SSH connexion cannot parse '@' character in password

[BastienPateyron]

Bug Description

The pwncat-cs ssh connexion string with password is not working if the password contains the @ character. It looks like the pwncat-cs parser is splitting the command on the first @ found.

I precise that I also have attempted to submit the password value between simple and double quotes, I also tried by adding backslashes and through environment variable in order to bypass this behavior, without any success.

EDIT : After checking the source code, I figured out that the parsing is made with a regex allowing to escape with a backslash and this can solve my issue. However, I also have a ! character in the password I want to make use of. Since the ! character is breaking any command if not quoted properly, I guess making use of it is adding complexity to this. I suppose that the mix of those both issues seem to break either the parsing, or the content of the ssh login attempt (in the query or in the submitted credentials themselves, this remains unclear to me).

pwncat version

$ pwncat --version
0.5.4

Target System (aka "victim")

None, this can be tested locally.

Steps to Reproduce

Steps to reproduce the behavior:

1. Create a new local user with a password containing @ like pwncat_user:r00t5P@ssw0rd
2. Try to perform the following ssh connexion

pwncat-cs ssh://pwncat_user:r00t5P@ssw0rd@127.0.0.1

Expected Behavior

The pwncat-cs parser should split on the last @ char found instead of the first one.

Screenshots