Comments (5)
Hi @agibson2 - added this feature. Thank you.
from cve-2024-6387_check.
Thanks for looking at implementing the feature. Testing and looking at the code though, The sleep is happening before the socket is opened so the sleep isn't testing the connection to see if the socket times out.
I ended up doing something like this to get something workable... I basically set a socket timeout 4 second longer than what user specifies on --grace-time-check parameter. I set a start time (time.time()) to keep track of when the socket was opened so that when I set the timeout later on on a recv(), I can adjust to to be exactly the right time from the initial start of the socket connection instead of starting from the recv() call. I do a call to get/flush the banner receive buffer which takes some time. I then do a recv to wait on the socket so that any server close will immediately return or timeout occurs. It is wrapped in a try except to check to see if the socket timeout occurred on the return of the recv(). If the timeout did not occur then the server likely closed the connection which means LoginGraceTime is not set to 0 on the server. I also added a likely not vulnerable section for it. I don't do a try catch on the banner flush on the second connection to test the grace period so it could still use some work. Likely other errors on the socket might have unexpected results too as I am only checking for timeout error. SInce you are doing more error checking for the first banner socket though, The second should be less likely to have problems I would think.
🛡️ Servers not vulnerable: 2
[+] Server at 192.168.1.20:22 (running SSH-2.0-OpenSSH_for_Windows_8.6)
[+] Server at 192.168.1.31:22 (running SSH-2.0-OpenSSH_7.9p1 Raspbian-10)
🛡️ Servers likely not vulnerable (possible LoginGraceTime remediation): 1
[+] Server at 192.168.1.127:22 (running SSH-2.0-OpenSSH_9.6 False negative possible depending on LoginGraceTime)
🚨 Servers likely vulnerable: 1
[+] Server at 192.168.1.1:22 (running SSH-2.0-OpenSSH_9.3) Version vulnerable and LoginGraceTime remediation not done (Session was closed by server at 30.009 seconds)
I put code here...
https://github.com/agibson2/CVE-2024-6387_Check/tree/main
from cve-2024-6387_check.
Lovely, thanks so much and makes sense. Do you prefer you making a merge request or shall I adapt your code and implement it with "Co-Author"?
from cve-2024-6387_check.
I added the pull request. Not sure if you like all the changes that I made though. Totally change it to something else or just accept parts of the changes. Doesn't matter to me. My changes likely could use some more socket error checking to be more robust for unexpected errors (especially for the call grace-time-check where the banner message is recv()'d and thrown away). Socket programming is not something I mess with much though and it works as is for me and the testing that I did with it.
Ideally the code to do the grace check would maybe best wrapped in the initial get_ssh_banner() function so that the code doesn't have to connect twice to get the banner and then test the timeout. I am sure you decided that it just isn't worth the effort to do that though.
from cve-2024-6387_check.
Thank you @agibson2
from cve-2024-6387_check.
Related Issues (20)
- Please add a license HOT 1
- Will bring false positives, read Ubuntu and Debian's updates HOT 4
- Requires Python 3.6 or newer HOT 1
- Why contacting open ports twice?
- Hardoded port number in summary report message
- Invalid non-printable character line 40 HOT 2
- OSError: [Errno 24] Too many open files HOT 2
- OSError: [Errno 24] Too many open files HOT 2
- Failed to retrieve SSH banner HOT 6
- How to scan IPV6 Hosts HOT 3
- Hosts that only have an IPv6 address cannot be tested by hostname HOT 4
- Adding network support in ip_list_file
- SSH Service HELP request HOT 1
- add multiple port scan HOT 1
- [REQUEST] Add Rocky Linux support! HOT 5
- Connection TCP reset during grace-time-check crashes program HOT 1
- Question about CVE-2024-6387_Check
- Ports HOT 2
- Is 8.5 really vulnerable? HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from cve-2024-6387_check.