PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-06 04:31:29 +00:00
Code Issues Projects Releases Wiki Activity

ssh-brute: enable keyboard-interactive auth if necessary

Browse Source
This commit is contained in:
dmiller
2025-06-12 23:24:36 +00:00
parent 9faa841afd
commit 8d66c7fbd4
2 changed files with 19 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
nselib/brute.lua
View File

@@ -470,13 +470,13 @@ Error = {
self.done = b self.done = b
end, end,
-- Marks the username as invalid, aborting further guessing. --- Marks the username as invalid, aborting further guessing.
-- @param username -- @param username
setInvalidAccount = function (self, username) setInvalidAccount = function (self, username)
self.invalid_account = username self.invalid_account = username
end, end,
-- Checks if the error reported the account as invalid. --- Checks if the error reported the account as invalid.
-- @return username string containing the invalid account -- @return username string containing the invalid account
isInvalidAccount = function (self) isInvalidAccount = function (self)
return self.invalid_account return self.invalid_account

41
scripts/ssh-brute.nse
View File

@@ -2,6 +2,7 @@ local shortport = require "shortport"
local stdnse = require "stdnse" local stdnse = require "stdnse"
local brute = require "brute" local brute = require "brute"
local creds = require "creds" local creds = require "creds"
local tableaux = require "tableaux"
local libssh2_util = require "libssh2-utility" local libssh2_util = require "libssh2-utility"
@@ -68,11 +69,25 @@ Driver = {
login = function (self, username, password) login = function (self, username, password)
stdnse.verbose(1, "Trying username/password pair: %s:%s", username, password) stdnse.verbose(1, "Trying username/password pair: %s:%s", username, password)
local status, resp = self.helper:password_auth(username, password) local status, methods = self.helper:login(username, password)
if status then if status then
return true, creds.Account:new(username, password, creds.State.VALID) return true, creds.Account:new(username, password, creds.State.VALID)
end end
return false, brute.Error:new "Incorrect password" local err = brute.Error:new "Auth failed"
local valid = false
if methods then
for _, m in ipairs(methods) do
if m == "password" or m == "keyboard-interactive" then
valid = true
break
end
end
end
if not valid then
-- give up on user
err:setInvalidAccount(username)
end
return false, err
end, end,
disconnect = function (self) disconnect = function (self)
@@ -80,28 +95,9 @@ Driver = {
end, end,
} }
local function password_auth_allowed (host, port)
local helper = libssh2_util.SSHConnection:new()
helper:connect(host, port) -- throws error on failure
local methods = helper:list "root"
if methods then
for _, value in pairs(methods) do
if value == "password" then
return true
end
end
end
return false
end
function action (host, port) function action (host, port)
local timems = stdnse.parse_timespec(arg_timeout) --todo: use this! local timems = stdnse.parse_timespec(arg_timeout) --todo: use this!
local ssh_timeout = 1000 * timems local ssh_timeout = 1000 * timems
local connected, auth_status = pcall(password_auth_allowed, host, port)
if not connected then
return "Failed to connect to ssh server: " .. auth_status
end
if auth_status then
local options = { local options = {
ssh_timeout = ssh_timeout, ssh_timeout = ssh_timeout,
} }
@@ -109,7 +105,4 @@ function action (host, port)
engine.options.script_name = SCRIPT_NAME engine.options.script_name = SCRIPT_NAME
local _, result = engine:start() local _, result = engine:start()
return result return result
else
return "Password authentication not allowed"
end
end end