nmap
stack smashing errors with SSH and MySQL modules in Ubuntu 16.04 box
I get segmentation fault errors when trying the SSH and MySQL modules against a Ubuntu 16.04 box.
# ncrack --user root mysql://127.0.0.1 -d9 -v
Fetchfile found /usr/local/share/ncrack/default.pwd
Starting Ncrack 0.5 ( http://ncrack.org ) at 2016-04-25 11:34 PDT
mysql://127.0.0.1:3306 (EID 1) Initiating new Connection
mysql://127.0.0.1:3306 pushed to list FULL
*** stack smashing detected ***: ncrack terminated
Aborted (core dumped)
/ncrack-0.5# ncrack --user admin --pass admin 127.0.0.1:22 -d9 -v
Starting Ncrack 0.5 ( http://ncrack.org ) at 2016-04-25 11:31 PDT
ssh://127.0.0.1:22 (EID 1) Initiating new Connection
ssh://127.0.0.1:22 pushed to list FULL
Discovered credentials on ssh://127.0.0.1:22 'admin' 'admin'
ssh://127.0.0.1:22 popped from list FULL
ssh://127.0.0.1:22 (EID 1) Attempts: total 1 completed 1 supported 1 --- rate 12.52
ssh://127.0.0.1:22 (EID 2) Initiating new Connection
ssh://127.0.0.1:22 (EID 3) Initiating new Connection
ssh://127.0.0.1:22 (EID 4) Initiating new Connection
ssh://127.0.0.1:22 (EID 5) Initiating new Connection
ssh://127.0.0.1:22 (EID 6) Initiating new Connection
ssh://127.0.0.1:22 (EID 7) Initiating new Connection
ssh://127.0.0.1:22 (EID 8) Initiating new Connection
ssh://127.0.0.1:22 (EID 9) Initiating new Connection
ssh://127.0.0.1:22 (EID 10) Initiating new Connection
ssh://127.0.0.1:22 (EID 11) Initiating new Connection
ssh://127.0.0.1:22 pushed to list FULL
Segmentation fault (core dumped)
Any ideas?
Could you please run Ncrack with gdb and print a stack trace? Thanks $ gdb ncrack (gdb) run --user root mysql://127.0.0.1 -d9 -v ... (seg fault) (gdb) i s (gdb) i f
(gdb) run Starting program: /usr/local/bin/ncrack --user root mysql://127.0.0.1 -d9 -v Fetchfile found /usr/local/share/ncrack/default.pwd
Starting Ncrack 0.5 ( http://ncrack.org ) at 2016-04-25 17:22 PDT
mysql://127.0.0.1:3306 (EID 1) Initiating new Connection mysql://127.0.0.1:3306 pushed to list FULL *** stack smashing detected ***: /usr/local/bin/ncrack terminated
Program received signal SIGABRT, Aborted.
0x00007ffff6ade418 in __GI_raise (sig=sig@entry=6)
at ../sysdeps/unix/sysv/linux/raise.c:54
54 ../sysdeps/unix/sysv/linux/raise.c: No such file or directory.
(gdb) i s
#0 0x00007ffff6ade418 in __GI_raise (sig=sig@entry=6)
at ../sysdeps/unix/sysv/linux/raise.c:54
#1 0x00007ffff6ae001a in __GI_abort () at abort.c:89
#2 0x00007ffff6b2072a in __libc_message (do_abort=do_abort@entry=1,
fmt=fmt@entry=0x7ffff6c37c7f "*** %s ***: %s terminated\n")
at ../sysdeps/posix/libc_fatal.c:175
#3 0x00007ffff6bc189c in __GI___fortify_fail (msg=
I'm having a similar / the same issue.
I ran ncrack with three usernames and four passwords.
After a successful login, It does a "popped from list FULL" and then "pushed to list FULL". Between those operations the last password in my password array get turned to NULL or random bits.
I ran a scan 10 times with the same options and got these three different endings.
ssh://x:22 pushed to list FULL
Segmentation fault
---
ssh://x:22 pushed to list FULL
appendToPool: tried to append NULL password into pair pool
QUITTING!
---
ssh://x:22 pushed to list FULL
ssh://x:22 Pool: Append 'username-2' 'x«À'
ssh://x:22 (EID 24) closed on us in the middle of authentication!
ssh://x:22 (EID 24) Connection closed by peer
ssh://x:22 (EID 24) Dropping connection limit due to connection error to: 45
ssh://x:22 (EID 24) Attempts: total 5 completed 4 supported 4 --- rate 0.68
Segmentation fault
If I specify the -f option I do not hit this issue as often.
Please let me know if you need anything else.
FYI -- I'm seeing this same issue running against a single username, a list of 5 passwords and a list of hosts. Appears to get through some of the hosts and then segfaults, but other times it wont get through any and segfaults.
Running on the official kali docker image.
