Re: Status Report #11 of 17

[ithilgore <ithilgore.ryu.l () gmail com>]

Hello everyone,
 Ncrack is progressing in many fields. The highlight of this week is the
introduction of the opensshlib, a library using OpenSSH code but adapted for
usage with Ncrack and Nsock. The decision that using OpenSSH code to
make a library of our own, instead of using already existing libraries (like
libssh and libssh2), was taken due to the following benefits:

- Code derived from OpenSSH has a BSD license which is less restrictive than
others like LGPL.

- OpenSSH code is much safer, since it is audited by the OpenBSD team.

- OpenSSH supports both SSH1 and SSH2 and also provides many workarounds for old
ssh implementations which have bugs, essentially making it more easily adaptable
against strange-behaving targets.

- We would need to hack the libraries anyway, since they all abstract the socket
operations and we need to have our own control over that using nsock. Instead,
getting to know how the most popular ssh client works behind the scenes, will
effectively lead to more maintainable and better code.

The opensshlib has been tailored to Ncrack's needs specifically. That means,
that I haven't bothered adapting OpenSSH code which deals with anything other
than the steps needed to reach the authentication phase. Perhaps, the most
frustrating thing was that OpenSSH assumes that there will be only 1 connection
(as far as the client is regarded) and thus it keeps state in static and global
variables - something which had to be completely removed in order for it to
provide library functionality.


Accomplishments

* Introduced openssh lib on which the ssh module will be based.
* Almost completed the ssh module. There are still some steps to be done before
reaching the authentication part.
* Refined ServiceGroup handling by adding important checks and removing unneeded
ones as well as making code more readable.
* Profiled ncrack with gprof and solved some 100% cpu usage problems with
nsock_loop.
* Added passwords from nmap/nselib/data/passwords.
* Added per-service credential storage functions/members.
* Removed greppable output format which is deprecated.
* Finished final output for normal (-oN) format. Currently -oN combines an
easily-greppable format, which is also easily readable. This format was
suggested by Fyodor at: http://seclists.org/nmap-dev/2009/q2/0790.html
* Fixed many bugs within core engine.
* Added a generic buffer manipulation class which is based on OpenSSH code.
* Separated modules into their own directories. (this might change in the future)
* Discussed with Fyodor about license issues.
* Adapted Ncrack's build system to compile and link against opensshlib and
openbsd-compat which is needed by some functions in opensshlib.
* And finally the fun-part: added leet-ascii art for Ncrack - a scorpion -
(it is shown after ./configure finishes its job like Nmap does):

               ~00000
              00000000
             ,000$ 0$+~
             $=0=  .0+0
             000    000
            :000    0~0
            0000.    0
            00000     .
           .000000
           0?= +.,.
          ,?00.$000
          00000~.:~0
          .$+00~?~000
          :00000.=0000
          ?00?00+=:  ,0,
     00000..0000~ 000000.   $0
    00..0~0?0::00,?0::?$0.  00 ~
   .0.   ,0?00000.0$,+,000.00 $00
   0.   00.?00=00000~0+0:0000?0,~0?.
  .0  +00   0+0000 0000=?~0000?00 00
 .: .~~   .000=00000~00=000000+0.0~0$$.
 00 ,    ?00.. 000~000000000000.:0.0:0~   0$00.+
00.0    00   00?~000~000000000+00   + ~0000000000=$0000
   $   00   00.   .00,000000000000$.00000.    .0000+$+~00
  0   00  .0       000000000?~0000000.   0.   .0$000000+$0
 0    0   0     000:$~0000=0.0000,$.       00   0000000000
     0   00    ?.0000      $0 0 .                     .0000
   .     $    ?000.                                     0 0
        0     +~?000
       0.    :000000?0     |=------=[ Ncrack ]=------=|
             0000$?+00
             00+0:~0$0+
             .0$000?00
               0?000000
                  .000~0



Priorities:

* Complete and test ssh module.
* Write extensive documentation about every aspect of opensshlib, since many
parts of OpenSSH were hacked for Ncrack adaption.
* Test the changes on Windows.
* Find a shell at a MacOSX box to test Ncrack there.
* Also, start thinking about the http module and implementing ssl support
(through nsock).


That's all for now.

Cheers,
ithilgore





_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org