PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-27 18:09:01 +00:00
Code Issues Projects Releases Wiki Activity

Prevent SSH2 KEX confusion. Fixes #2105

Browse Source
This commit is contained in:
nnposter
2020-08-16 21:18:01 +00:00
parent d6877eb7b7
commit 2e010296af
2 changed files with 7 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
nselib/ssh2.lua
View File

@@ -194,7 +194,7 @@ fetch_host_key = function( host, port, key_type )
local packet = transport.build( transport.kex_init( {
host_key_algorithms=key_type,
kex_algorithms="diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256",
kex_algorithms="diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,diffie-hellman-group14-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256",
} ) )
status = socket:send( packet )
if not status then socket:close(); return end
@@ -213,6 +213,9 @@ fetch_host_key = function( host, port, key_type )
local kex_algs = tostring( kex_init.kex_algorithms )
local kexdh_gex_used = false
local prime, q, gen
-- NB: For each KEX prefix used here, make sure that all corresponding
-- algorithms are listed in the transport.kex_init() call above.
-- Otherwise this code might proceed with an incorrect KEX.
if kex_algs:find("diffie-hellman-group1-", 1, true) then
prime = prime2
q = 1024