Nmap Development mailing list archives
Re: Status Report #11 of 17
From: ithilgore <ithilgore.ryu.l () gmail com>
Date: Tue, 07 Jul 2009 06:14:55 +0300
Hello everyone, Ncrack is progressing in many fields. The highlight of this week is the introduction of the opensshlib, a library using OpenSSH code but adapted for usage with Ncrack and Nsock. The decision that using OpenSSH code to make a library of our own, instead of using already existing libraries (like libssh and libssh2), was taken due to the following benefits: - Code derived from OpenSSH has a BSD license which is less restrictive than others like LGPL. - OpenSSH code is much safer, since it is audited by the OpenBSD team. - OpenSSH supports both SSH1 and SSH2 and also provides many workarounds for old ssh implementations which have bugs, essentially making it more easily adaptable against strange-behaving targets. - We would need to hack the libraries anyway, since they all abstract the socket operations and we need to have our own control over that using nsock. Instead, getting to know how the most popular ssh client works behind the scenes, will effectively lead to more maintainable and better code. The opensshlib has been tailored to Ncrack's needs specifically. That means, that I haven't bothered adapting OpenSSH code which deals with anything other than the steps needed to reach the authentication phase. Perhaps, the most frustrating thing was that OpenSSH assumes that there will be only 1 connection (as far as the client is regarded) and thus it keeps state in static and global variables - something which had to be completely removed in order for it to provide library functionality. Accomplishments * Introduced openssh lib on which the ssh module will be based. * Almost completed the ssh module. There are still some steps to be done before reaching the authentication part. * Refined ServiceGroup handling by adding important checks and removing unneeded ones as well as making code more readable. * Profiled ncrack with gprof and solved some 100% cpu usage problems with nsock_loop. * Added passwords from nmap/nselib/data/passwords. * Added per-service credential storage functions/members. * Removed greppable output format which is deprecated. * Finished final output for normal (-oN) format. Currently -oN combines an easily-greppable format, which is also easily readable. This format was suggested by Fyodor at: http://seclists.org/nmap-dev/2009/q2/0790.html * Fixed many bugs within core engine. * Added a generic buffer manipulation class which is based on OpenSSH code. * Separated modules into their own directories. (this might change in the future) * Discussed with Fyodor about license issues. * Adapted Ncrack's build system to compile and link against opensshlib and openbsd-compat which is needed by some functions in opensshlib. * And finally the fun-part: added leet-ascii art for Ncrack - a scorpion - (it is shown after ./configure finishes its job like Nmap does): ~00000 00000000 ,000$ 0$+~ $=0= .0+0 000 000 :000 0~0 0000. 0 00000 . .000000 0?= +.,. ,?00.$000 00000~.:~0 .$+00~?~000 :00000.=0000 ?00?00+=: ,0, 00000..0000~ 000000. $0 00..0~0?0::00,?0::?$0. 00 ~ .0. ,0?00000.0$,+,000.00 $00 0. 00.?00=00000~0+0:0000?0,~0?. .0 +00 0+0000 0000=?~0000?00 00 .: .~~ .000=00000~00=000000+0.0~0$$. 00 , ?00.. 000~000000000000.:0.0:0~ 0$00.+ 00.0 00 00?~000~000000000+00 + ~0000000000=$0000 $ 00 00. .00,000000000000$.00000. .0000+$+~00 0 00 .0 000000000?~0000000. 0. .0$000000+$0 0 0 0 000:$~0000=0.0000,$. 00 0000000000 0 00 ?.0000 $0 0 . .0000 . $ ?000. 0 0 0 +~?000 0. :000000?0 |=------=[ Ncrack ]=------=| 0000$?+00 00+0:~0$0+ .0$000?00 0?000000 .000~0 Priorities: * Complete and test ssh module. * Write extensive documentation about every aspect of opensshlib, since many parts of OpenSSH were hacked for Ncrack adaption. * Test the changes on Windows. * Find a shell at a MacOSX box to test Ncrack there. * Also, start thinking about the http module and implementing ssl support (through nsock). That's all for now. Cheers, ithilgore _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Status Report #11 of 17 Luis M. (Jul 06)
- <Possible follow-ups>
- Status Report #11 of 17 J Marlow (Jul 06)
- Re: Status Report #11 of 17 ithilgore (Jul 06)
- Status report #11 of 17 Joao Correa (Jul 06)
- Status report #11 of 17 Patrick Donnelly (Jul 06)
- Re: Status report #11 of 17 venkat sanaka (Jul 07)