Open mercolino opened 9 years ago
i found the problem, Hydra, uses libssh and kippo does not send the Key Init Exchange, by a strange reason,
The workaround is: You should modify kippo/core/ssh.py and add the following after the line 149:
isLibssh = False
if data.find('libssh', data.find('SSH-')) != -1:
isLibssh = True
and also modify the line 152 (before inserting the code above) with: if (twisted.version.major < 11 or isLibssh) and \
Regards
Hi, I'm getting the following error with your suggested modification:
2015-03-16 15:38:17-0300 [HoneyPotTransport,6,1.2.3.4] Unhandled Error
Traceback (most recent call last):
File "/usr/lib/python2.7/dist-packages/twisted/python/log.py", line 84, in callWithLogger
return callWithContext({"system": lp}, func, *args, **kw)
File "/usr/lib/python2.7/dist-packages/twisted/python/log.py", line 69, in callWithContext
return context.call({ILogContext: newCtx}, func, *args, **kw)
File "/usr/lib/python2.7/dist-packages/twisted/python/context.py", line 118, in callWithContext
return self.currentContext().callWithContext(ctx, func, *args, **kw)
File "/usr/lib/python2.7/dist-packages/twisted/python/context.py", line 81, in callWithContext
return func(*args,**kw)
--- <exception caught here> ---
File "/usr/lib/python2.7/dist-packages/twisted/internet/posixbase.py", line 586, in _doReadOrWrite
why = selectable.doRead()
File "/usr/lib/python2.7/dist-packages/twisted/internet/tcp.py", line 199, in doRead
rval = self.protocol.dataReceived(data)
File "/opt/kippo/kippo/core/ssh.py", line 157, in dataReceived
self.sendKexInit()
File "/opt/kippo/kippo/core/ssh.py", line 147, in sendKexInit
sshserver.KippoSSHServerTransport.sendKexInit(self)
File "/usr/lib/python2.7/dist-packages/twisted/conch/ssh/transport.py", line 263, in sendKexInit
self._keyExchangeState,))
exceptions.RuntimeError: Cannot send KEXINIT while key exchange state is '_KEY_EXCHANGE_REQUESTED'
The patch was for the MHN version of Kippo, I do not know how different they are. The function was patched like this:
def dataReceived(self, data):
# Workaround libssh not working with Twisted Hydra not working (by mercolino)
isLibssh = data.find('libssh', data.find('SSH-')) != -1
transport.SSHServerTransport.dataReceived(self, data)
# later versions seem to call sendKexInit again on their own
if (twisted.version.major < 11 or isLibssh) and \
not self.hadVersion and self.gotVersion:
self.sendKexInit()
self.hadVersion = True
I make a test with hydra 8.0 and it works fine without the patch.
Hi, I configured kippo in an Ubuntu 14.04 LTS server, when trying to use hydra on that server I always have the following error: [INFO] Testing if password authentication is supported by ssh://192.168.XX.XX:22 [ERROR] could not connect to ssh://192.168.XX.XX:22
But from the terminal i can connect:
ssh root@192.168.10.21 Password: root@db01:~# ls -la drwxr-xr-x 1 root root 4096 2015-01-25 09:56 . drwxr-xr-x 1 root root 4096 2015-01-25 09:56 .. -rw-r--r-- 1 root root 140 2013-04-05 13:52 .profile drwx------ 1 root root 4096 2013-04-05 14:05 .ssh drwx------ 1 root root 4096 2013-04-05 13:58 .aptitude -rw-r--r-- 1 root root 570 2013-04-05 13:52 .bashrc root@db01:~#
It could be a problem that one of the best tools for brute-force attacks could not connect to the honeypot.
Regards...