PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-06 04:31:29 +00:00
Code Issues Projects Releases Wiki Activity

Handle libssh2 errors on connect. Closes #2616. Fixes #1014

Browse Source
This commit is contained in:
dmiller
2024-10-04 18:21:25 +00:00
parent b507356091
commit f1325d7c6f
5 changed files with 22 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
scripts/ssh-auth-methods.nse
View File

@@ -41,8 +41,9 @@ portrule = shortport.ssh
function action (host, port)
local result = stdnse.output_table()
local helper = libssh2_util.SSHConnection:new()
if not helper:connect(host, port) then
return "Failed to connect to ssh server"
local status, err = helper:connect_pcall(host, port)
if not status then
return "Failed to connect to ssh server: " .. err
end
local authmethods = helper:list(username)

10
scripts/ssh-brute.nse
View File

@@ -82,9 +82,7 @@ Driver = {
local function password_auth_allowed (host, port)
local helper = libssh2_util.SSHConnection:new()
if not helper:connect(host, port) then
return "Failed to connect to ssh server"
end
helper:connect(host, port) -- throws error on failure
local methods = helper:list "root"
if methods then
for _, value in pairs(methods) do
@@ -99,7 +97,11 @@ end
function action (host, port)
local timems = stdnse.parse_timespec(arg_timeout) --todo: use this!
local ssh_timeout = 1000 * timems
if password_auth_allowed(host, port) then
local connected, auth_status = pcall(password_auth_allowed, host, port)
if not connected then
return "Failed to connect to ssh server: " .. auth_status
end
if auth_status then
local options = {
ssh_timeout = ssh_timeout,
}

13
scripts/ssh-publickey-acceptance.nse
View File

@@ -61,12 +61,12 @@ function action (host, port)
local status, result = helper:read_publickey(publickeys[i])
if not status then
stdnse.verbose("Error reading key: " .. result)
elseif helper:connect(host, port) then
elseif helper:connect_pcall(host, port) then
successes = successes + 1
local status, err = helper:publickey_canauth(usernames[j], result)
if status then
table.insert(r, "Key " .. publickeys[i] .. " accepted for user " .. usernames[j])
stdnse.verbose("Found accepted key: " .. publickeys[i] .. " for user " .. usernames[j])
stdnse.verbose("Found accepted key: " .. publickeys[i] .. " for user " .. usernames[j] .. " on host " .. host.ip .. ":" .. port.number)
elseif err then
stdnse.debug("Error in publickey_canauth: %s", err)
end
@@ -100,7 +100,7 @@ function action (host, port)
local msg = sections[3]
stdnse.debug("Checking key: " .. key .. " for user " .. user)
key = base64.dec(key)
if helper:connect(host, port) then
if helper:connect_pcall(host, port) then
successes = successes + 1
if helper:publickey_canauth(user, key) then
table.insert(r, msg)
@@ -128,14 +128,13 @@ function action (host, port)
for j = 1, #usernames do
for i = 1, #privatekeys do
stdnse.debug("Checking key: " .. privatekeys[i] .. " for user " .. usernames[j])
if helper:connect(host, port) then
if helper:connect_pcall(host, port) then
successes = successes + 1
if not helper:publickey_auth(usernames[j], privatekeys[i], passphrases[i] or "") then
stdnse.verbose "Failed to authenticate"
stdnse.verbose("Failed to authenticate key " .. privatekeys[i] .. " for user " .. usernames[j] .. " on host " .. host.ip .. ":" .. port.number)
else
table.insert(r, "Key " .. privatekeys[i] .. " accepted for user " .. usernames[j])
stdnse.verbose("Found accepted key: " .. privatekeys[i] .. " for user " .. usernames[j])
stdnse.verbose("Found accepted key: " .. privatekeys[i] .. " for user " .. usernames[j] .. " on host " .. host.ip .. ":" .. port.number)
end
helper:disconnect()
else

5
scripts/ssh-run.nse
View File

@@ -61,8 +61,9 @@ end
function action (host, port)
local conn = libssh2_util.SSHConnection:new()
if not conn:connect(host, port) then
return "Failed to connect to ssh server"
local status, err = helper:connect_pcall(host, port)
if not status then
return "Failed to connect to ssh server: " .. err
end
if username and password and cmd then
if not conn:password_auth(username, password) then