Nmap Development mailing list archives
[NSE script] SSH1 Hostkey
From: Sven Klemm <sven () c3d2 de>
Date: Sun, 03 Aug 2008 17:53:59 +0200
Hi,I've attached a script that shows the SSH1 hostkey. I am also working on a script for SSH2 hostkeys but it's not yet ready.
The script requires the lua openssl bindings. Cheers, Sven -- Sven Klemm http://cthulhu.c3d2.de/~sven/
id = "SSH1-Hostkey" author = "Sven Klemm <sven () c3d2 de>" description = "Show SSH1 Hostkey" license = "Same as Nmap--See http://nmap.org/book/man-legal.html" categories = {"safe"} require("stdnse") require("shortport") require("openssl") require("bin") portrule = shortport.port_or_service(22, "ssh") action = function(host, port) local socket = nmap.new_socket() local catch = function() socket:close() end local try = nmap.new_try(catch) try(socket:connect(host.ip, port.number)) -- fetch banner try(socket:receive_lines(1)) -- send our banner try(socket:send("SSH-1.5-Nmap-SSH1-Hostkey\r\n")) local data, packet_length, padding, offset data = try(socket:receive()) socket:close() offset, packet_length = bin.unpack( ">i", data ) padding = 8 - packet_length % 8 offset = offset + padding if padding + packet_length + 4 == data:len() then -- seems to be a proper SSH1 packet local msg_code,host_key_bits,host_key_exponent,host_key_modulus,length offset, msg_code = bin.unpack( ">c", data, offset ) if msg_code == 2 then -- 2 => SSH_SMSG_PUBLIC_KEY -- ignore cookie and server key bits offset, _, _ = bin.unpack( ">A8i", data, offset ) -- skip server key exponent and modulus offset, length = bin.unpack( ">S", data, offset ) offset = offset + math.ceil( length / 8 ) offset, length = bin.unpack( ">S", data, offset ) offset = offset + math.ceil( length / 8 ) offset, host_key_bits = bin.unpack( ">i", data, offset ) offset, length = bin.unpack( ">S", data, offset ) offset, host_key_exponent = bin.unpack( ">A" .. math.ceil( length / 8 ), data, offset ) host_key_exponent = openssl.bignum_bin2dec( host_key_exponent ) offset, length = bin.unpack( ">S", data, offset ) offset, host_key_modulus = bin.unpack( ">A" .. math.ceil( length / 8 ), data, offset ) host_key_modulus = openssl.bignum_bin2dec( host_key_modulus ) return host_key_bits .. ' ' .. host_key_exponent .. ' ' .. host_key_modulus end end end
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- [NSE script] SSH1 Hostkey Sven Klemm (Aug 03)
- Re: [NSE script] SSH1 Hostkey Sven Klemm (Aug 05)
- Re: [NSE script] SSH1 Hostkey Sven Klemm (Aug 05)
- Re: [NSE script] SSH1 Hostkey Brandon Enright (Aug 05)
- Re: [NSE script] SSH1 Hostkey doug (Aug 05)
- Re: [NSE script] SSH1 Hostkey Sven Klemm (Sep 01)
- Re: [NSE script] SSH1 Hostkey Sven Klemm (Aug 05)
- Re: [NSE script] SSH1 Hostkey Brandon Enright (Aug 05)
- Re: [NSE script] SSH1 Hostkey Sven Klemm (Aug 05)
- Re: [NSE script] SSH1 Hostkey Sven Klemm (Aug 05)