Revert "Prevent false positives when the servers requests for an inte…

…ractive login (SonicWall SSH)"
matricali · Dec 4, 2023 · 16a61ff · 16a61ff
1 parent 1e9b377
commit 16a61ff
Show file tree

Hide file tree

Showing 6 changed files with 94 additions and 155 deletions.
diff --git a/.clang-format b/.clang-format
@@ -1,6 +1,6 @@
 # SPDX-License-Identifier: GPL-2.0
 #
-# clang-format configuration file. Intended for clang-format >= 11.
+# clang-format configuration file. Intended for clang-format >= 4.
 #
 # For more information, see:
 #
@@ -13,7 +13,7 @@ AccessModifierOffset: -4
 AlignAfterOpenBracket: Align
 AlignConsecutiveAssignments: false
 AlignConsecutiveDeclarations: false
-AlignEscapedNewlines: Left
+#AlignEscapedNewlines: Left # Unknown to clang-format-4.0
 AlignOperands: true
 AlignTrailingComments: false
 AllowAllParametersOfDeclarationOnNextLine: false
@@ -37,40 +37,40 @@ BraceWrapping:
   AfterObjCDeclaration: false
   AfterStruct: false
   AfterUnion: false
-  AfterExternBlock: false
+  #AfterExternBlock: false # Unknown to clang-format-5.0
   BeforeCatch: false
   BeforeElse: false
   IndentBraces: false
-  SplitEmptyFunction: true
-  SplitEmptyRecord: true
-  SplitEmptyNamespace: true
+  #SplitEmptyFunction: true # Unknown to clang-format-4.0
+  #SplitEmptyRecord: true # Unknown to clang-format-4.0
+  #SplitEmptyNamespace: true # Unknown to clang-format-4.0
 BreakBeforeBinaryOperators: None
 BreakBeforeBraces: Custom
-BreakBeforeInheritanceComma: false
+#BreakBeforeInheritanceComma: false # Unknown to clang-format-4.0
 BreakBeforeTernaryOperators: false
 BreakConstructorInitializersBeforeComma: false
-BreakConstructorInitializers: BeforeComma
+#BreakConstructorInitializers: BeforeComma # Unknown to clang-format-4.0
 BreakAfterJavaFieldAnnotations: false
 BreakStringLiterals: false
 ColumnLimit: 80
 CommentPragmas: '^ IWYU pragma:'
-CompactNamespaces: false
+#CompactNamespaces: false # Unknown to clang-format-4.0
 ConstructorInitializerAllOnOneLineOrOnePerLine: false
 ConstructorInitializerIndentWidth: 8
 ContinuationIndentWidth: 8
 Cpp11BracedListStyle: false
 DerivePointerAlignment: false
 DisableFormat: false
 ExperimentalAutoDetectBinPacking: false
-FixNamespaceComments: false
-IncludeBlocks: Preserve
+#FixNamespaceComments: false # Unknown to clang-format-4.0
+
+#IncludeBlocks: Preserve # Unknown to clang-format-5.0
 IncludeCategories:
   - Regex: '.*'
     Priority: 1
 IncludeIsMainRegex: '(Test)?$'
-IndentCaseLabels: false
-IndentGotoLabels: false
-IndentPPDirectives: None
+IndentCaseLabels: true
+#IndentPPDirectives: None # Unknown to clang-format-5.0
 IndentWidth: 8
 IndentWrappedFunctionNames: false
 JavaScriptQuotes: Leave
@@ -79,14 +79,14 @@ KeepEmptyLinesAtTheStartOfBlocks: false
 MacroBlockBegin: ''
 MacroBlockEnd: ''
 MaxEmptyLinesToKeep: 1
-NamespaceIndentation: None
-ObjCBinPackProtocolList: Auto
+NamespaceIndentation: Inner
+#ObjCBinPackProtocolList: Auto # Unknown to clang-format-5.0
 ObjCBlockIndentWidth: 8
 ObjCSpaceAfterProperty: true
 ObjCSpaceBeforeProtocolList: true
 
 # Taken from git's rules
-PenaltyBreakAssignment: 10
+#PenaltyBreakAssignment: 10 # Unknown to clang-format-4.0
 PenaltyBreakBeforeFirstCallParameter: 30
 PenaltyBreakComment: 10
 PenaltyBreakFirstLessLess: 0
@@ -96,15 +96,15 @@ PenaltyReturnTypeOnItsOwnLine: 60
 
 PointerAlignment: Right
 ReflowComments: false
-SortIncludes: false
-SortUsingDeclarations: false
+SortIncludes: true
+#SortUsingDeclarations: false # Unknown to clang-format-4.0
 SpaceAfterCStyleCast: false
 SpaceAfterTemplateKeyword: true
 SpaceBeforeAssignmentOperators: true
-SpaceBeforeCtorInitializerColon: true
-SpaceBeforeInheritanceColon: true
+#SpaceBeforeCtorInitializerColon: true # Unknown to clang-format-5.0
+#SpaceBeforeInheritanceColon: true # Unknown to clang-format-5.0
 SpaceBeforeParens: ControlStatements
-SpaceBeforeRangeBasedForLoopColon: true
+#SpaceBeforeRangeBasedForLoopColon: true # Unknown to clang-format-5.0
 SpaceInEmptyParentheses: false
 SpacesBeforeTrailingComments: 1
 SpacesInAngles: false

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,27 +1,13 @@
 # Changelog
-
 All notable changes to this project will be documented in this file.
 
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
 ## [Unreleased]
 
-### Fixed
-
-- Fixed static build
-- Fixed Array index out of bounds in detection.c
-
-### Added
-
-- After a successful login checks for a non interactive command execution,
-in order to prevent false positives when the servers requests for an interactive
-login (SonicWall SSH)
-
 ## [0.5.0] - 2020-03-07
-
 ### Added
-
 - Support for custom port (argument: -p <PORT>) both on scan and bruteforce phases.
 - Dry-run (argument: -D)
 - Added the initial basis to support different ports on different targets
@@ -35,66 +21,51 @@ login (SonicWall SSH)
 - Ignoring servers that don't support password authentication.
 
 ### Changed
-
 - Separate Cbrutekrag verbosity from SSHLIB verbosity. (arguments: -v and -V respectively).
 - The default maximum number of threads is calculated automatically.
 - Allow servers detected as honeypot (argument flag -A)
 - Improved detection of non-eligible servers.
 
 ### Removed
-
 - Removed port option (-p <port>) in favor of new targets syntax (191.168.0.0/24:2222)
 
 ### Fixed
-
 - Wait until all forks finished her work.
 - Ignore SIGPIPE
 - Fixed false positives in servers which login are interactive.
 
 ## [0.4.0] - 2018-09-02
-
 ### Added
-
 - Multithreaded port scan, discard targets from batch if the port is closed (argument: -s).
 - Honeypot detection (?).
 - Support for target list as arguments. It can be combined with targets file.
 - Targets can be a CIDR IPv4 block.
 
 ### Fixed
-
 - Initialize hostnames wordlist.
 - Aborts bruteforce phase if there is no targets after scan or honeypot detection phases.
 
 ## [0.3.0] - 2018-08-26
-
 ### Added
-
 - Compatibility with libssh-dev < 0.6.0.
 
 ### Changed
-
 - Improved logging.
 - Improved help (-h).
 
 ### Fixed
-
 - Fixed a segmentation fault when it does not had an open output file.
 - Update progress bar at the end to complete 100%.
 
 ## [0.2.1] - 2018-01-02
-
 ### Added
-
 - Support for empty password ($BLANKPASS in dictionary).
 
 ### Changed
-
 - Improved fork model.
 
 ## [0.1.3] - 2017-12-29
-
 ### Added
-
 - Multithread.
 - Progress bar.
 

diff --git a/include/log.h b/include/log.h
@@ -31,16 +31,16 @@ enum { LOG_TRACE,
        LOG_FATAL,
 };
 
-#define log_error(...)                                                     \
-	print_output(LOG_ERROR, __FILE__, __LINE__, "\033[91m", "\033[0m", \
+#define log_error(...)                                                         \
+	print_output(LOG_ERROR, __FILE__, __LINE__, "\033[91m", "\033[0m",     \
 		     stderr, __VA_ARGS__)
-#define log_warn(...) \
+#define log_warn(...)                                                          \
 	print_output(LOG_WARN, __FILE__, __LINE__, "", "", stderr, __VA_ARGS__)
 
-#define log_debug(...)                                                     \
-	print_output(LOG_DEBUG, __FILE__, __LINE__, "\033[37m", "\033[0m", \
+#define log_debug(...)                                                         \
+	print_output(LOG_DEBUG, __FILE__, __LINE__, "\033[37m", "\033[0m",     \
 		     stderr, __VA_ARGS__)
-#define log_info(...) \
+#define log_info(...)                                                          \
 	print_output(LOG_INFO, __FILE__, __LINE__, "", "", stdout, __VA_ARGS__)
 
 void print_output(int level, const char *file, int line, const char *head,

diff --git a/src/bruteforce_ssh.c b/src/bruteforce_ssh.c
@@ -54,7 +54,7 @@ int bruteforce_ssh_login(btkg_context_t *context, const char *hostname,
 	ssh_options_set(my_ssh_session, SSH_OPTIONS_HOST, hostname);
 	ssh_options_set(my_ssh_session, SSH_OPTIONS_LOG_VERBOSITY, &verbosity);
 	ssh_options_set(my_ssh_session, SSH_OPTIONS_PORT, &port);
-#if LIBSSH_VERSION_MAYOR > 0 || \
+#if LIBSSH_VERSION_MAYOR > 0 ||                                                \
 	(LIBSSH_VERSION_MAYOR == 0 && LIBSSH_VERSION_MINOR >= 6)
 	ssh_options_set(my_ssh_session, SSH_OPTIONS_KEY_EXCHANGE, "none");
 	ssh_options_set(my_ssh_session, SSH_OPTIONS_HOSTKEYS, "none");
@@ -101,36 +101,6 @@ int bruteforce_ssh_login(btkg_context_t *context, const char *hostname,
 	if (method & (int)SSH_AUTH_METHOD_PASSWORD) {
 		r = ssh_userauth_password(my_ssh_session, NULL, password);
 		if (r == SSH_AUTH_SUCCESS) {
-			ssh_channel channel = ssh_channel_new(my_ssh_session);
-
-			if (channel == NULL) {
-				log_debug("[!] %s:%d - Cannot create channel.",
-					  hostname, port);
-				ssh_disconnect(my_ssh_session);
-				ssh_free(my_ssh_session);
-				return -1;
-			}
-
-			int ret = ssh_channel_open_session(channel);
-			if (ret < 0) {
-				ssh_channel_close(channel);
-				ssh_disconnect(my_ssh_session);
-				ssh_free(my_ssh_session);
-				return -1;
-			}
-
-			ret = ssh_channel_request_exec(channel,
-						       "cat > /dev/null");
-			if (ret < 0) {
-				log_debug(
-					"[!] %s:%d - Possible interactive login (ie SonicWall).",
-					hostname, port);
-				ssh_channel_close(channel);
-				ssh_disconnect(my_ssh_session);
-				ssh_free(my_ssh_session);
-				return -1;
-			}
-
 			ssh_disconnect(my_ssh_session);
 			ssh_free(my_ssh_session);