search

jm33-m0 / emp3r0r

Linux/Windows post-exploitation framework made by linux user
https://infosec.exchange/@jm33
MIT License
1.24k stars 235 forks source link

"no such process" found when using ssh_harvester #274

Closed starfork closed 7 months ago

starfork commented 7 months ago

enviroment: virtualbox [windows host] ( or I can not test like this ?) cc: kali agent:deepin / centos7.6

after run command 1、use ssh_harvester 2、run

I got response like [0] !ssh_harvester Look for passwods in /usr/share/bash-completion/completions//helpers/ssh-XXXXXX/yyyyyyyy.txt (not like path "/tmp/xxxx" by demo)

"yyyyyyyy.txt" contents like below

[+] Starting Harvester for SSHD session 9246
2023-11-26 20:03:06.015781486 +0800 CST m=+9132.676855391
Harvester PID is 3125
2023-11-26 20:03:06.015796135 +0800 CST m=+9132.676870033
 SSHD process found in 0x408000 - 0x476000
2023-11-26 20:03:06.015833427 +0800 CST m=+9132.676907323
We (3125) are now tracing sshd session (9246)
 2023-11-26 20:03:06.015849299 +0800 CST m=+9132.676923194
PTRACE_PEEKTEXT Searching memory of 9246: **no such process**    _(ssh_harvester_amd64_linux.go#L114 // fixes "no such process" error)_ 
2023-11-26 20:03:06.043737153 +0800 CST m=+9132.704811047
 [+] Starting Harvester for SSHD session 9247
2023-11-26 20:03:06.043865546 +0800 CST m=+9132.704939451
Harvester PID is 3125
2023-11-26 20:03:06.043880395 +0800 CST m=+9132.704954293
SSHD process found in 0x0 - 0x0
2023-11-26 20:03:06.044074208 +0800 CST m=+9132.705148121
We (3125) are now tracing sshd session (9247)
2023-11-26 20:03:06.04410691 +0800 CST m=+9132.705180816
Code pattern 0x4883c4080fb6c021 not found in memory 0x0 to 0x0
2023-11-26 20:03:07.640019714 +0800 CST m=+9134.301093605
Code pattern 0x4883c4080fb6c021 not found in memory 0x408000 to 0x476000
jm33-m0 commented 7 months ago

Code pattern 0x4883c4080fb6c021 not found means it won't work because the openssh version is incompatible.

Please read the blog post to understand how this thing works. And I will appreciate it if you submit a patch to include whatever code pattern that works with your target openssh version.

starfork commented 7 months ago

Code pattern 0x4883c4080fb6c021 not found means it won't work because the openssh version is incompatible.

Please read the blog post to understand how this thing works. And I will appreciate it if you submit a patch to include whatever code pattern that works with your target openssh version.

thanks ~~~

answer here :~~~

https://github.com/jm33-m0/SSH-Harvester#ssh-harvester