CVE-2018-15473-Exploit icon indicating copy to clipboard operation
CVE-2018-15473-Exploit copied to clipboard

Published 20 hours ago verified publisher icon Rhynorater

TypeError: 'property' object is not subscriptable

Open r3k2 opened this issue 6 years ago • 7 comments 

python3.7 sshUsernameEnumExploit.py
Traceback (most recent call last):
  File "sshUsernameEnumExploit.py", line 33, in <module>
    old_parse_service_accept = paramiko.auth_handler.AuthHandler._handler_table[paramiko.common.MSG_SERVICE_ACCEPT]
TypeError: 'property' object is not subscriptable

r3k2 avatar Nov 16 '18 06:11 r3k2

What version of your paramiko package ?

I solved this by installing paramiko to version 2.4.1

Take a look at this commit. f8dc16b

harsxv avatar Nov 23 '18 14:11 harsxv

In paramiko since 2.4.2_handler_table is a property object, not dictionary. It changes after fixing https://github.com/paramiko/paramiko/issues/1283 in https://github.com/paramiko/paramiko/commit/56c96a659658acdbb873aef8809a7b508434dcce

Because in this test paramiko used in client mode, I just changed _handler_table to _client_handler_table. Then test works properly.

old_parse_service_accept = paramiko.auth_handler.AuthHandler._client_handler_table[paramiko.common.MSG_SERVICE_ACCEPT] ... paramiko.auth_handler.AuthHandler._client_handler_table[paramiko.common.MSG_SERVICE_ACCEPT] = malform_packet paramiko.auth_handler.AuthHandler._client_handler_table[paramiko.common.MSG_USERAUTH_FAILURE] = call_error

agentgoblin avatar Dec 27 '18 10:12 agentgoblin

What version of your paramiko package ?

I solved this by installing paramiko to version 4.2.1

Take a look at this commit. f8dc16b change it to 2.4.1

Walidhossain010 avatar Nov 13 '19 17:11 Walidhossain010

I solved this by installing paramiko to version 4.2.1

change it to 2.4.1

I installed paramiko using three commands:

pip.exe install paramiko
pip3.exe install paramiko
pip3.7.exe install paramiko

It installs the latest release 2.7.1 but I still face the same issue: Error: ss

Is version2.4.1 required specifically?

Kindly help me. Thanks.

0xsunil avatar May 12 '20 07:05 0xsunil

@0xsunil

I'm running Python 3.6.8 and Paramiko 2.7.1. The pull request above has not been rolled in, yet.

$ python3 ./sshUsernameEnumExploit.py -h
Traceback (most recent call last):
  File "./sshUsernameEnumExploit.py", line 33, in <module>
    old_parse_service_accept = paramiko.auth_handler.AuthHandler._handler_table[paramiko.common.MSG_SERVICE_ACCEPT]
TypeError: 'property' object is not subscriptable

Make the changes above (see 93607da)

And your script will run:

$ python3 ./sshUsernameEnumExploit.py -h
usage: sshUsernameEnumExploit.py [-h] [--port PORT] [--threads THREADS]
                                 [--outputFile OUTPUTFILE]
                                 [--outputFormat {list,json,csv}]
                                 (--username USERNAME | --userList USERLIST)
                                 hostname

positional arguments:
  hostname              The target hostname or ip address

optional arguments:
  -h, --help            show this help message and exit
  --port PORT           The target port
  --threads THREADS     The number of threads to be used
  --outputFile OUTPUTFILE
                        The output file location
  --outputFormat {list,json,csv}
                        The output file location
  --username USERNAME   The single username to validate
  --userList USERLIST   The list of usernames (one per line) to enumerate
                        through

519seven avatar Jul 06 '20 18:07 519seven

sed -i 's/_handler_table/_client_handler_table/g' sshUsernameEnumExploit.py

Daviey avatar Mar 05 '21 16:03 Daviey

I used the suggestion of @519seven above (93607da) and installed paramiko 2.12.0 (@harsxv) and fixed the issue. Only doing one of them, didn't solve the problem.

jithesh82 avatar Oct 31 '23 21:10 jithesh82