Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Hydra <--> Kippo SSH Protocol #174

Open
mercolino opened this issue Jan 28, 2015 · 4 comments
Open

Hydra <--> Kippo SSH Protocol #174

mercolino opened this issue Jan 28, 2015 · 4 comments

Comments

@mercolino
Copy link

Hi, I configured kippo in an Ubuntu 14.04 LTS server, when trying to use hydra on that server I always have the following error:
[INFO] Testing if password authentication is supported by ssh://192.168.XX.XX:22
[ERROR] could not connect to ssh://192.168.XX.XX:22

But from the terminal i can connect:

ssh root@192.168.10.21
Password:
root@db01:# ls -la
drwxr-xr-x 1 root root 4096 2015-01-25 09:56 .
drwxr-xr-x 1 root root 4096 2015-01-25 09:56 ..
-rw-r--r-- 1 root root 140 2013-04-05 13:52 .profile
drwx------ 1 root root 4096 2013-04-05 14:05 .ssh
drwx------ 1 root root 4096 2013-04-05 13:58 .aptitude
-rw-r--r-- 1 root root 570 2013-04-05 13:52 .bashrc
root@db01:
#

It could be a problem that one of the best tools for brute-force attacks could not connect to the honeypot.

Regards...

@mercolino
Copy link
Author

i found the problem, Hydra, uses libssh and kippo does not send the Key Init Exchange, by a strange reason,

The workaround is:
You should modify kippo/core/ssh.py and add the following after the line 149:

#Workaround libssh not working with Twisted Hydra not working
isLibssh = False
if data.find('libssh', data.find('SSH-')) != -1:
isLibssh = True

and also modify the line 152 (before inserting the code above) with:
if (twisted.version.major < 11 or isLibssh) and \

Regards

@rogeriobastos
Copy link

Hi, I'm getting the following error with your suggested modification:

2015-03-16 15:38:17-0300 [HoneyPotTransport,6,1.2.3.4] Unhandled Error
        Traceback (most recent call last):
          File "/usr/lib/python2.7/dist-packages/twisted/python/log.py", line 84, in callWithLogger
            return callWithContext({"system": lp}, func, *args, **kw)
          File "/usr/lib/python2.7/dist-packages/twisted/python/log.py", line 69, in callWithContext
            return context.call({ILogContext: newCtx}, func, *args, **kw)
          File "/usr/lib/python2.7/dist-packages/twisted/python/context.py", line 118, in callWithContext
            return self.currentContext().callWithContext(ctx, func, *args, **kw)
          File "/usr/lib/python2.7/dist-packages/twisted/python/context.py", line 81, in callWithContext
            return func(*args,**kw)
        --- <exception caught here> ---
          File "/usr/lib/python2.7/dist-packages/twisted/internet/posixbase.py", line 586, in _doReadOrWrite
            why = selectable.doRead()
          File "/usr/lib/python2.7/dist-packages/twisted/internet/tcp.py", line 199, in doRead
            rval = self.protocol.dataReceived(data)
          File "/opt/kippo/kippo/core/ssh.py", line 157, in dataReceived
            self.sendKexInit()
          File "/opt/kippo/kippo/core/ssh.py", line 147, in sendKexInit
            sshserver.KippoSSHServerTransport.sendKexInit(self)
          File "/usr/lib/python2.7/dist-packages/twisted/conch/ssh/transport.py", line 263, in sendKexInit
            self._keyExchangeState,))
        exceptions.RuntimeError: Cannot send KEXINIT while key exchange state is '_KEY_EXCHANGE_REQUESTED'

@mercolino
Copy link
Author

The patch was for the MHN version of Kippo, I do not know how different they are. The function was patched like this:

def dataReceived(self, data):
        # Workaround libssh not working with Twisted Hydra not working (by mercolino)
        isLibssh = data.find('libssh', data.find('SSH-')) != -1

        transport.SSHServerTransport.dataReceived(self, data)
        # later versions seem to call sendKexInit again on their own
        if (twisted.version.major < 11 or isLibssh) and \
                not self.hadVersion and self.gotVersion:
            self.sendKexInit()
            self.hadVersion = True

@rogeriobastos
Copy link

I make a test with hydra 8.0 and it works fine without the patch.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants