function session_close(session) diff --git a/nselib/ssh1.lua b/nselib/ssh1.lua index 2cdb49d85..0d4d67268 100644 --- a/nselib/ssh1.lua +++ b/nselib/ssh1.lua @@ -112,12 +112,6 @@ fetch_host_key = function(host, port) end end ---- Returns key fingerprint in hexadecimal -fingerprint = function( hostkey ) - local fingerprint = openssl.md5(hostkey) - return stdnse.tohex(fingerprint,{separator=":",group=2}) -end - --- Format a key fingerprint in hexadecimal. -- @param fingerprint Key fingerprint. -- @param algorithm Key algorithm. diff --git a/scripts/script.db b/scripts/script.db index 379c04511..bfa9c94b3 100644 --- a/scripts/script.db +++ b/scripts/script.db @@ -433,7 +433,6 @@ Entry { filename = "socks-auth-info.nse", categories = { "default", "discovery", Entry { filename = "socks-brute.nse", categories = { "brute", "intrusive", } } Entry { filename = "socks-open-proxy.nse", categories = { "default", "discovery", "external", "safe", } } Entry { filename = "ssh-hostkey.nse", categories = { "default", "discovery", "safe", } } -Entry { filename = "ssh-vuln-hostkey.nse", categories = { "default", "discovery", "safe", } } Entry { filename = "ssh2-enum-algos.nse", categories = { "discovery", "safe", } } Entry { filename = "sshv1.nse", categories = { "default", "safe", } } Entry { filename = "ssl-ccs-injection.nse", categories = { "safe", "vuln", } } diff --git a/scripts/ssh-auth-methods.nse b/scripts/ssh-auth-methods.nse deleted file mode 100644 index 5a5a5f3ab..000000000 --- a/scripts/ssh-auth-methods.nse +++ /dev/null @@ -1,37 +0,0 @@ -local shortport = require "shortport" -local stdnse = require "stdnse" -local libssh2 = stdnse.silent_require "libssh2" - -description = [[ -Returns authenication methods a ssh server supports. -]] - ---- --- @usage --- nmap -p 22 --script ssh-auth-methods --script-args="ssh.user=" --- --- @output --- 22/tcp open ssh syn-ack --- | ssh-auth-methods: --- | Supported authentication methods: --- | publickey --- |_ password - -author = "Devin Bjelland" -license = "Same as Nmap--See http://nmap.org/book/man-legal.html" - -local username = stdnse.get_script_args("ssh.user") or stdnse.generate_random_string(5) -portrule = shortport.port_or_service(22, 'ssh') - -categories = {"safe"} - -action = function (host, port) - local result = stdnse.output_table() - - local session = libssh2.session_open(host, port.number) - local authmethods = libssh2.userauth_list(session, username) - - result["Supported authentication methods"] = authmethods - - return result -end diff --git a/scripts/ssh-brute.nse b/scripts/ssh-brute.nse deleted file mode 100644 index e1654d8f9..000000000 --- a/scripts/ssh-brute.nse +++ /dev/null @@ -1,118 +0,0 @@ -local shortport = require "shortport" -local stdnse = require "stdnse" -local brute = require "brute" - -local libssh2 = stdnse.silent_require "libssh2" - -description = [[ -Performs brute-force password guessing against ssh servers. -]] - ---- --- @usage --- nmap -p 22 --script ssh-brute --script-args userdb=users.lst,passdb=pass.lst \ --- --script-args ssh-brute.timeout=4s --- --- @output --- 22/ssh open ssh --- | ssh-brute: --- | Accounts --- | username:password --- | Statistics --- |_ Performed 32 guesses in 25 seconds. --- --- @args ssh-brute.timeout Connection timeout (default: "5s") - -author = "Devin Bjelland" -license = "Same as Nmap--See http://nmap.org/book/man-legal.html" -categories = {'brute', 'intrusive'} - -portrule = shortport.port_or_service(22, 'ssh') - -local arg_timeout = stdnse.get_script_args(SCRIPT_NAME .. ".timeout") or "5s" - -Driver = { - new = function(self, host, port, options) - stdnse.debug(2, "creating brute driver") - local o = {} - setmetatable(o, self) - self.__index = self - o.host = host - o.port = port - o.options = options - return o - end, - - connect = function (self) - stdnse.debug(2, "connecting to %s:%d", self.host.ip, self.port.number) - local status, session, err = pcall(libssh2.session_open, self.host, self.port.number) - if not status then - stdnse.debug(2, "libssh2 error: %s", session) - local err = brute.Error:new(session) - err:setAbort(true) - return false, err - elseif not session then - stdnse.debug(2, "failure to connect: %s", err); - local err = brute.Error:new(err) - err:setAbort(true) - return false, err - else - self.ssh_session = session - libssh2.set_timeout(self.ssh_session, self.options.ssh_timeout) - return true - end - end, - - disconnect = function(self) - stdnse.debug(2, "disconnecting from %s:%d", self.host.ip, self.port.number); - local status, err = pcall(libssh2.session_close, self.ssh_session) - if not status then - stdnse.debug(2, "libssh2 error: %s", ok) - end - end, - - login = function(self, username, password) - stdnse.verbose(2, "Trying username/password pair: %s:%s", username, password) - local status, ok = pcall(libssh2.userauth_password, self.ssh_session, username, password) - if not status then - stdnse.debug(2, "libssh2 error: %s", ok) - return false, brute.Error:new(ok) - elseif not ok then - stdnse.debug(2, "login failed for %s:%s", username, password) - return false, brute.Error:new("login failed") - else - stdnse.verbose(1, "Found working Credentials: %s:%s", username, password) - return true, brute.Account:new(username, password, "OPEN") - end - end, -} - -password_auth_allowed = function (host, port) - local status, ssh_session = pcall(libssh2.session_open, host, port.number) - if status and ssh_session then - local status, methods = pcall(libssh2.userauth_list, ssh_session, "root") - if status then - for _, value in pairs(methods) do - if value == "password" then - return true - end - end - end - end - return false -end - -action = function (host, port) - local timems = stdnse.parse_timespec(arg_timeout) --todo: use this! - local ssh_timeout = 1000 * timems - if password_auth_allowed(host, port) then - local options = {ssh_timeout = ssh_timeout} - local engine = brute.Engine:new(Driver, host, port, options) - engine.options.script_name = SCRIPT_NAME - local _, result = engine:start() - return result - else - return "Password authenication not allowed" - end -end - diff --git a/scripts/ssh-vuln-hostkey.nse b/scripts/ssh-vuln-hostkey.nse deleted file mode 100644 index 62d1c453a..000000000 --- a/scripts/ssh-vuln-hostkey.nse +++ /dev/null @@ -1,128 +0,0 @@ -local shortport = require "shortport" -local ssh2 = require "ssh2" -local ssh1 = require "ssh1" -local stdnse = require "stdnse" - -local io = require "io" -local string = require "string" -local table = require "table" - -description = [[ -Checks if ssh server has a predictable hostkey by checking it against a list of fingerprints -generated by HD Moore. You have to download these hostkeys separately and specify their directory -as the fingerprintdir variable. The keys are available at http://itsecurity.net/debian_ssh_scan_v4.tar.bz2. Additionally, you can specify a file ssh hostkey fingerprints, one per line, and the scripts will report if the hostkey matches one of the provided fingerprints. -]] - ---- --- @usage --- nmap -p 22 --script ssh-vuln-hostkey \ --- --script-args fingerprintdir= --- --- @output --- --- 22/tcp open ssh syn-ack --- | ssh-vuln-hostkey: --- | Weak hostkeys: --- |_ 2048 6d:cd:2a:8b:dc:3e:e0:92:00:47:59:16:8c:8b:17:70 (RSA) --- --- --- @usage --- -- nmap -p 22 --script ssh-vuln-hostkey \ --- --script-args fingerprintfile= --- --- @output --- --- 22/tcp open ssh syn-ack --- | ssh-vuln-hostkey: --- | Listed hostkeys: --- |_ 2048 6d:cd:2a:8b:dc:3e:e0:92:00:47:59:16:8c:8b:17:70 (RSA) --- --- @args fingerprintdir Directory containing vulnerable fingerprints --- @args fingerprintfile File containing fingerprints to check against --- - -author = "Devin Bjelland" - -license = "Same as Nmap--See http://nmap.org/book/man-legal.html" -categories = {"safe","default","discovery"} - -dependencies = {"ssh-hostkey"} - -portrule = shortport.port_or_service(22, 'ssh') - -local fingerprintdir = stdnse.get_script_args("fingerprintdir") -local fingerprintfile = stdnse.get_script_args("fingerprintfile") - -action = function (host, port) - local key - local keys = {} - local r = stdnse.output_table() - local w = {} - local listed_hostkeys = {} - local found_listed_key - local found_weak_key - - if nmap.registry.sshhostkey and nmap.registry.sshhostkey[host.ip] then - keys = nmap.registgry.sshhostkey[host.ip] - else - key = ssh2.fetch_host_key( host, port, "ssh-rsa" ) - if key then table.insert( keys, key ) end - - key = ssh2.fetch_host_key( host, port, "ssh-dss" ) - if key then table.insert( keys, key ) end - end - - for _,key in ipairs(keys) do - local fingerprint = stdnse.tohex(key.fingerprint) - stdnse.debug("fingerprint: " .. fingerprint) - if fingerprintdir then - if key.key_type == "ssh-rsa" then - for line in io.lines(fingerprintdir .. "ssh_rsa_" .. key.bits .. "_keys.txt") do - local stripped_line = string.gsub(line, "-.*", "") - if stripped_line == fingerprint then - found_weak_key = true - stdnse.verbose("Found weak hostkey: " .. ssh1.fingerprint_hex(key.fingerprint, key.algorithm, key.bits)) - table.insert(w, ssh1.fingerprint_hex(key.fingerprint, key.algorithm, key.bits)) - end - end - elseif key.key_type == "ssh-dss" and key.bits == "1024" then - for line in io.lines(fingerprintdir .. "ssh_dsa_1024_keys.txt", "r") do - local stripped_line = string.gsub(line, "-.*", "") - if stripped_line == fingerprint then - found_weak_key = true - stdnse.verbose("Found weak hostkey: " .. ssh1.fingerprint_hex(key.fingerprint, key.algorithm, key.bits)) - table.insert(w, ssh1.fingerprint_hex(key.fingerprint, key.algorithm, key.bits)) - end - end - end - end - if fingerprintfile then - for line in io.lines(fingerprintfile) do - local stripped_line = string.gsub(line, ":", "") - if stripped_line == fingerprint then - found_listed_key = true - table.insert(listed_hostkeys, ssh1.fingerprint_hex(key.fingerprint, key.algorithm, key.bits)) - stdnse.verbose("Found hostkey on list:" .. ssh1.fingerprint_hex(key.fingerprint, key.algorithm, key.bits)) - end - end - end - end - - if not found_weak_key then - w = "No weak hostkeys found" - end - - if not found_listed_key then - list_hostkey = "No listed hostkeys found" - end - - if fingerprintdir then - r["Weak hostkeys"] = w - end - - if fingerprintfile then - r["Listed hostkeys"] = listed_hostkeys - end - - return r -end