zgrab2 icon indicating copy to clipboard operation
zgrab2 copied to clipboard
verified publisher icon zmap

>=2 `ssh` sections in multiple ini file will cause fatal error and program exit

Open secmobi opened this issue 6 years ago • 2 comments

When using multiple module and the ini file contains two or more ssh section, the zgrab2 will exit with error message of:

FATA[0000] host key algorithm not supported: ""

By my understanding, the multiple module is designed to support this use case (more than one sections with the same name). See zflags: ini.go#L603.

The problem was caused by that, when the 2nd ssh section's command was constructed, its option host-key-algorithms 's default value was not set properly. Therefore this value will become empty when ssh.Scan was invoked.

I also read some of zflags code and still have no idea about the root cause.

secmobi avatar Mar 01 '19 17:03 secmobi

We ran into the same issue. If I use a ini file like this:

[ssh]
trigger="tag0"
name="ssh22"
port=22
[ssh]
trigger="tag1"
name="ssh2222"
port=2222

The values for s.config.HostKeyAlgorithms, s.config.KexAlgorithms and s.config.Ciphers are only set for the tag0 scan. The check on lines 103-111 in modules/ssh.go will fail.

A simple workaround is to patch out the checks or change line 104,107 and 110 to

log.Info(err)

It will still give correct output. I have not been able to find the root cause. It may be in the init() function of ssh.go and how the values of s.config.HostKeyAlgorithms, s.config.KexAlgorithms and s.config.Ciphers are set.

s := ssh.MakeSSHConfig() //dummy variable to get default for host key, kex algorithm, ciphers cmd.FindOptionByLongName("host-key-algorithms").Default = []string{strings.Join(s.HostKeyAlgorithms, ",")}
cmd.FindOptionByLongName("kex-algorithms").Default = []string{strings.Join(s.KeyExchanges, ",")}
cmd.FindOptionByLongName("ciphers").Default = []string{strings.Join(s.Ciphers, ",")}

espegro avatar Nov 18 '21 13:11 espegro

I solve this problem by way: set default kex-algorithms,kex-algorithms and ciphers in multiple.ini

example: [ssh] trigger="tag0" name="ssh22" host-key-algorithms="[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-rsa,ssh-dss,ssh-ed25519" port=22 kex-algorithms="[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1" ciphers="aes128-ctr,aes192-ctr,aes256-ctr,[email protected],arcfour256,arcfour128" [ssh] trigger="tag1" name="ssh2222" host-key-algorithms="[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-rsa,ssh-dss,ssh-ed25519" port=2222 kex-algorithms="[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1" ciphers="aes128-ctr,aes192-ctr,aes256-ctr,[email protected],arcfour256,arcfour128"

ljj007nb avatar Apr 12 '22 02:04 ljj007nb