freb
commented
5 years ago Notes:
dh-group-exchange-sha1 has a variable size dh modulus that can be regenerated on the server. specify a small modulus to see if the server will oblige. I believe the smallest acceptable dh modulus for the client and server is used but put max 1024 so that it is clear if a success is an issue. if there is no connection, you'll get "ssh: handshake failed: EOF" in the error key.
echo 172.24.1.1 | ./zgrab -port 22 -xssh -xssh-kex-algorithms diffie-hellman-group-exchange-sha1 -xssh-ciphers aes128-cbc -xssh-gex-min-bits 512 -xssh-gex-max-bits 1024 | jq
ssh-hostkey uses the fetch_host_key
This function includes a kexchange that we could probably reuse to get the prime size
https://github.com/nmap/nmap/blob/a7638f57c88cb1b5da949147729fca76a0f332c5/nselib/ssh2.lua#L224-L249
We should be able to grab the modulus/prime size from there. But we can't guarantee that the negotiated kex algorithms will be the vulnerable ones. Basically, if the host supports
group1-sha1then it is vulnerable, but we need to check the modulus size for agroup-exchange-sha1.