Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add read_ssh_blocking (backport #964) #990

Merged
merged 2 commits into from
Dec 8, 2021

Conversation

mergify[bot]
Copy link
Contributor

@mergify mergify bot commented Dec 6, 2021

This is an automatic backport of pull request #964 done by Mergify.


Mergify commands and options

More conditions and actions can be found in the documentation.

You can also trigger Mergify actions by commenting on this pull request:

  • @Mergifyio refresh will re-evaluate the rules
  • @Mergifyio rebase will rebase this PR on its base branch
  • @Mergifyio update will merge the base branch into this PR
  • @Mergifyio backport <destination> will backport this PR on <destination> branch

Additionally, on Mergify dashboard you can:

  • look at your merge queues
  • generate the Mergify configuration with the config editor.

Finally, you can contact us on https://mergify.com

The function receives now a new parameter timeout.
If a timeout is given, enables the blocking ssh read until it gives the timeout or there is no bytes left to read.
Otherwise, it does a non-blocking ssh read as before.

To test, run the following script (it should be a debian based OS, with dpkg cmd)

`time sudo openvas-nasl -X -B -d -i /home/jjnicola/install/var/lib/openvas/plugins -t 192.168.0.1 ssh_shell_gather_package_list_ssh_read_timeout.nasl
`

```
if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.ssh1");
  script_version("2020-11-12T09:50:32+0000");
  script_tag(name:"last_modification", value:"2021-11-17 11:25:00 +0000 (Mon, 17 May 2021)");
  script_tag(name:"creation_date", value:"2021-11-17 11:25:00 +0000 (Mon, 17 May 2021)");
  script_tag(name:"cvss_base", value:"0.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:N/A:N");
  script_name("SSH shell 1");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2007-2012 Greenbone Networks GmbH");
  script_family("General");

  script_tag(name:"summary", value:"This script tries to login with provided credentials.

  If the login was successful, it marks this port as available for any authenticated tests.");

  script_tag(name:"qod_type", value:"remote_banner");

  exit(0);
}

include("ssh_func.inc");
include("misc_func.inc");

port = 22;
user = 'USER';
pass = 'PASS';
priv_user = 'root';
priv_pass = 'ROOT_PASS';

function clean_buffer(sess) {
  while( TRUE ) {
    c = ssh_shell_read(sess);
    if( strlen( c ) <= 0 ) break;
  }
};

soc = open_sock_tcp( port );
if( ! soc ) exit( 0 );
display (soc);

display("Open connection");
sess = ssh_connect( socket:soc );
display("User Auth");
prompt = ssh_userauth(sess, login:user, password:pass);

display("Open shell");
sess = ssh_shell_open (sess, pty:1);
clean_buffer (sess);

cmd1 = "whoami" + '\n';
sh_wr = ssh_shell_write(sess, cmd:cmd1);
ret = "";
ret = ssh_shell_read(sess, timeout: 1000);
display("Return whoami before priv login: ", ret);

display("Changing to root");
cmd1 = 'su - ' + priv_user  + '\n';
sh_wr = ssh_shell_write(sess, cmd:cmd1);

ret = "";
ret = ssh_shell_read(sess, timeout: 1000);
   display(ret);

if (strstr(ret, "Password")){
   cmd1 = priv_pass + '\n';
   sh_wr = ssh_shell_write(sess, cmd:cmd1);
   clean_buffer(sess);
}

cmd1 = 'dpkg -l' + '\n';
sh_wr = ssh_shell_write(sess, cmd:cmd1);

ret = ssh_shell_read(sess, timeout: 1000);
display("Return whoami after priv login: ", ret);

ssh_shell_close(sess);
ssh_disconnect(sess);
display("Finished, close, disconnect script 1");
```

(cherry picked from commit be5a0af)
@mergify mergify bot requested a review from a team as a code owner December 6, 2021 07:26
@jjnicola jjnicola self-requested a review December 8, 2021 09:41
@jjnicola jjnicola merged commit 2024379 into middleware Dec 8, 2021
@jjnicola jjnicola deleted the mergify/bp/middleware/pr-964 branch December 8, 2021 09:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants