search

fox-it / OpenSSH-Session-Key-Recovery

Project containing several tools/ scripts to recover the OpenSSH session keys used to encrypt/ decrypt SSH traffic.
https://blog.fox-it.com/2020/11/11/decrypting-openssh-sessions-for-fun-and-profit/
Apache License 2.0
77 stars 17 forks source link

I got an "Framework interface version" error when i run it #4

Open einar-lanfranco opened 3 years ago

einar-lanfranco commented 3 years ago

To install it y copied OpenSSH-Session-Key-Recovery/volatility3/* into volatility3/volatility/plugins/linux/

After that i run it and get this error. 

python3 volatility3/vol.py  -f /home/pepe/Descargas/dump.mem  linux.openssh_sessionkeys.SSHKeys
Volatility 3 Framework 2.0.0-beta.1
Traceback (most recent call last):acking attempts finished                 
  File "/volatility3/vol.py", line 10, in <module>
    volatility.cli.main()
  File "/volatility3/volatility/cli/__init__.py", line 586, in main
    CommandLine().run()
  File "/volatility3/volatility/cli/__init__.py", line 303, in run
    constructed = plugins.construct_plugin(ctx, automagics, plugin, base_config_path, progress_callback,
  File "/volatility3/volatility/framework/plugins/__init__.py", line 51, in construct_plugin
    constructed = plugin(context, plugin_config_path, progress_callback = progress_callback)
  File "/volatility3/volatility/framework/interfaces/plugins.py", line 126, in __init__
    framework.require_interface_version(*self._required_framework_version)
  File "/volatility3/volatility/framework/__init__.py", line 47, in require_interface_version
    raise RuntimeError("Framework interface version {} is incompatible with required version {}".format(
RuntimeError: Framework interface version 2 is incompatible with required version 1

Could you help me? Thanks

OwlyDuck commented 3 months ago

Did you try to add : _required_framework_version = (2, 0, 0) in the SSHKeys class ?

I think you'll encounter other issues down the line because of compatibility... Take a look at my pull request (managed to make the plugin work in one case)

yunzheng commented 3 months ago

8 is merged, please check if this fixes the issue.

dexter4242 commented 3 months ago

I have this issue :

python3 vol.py -vv Volatility 3 Framework 2.7.1 INFO volatility3.cli: Volatility plugins path: ['/home/kali/volatility3/volatility3/plugins', '/home/kali/volatility3/volatility3/framework/plugins'] INFO volatility3.cli: Volatility symbols path: ['/home/kali/volatility3/volatility3/symbols', '/home/kali/volatility3/volatility3/framework/symbols'] DEBUG volatility3.framework: Traceback (most recent call last): File "/home/kali/volatility3/volatility3/framework/init.py", line 185, in import_file importlib.import_module(module) File "/usr/lib/python3.11/importlib/init.py", line 126, in import_module return _bootstrap._gcd_import(name[level:], package, level) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "", line 1204, in _gcd_import File "", line 1176, in _find_and_load File "", line 1147, in _find_and_load_unlocked File "", line 690, in _load_unlocked File "", line 940, in exec_module File "", line 241, in _call_with_frames_removed File "/home/kali/volatility3/volatility3/framework/plugins/linux/openssh_sessionkeys.py", line 1, in import volatility3.plugins.common as common ModuleNotFoundError: No module named 'volatility3.plugins.common'

DEBUG volatility3.framework: Failed to import module volatility3.plugins.linux.openssh_sessionkeys based on file: /home/kali/volatility3/volatility3/framework/plugins/linux/openssh_sessionkeys.py INFO volatility3.cli: The following plugins could not be loaded (use -vv to see why): volatility3.plugins.linux.openssh_sessionkeys usage: volatility [-h] [-c CONFIG] [--parallelism [{processes,threads,off}]] [-e EXTEND] [-p PLUGIN_DIRS] [-s SYMBOL_DIRS] [-v] [-l LOG] [-o OUTPUT_DIR] [-q] [-r RENDERER] [-f FILE] [--write-config] [--save-config SAVE_CONFIG] [--clear-cache] [--cache-path CACHE_PATH] [--offline] [--filters FILTERS] [--single-location SINGLE_LOCATION] [--stackers [STACKERS ...]] [--single-swap-locations [SINGLE_SWAP_LOCATIONS ...]] plugin ... volatility: error: Please select a plugin to run

And the plugin it's modified like this :

import volatility3.plugins.common as common import volatility3.commands as commands import volatility3.utils as utils import volatility3.obj as obj import volatility3.plugins.linux.common as linux_common import volatility3.plugins.linux import volatility3.plugins.linux.pslist as linux_pslist from volatility3.renderers import TreeGrid from volatility3.renderers.basic import Address import volatility3.debug as debug