sshprank icon indicating copy to clipboard operation
sshprank copied to clipboard

Published 20 hours ago verified publisher icon noptrix

unreliable results

Open TwinTechSolutions opened this issue 4 years ago • 7 comments

Hi , I used my own shodan api keys ,

i got theses in owned 148.244.67.69:22:root:root 78.134.3.86:22:root:root 174.98.52.139:22:root:root 174.98.110.179:22:root:root 171.103.80.7:22:root:root

but couldnt connect

TwinTechSolutions avatar Jun 29 '20 12:06 TwinTechSolutions

@TwinTechSolutions thx. will work on this

noptrix avatar Jan 19 '21 00:01 noptrix

This is due to not checking for being really logged in with e.g. "id" or the like but simply relying on not getting "Access denied" back. This is a poor approach, because nowadays most SSHs have asynchronous behavior and send for example strings like "Copyright by Sonicwall" etc. back, which the script interprets as success. The -e switch is not working and together with the just mentioned issues producing a long list of owned.txt entries with various user:pass combos for the same host. Sending commands via -c inline or - as described - "line by line" doesn't seem to work at all.

I've tried to use this tool in a CTF red teaming scenario and it was honestly unusable.

If I find some time on weekend, I'll do a put request in the next week.

TormentedSoul666 avatar May 13 '21 12:05 TormentedSoul666 

"[*] found a login (check owned.txt)
[+] sending ssh commands from payload
Exception in thread Thread-228922:
Traceback (most recent call last):
  File "/usr/lib/python3.8/threading.py", line 932, in _bootstrap_inner
    self.run()ultiple targets
  File "/usr/local/lib/python3.8/dist-packages/paramiko/transport.py", line 2154, in run
    self.packetizer.close()ts
  File "/usr/local/lib/python3.8/dist-packages/paramiko/packet.py", line 207, in close
    self.__socket.close()gets
  File "/usr/lib/python3.8/socket.py", line 500, in close
    self._real_close()targets
  File "/usr/lib/python3.8/socket.py", line 494, in _real_close
    _ss.close(self)le targets
OSError: [Errno 9] Bad file descriptor"

Seems to have the same source of issue

TormentedSoul666 avatar May 13 '21 12:05 TormentedSoul666

@TormentedSoul666 yes, i know. PR would be nice, thanks. in any case, i will fix most of the things mentioned in all issues.

noptrix avatar May 13 '21 16:05 noptrix

@noptrix I'll have some time next week and take a look at threading (The high RAM usage is probably due to loading all file contents at once and not using a queue), why the -e doesn't exclude the host when already pwned, fine tune the pwned detection a bit by not relying on the Paramiko exception and look into why it's not sending the payload correctly.

Anyways: Awesome idea and so far very good approach. Sorry for my other rage post, I was in the middle of a paid job and got a little frustrated.

TormentedSoul666 avatar May 13 '21 18:05 TormentedSoul666

@TormentedSoul666 thank you. no worries, all fine:) i will also start working on it... cheers

noptrix avatar May 13 '21 19:05 noptrix

This is still a issue, anyone know any good alternative tools to use?

Silentassassin22 avatar Mar 21 '23 20:03 Silentassassin22