matricali · matricali · Dec 4, 2023 · Nov 30, 2023 · Nov 30, 2023 · Nov 30, 2023
diff --git a/.clang-format b/.clang-format
@@ -1,6 +1,6 @@
 # SPDX-License-Identifier: GPL-2.0
 #
-# clang-format configuration file. Intended for clang-format >= 4.
+# clang-format configuration file. Intended for clang-format >= 11.
 #
 # For more information, see:
 #
@@ -13,7 +13,7 @@ AccessModifierOffset: -4
 AlignAfterOpenBracket: Align
 AlignConsecutiveAssignments: false
 AlignConsecutiveDeclarations: false
-#AlignEscapedNewlines: Left # Unknown to clang-format-4.0
+AlignEscapedNewlines: Left
 AlignOperands: true
 AlignTrailingComments: false
 AllowAllParametersOfDeclarationOnNextLine: false
@@ -37,40 +37,40 @@ BraceWrapping:
   AfterObjCDeclaration: false
   AfterStruct: false
   AfterUnion: false
-  #AfterExternBlock: false # Unknown to clang-format-5.0
+  AfterExternBlock: false
   BeforeCatch: false
   BeforeElse: false
   IndentBraces: false
-  #SplitEmptyFunction: true # Unknown to clang-format-4.0
-  #SplitEmptyRecord: true # Unknown to clang-format-4.0
-  #SplitEmptyNamespace: true # Unknown to clang-format-4.0
+  SplitEmptyFunction: true
+  SplitEmptyRecord: true
+  SplitEmptyNamespace: true
 BreakBeforeBinaryOperators: None
 BreakBeforeBraces: Custom
-#BreakBeforeInheritanceComma: false # Unknown to clang-format-4.0
+BreakBeforeInheritanceComma: false
 BreakBeforeTernaryOperators: false
 BreakConstructorInitializersBeforeComma: false
-#BreakConstructorInitializers: BeforeComma # Unknown to clang-format-4.0
+BreakConstructorInitializers: BeforeComma
 BreakAfterJavaFieldAnnotations: false
 BreakStringLiterals: false
 ColumnLimit: 80
 CommentPragmas: '^ IWYU pragma:'
-#CompactNamespaces: false # Unknown to clang-format-4.0
+CompactNamespaces: false
 ConstructorInitializerAllOnOneLineOrOnePerLine: false
 ConstructorInitializerIndentWidth: 8
 ContinuationIndentWidth: 8
 Cpp11BracedListStyle: false
 DerivePointerAlignment: false
 DisableFormat: false
 ExperimentalAutoDetectBinPacking: false
-#FixNamespaceComments: false # Unknown to clang-format-4.0
-
-#IncludeBlocks: Preserve # Unknown to clang-format-5.0
+FixNamespaceComments: false
+IncludeBlocks: Preserve
 IncludeCategories:
   - Regex: '.*'
     Priority: 1
 IncludeIsMainRegex: '(Test)?$'
-IndentCaseLabels: true
-#IndentPPDirectives: None # Unknown to clang-format-5.0
+IndentCaseLabels: false
+IndentGotoLabels: false
+IndentPPDirectives: None
 IndentWidth: 8
 IndentWrappedFunctionNames: false
 JavaScriptQuotes: Leave
@@ -79,14 +79,14 @@ KeepEmptyLinesAtTheStartOfBlocks: false
 MacroBlockBegin: ''
 MacroBlockEnd: ''
 MaxEmptyLinesToKeep: 1
-NamespaceIndentation: Inner
-#ObjCBinPackProtocolList: Auto # Unknown to clang-format-5.0
+NamespaceIndentation: None
+ObjCBinPackProtocolList: Auto
 ObjCBlockIndentWidth: 8
 ObjCSpaceAfterProperty: true
 ObjCSpaceBeforeProtocolList: true
 
 # Taken from git's rules
-#PenaltyBreakAssignment: 10 # Unknown to clang-format-4.0
+PenaltyBreakAssignment: 10
 PenaltyBreakBeforeFirstCallParameter: 30
 PenaltyBreakComment: 10
 PenaltyBreakFirstLessLess: 0
@@ -96,15 +96,15 @@ PenaltyReturnTypeOnItsOwnLine: 60
 
 PointerAlignment: Right
 ReflowComments: false
-SortIncludes: true
-#SortUsingDeclarations: false # Unknown to clang-format-4.0
+SortIncludes: false
+SortUsingDeclarations: false
 SpaceAfterCStyleCast: false
 SpaceAfterTemplateKeyword: true
 SpaceBeforeAssignmentOperators: true
-#SpaceBeforeCtorInitializerColon: true # Unknown to clang-format-5.0
-#SpaceBeforeInheritanceColon: true # Unknown to clang-format-5.0
+SpaceBeforeCtorInitializerColon: true
+SpaceBeforeInheritanceColon: true
 SpaceBeforeParens: ControlStatements
-#SpaceBeforeRangeBasedForLoopColon: true # Unknown to clang-format-5.0
+SpaceBeforeRangeBasedForLoopColon: true
 SpaceInEmptyParentheses: false
 SpacesBeforeTrailingComments: 1
 SpacesInAngles: false

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,13 +1,27 @@
 # Changelog
+
 All notable changes to this project will be documented in this file.
 
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
 ## [Unreleased]
 
+### Fixed
+
+- Fixed static build
+- Fixed Array index out of bounds in detection.c
+
+### Added
+
+- After a successful login checks for a non interactive command execution,
+in order to prevent false positives when the servers requests for an interactive
+login (SonicWall SSH)
+
 ## [0.5.0] - 2020-03-07
+
 ### Added
+
 - Support for custom port (argument: -p <PORT>) both on scan and bruteforce phases.
 - Dry-run (argument: -D)
 - Added the initial basis to support different ports on different targets
@@ -21,51 +35,66 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Ignoring servers that don't support password authentication.
 
 ### Changed
+
 - Separate Cbrutekrag verbosity from SSHLIB verbosity. (arguments: -v and -V respectively).
 - The default maximum number of threads is calculated automatically.
 - Allow servers detected as honeypot (argument flag -A)
 - Improved detection of non-eligible servers.
 
 ### Removed
+
 - Removed port option (-p <port>) in favor of new targets syntax (191.168.0.0/24:2222)
 
 ### Fixed
+
 - Wait until all forks finished her work.
 - Ignore SIGPIPE
 - Fixed false positives in servers which login are interactive.
 
 ## [0.4.0] - 2018-09-02
+
 ### Added
+
 - Multithreaded port scan, discard targets from batch if the port is closed (argument: -s).
 - Honeypot detection (?).
 - Support for target list as arguments. It can be combined with targets file.
 - Targets can be a CIDR IPv4 block.
 
 ### Fixed
+
 - Initialize hostnames wordlist.
 - Aborts bruteforce phase if there is no targets after scan or honeypot detection phases.
 
 ## [0.3.0] - 2018-08-26
+
 ### Added
+
 - Compatibility with libssh-dev < 0.6.0.
 
 ### Changed
+
 - Improved logging.
 - Improved help (-h).
 
 ### Fixed
+
 - Fixed a segmentation fault when it does not had an open output file.
 - Update progress bar at the end to complete 100%.
 
 ## [0.2.1] - 2018-01-02
+
 ### Added
+
 - Support for empty password ($BLANKPASS in dictionary).
 
 ### Changed
+
 - Improved fork model.
 
 ## [0.1.3] - 2017-12-29
+
 ### Added
+
 - Multithread.
 - Progress bar.
 

diff --git a/include/log.h b/include/log.h
@@ -31,16 +31,16 @@ enum { LOG_TRACE,
        LOG_FATAL,
 };
 
-#define log_error(...)                                                         \
-	print_output(LOG_ERROR, __FILE__, __LINE__, "\033[91m", "\033[0m",     \
+#define log_error(...)                                                     \
+	print_output(LOG_ERROR, __FILE__, __LINE__, "\033[91m", "\033[0m", \
 		     stderr, __VA_ARGS__)
-#define log_warn(...)                                                          \
+#define log_warn(...) \
 	print_output(LOG_WARN, __FILE__, __LINE__, "", "", stderr, __VA_ARGS__)
 
-#define log_debug(...)                                                         \
-	print_output(LOG_DEBUG, __FILE__, __LINE__, "\033[37m", "\033[0m",     \
+#define log_debug(...)                                                     \
+	print_output(LOG_DEBUG, __FILE__, __LINE__, "\033[37m", "\033[0m", \
 		     stderr, __VA_ARGS__)
-#define log_info(...)                                                          \
+#define log_info(...) \
 	print_output(LOG_INFO, __FILE__, __LINE__, "", "", stdout, __VA_ARGS__)
 
 void print_output(int level, const char *file, int line, const char *head,

diff --git a/src/bruteforce_ssh.c b/src/bruteforce_ssh.c
@@ -54,7 +54,7 @@ int bruteforce_ssh_login(btkg_context_t *context, const char *hostname,
 	ssh_options_set(my_ssh_session, SSH_OPTIONS_HOST, hostname);
 	ssh_options_set(my_ssh_session, SSH_OPTIONS_LOG_VERBOSITY, &verbosity);
 	ssh_options_set(my_ssh_session, SSH_OPTIONS_PORT, &port);
-#if LIBSSH_VERSION_MAYOR > 0 ||                                                \
+#if LIBSSH_VERSION_MAYOR > 0 || \
 	(LIBSSH_VERSION_MAYOR == 0 && LIBSSH_VERSION_MINOR >= 6)
 	ssh_options_set(my_ssh_session, SSH_OPTIONS_KEY_EXCHANGE, "none");
 	ssh_options_set(my_ssh_session, SSH_OPTIONS_HOSTKEYS, "none");
@@ -101,6 +101,36 @@ int bruteforce_ssh_login(btkg_context_t *context, const char *hostname,
 	if (method & (int)SSH_AUTH_METHOD_PASSWORD) {
 		r = ssh_userauth_password(my_ssh_session, NULL, password);
 		if (r == SSH_AUTH_SUCCESS) {
+			ssh_channel channel = ssh_channel_new(my_ssh_session);
+
+			if (channel == NULL) {
+				log_debug("[!] %s:%d - Cannot create channel.",
+					  hostname, port);
+				ssh_disconnect(my_ssh_session);
+				ssh_free(my_ssh_session);
+				return -1;
+			}
+
+			int ret = ssh_channel_open_session(channel);
+			if (ret < 0) {
+				ssh_channel_close(channel);
+				ssh_disconnect(my_ssh_session);
+				ssh_free(my_ssh_session);
+				return -1;
+			}
+
+			ret = ssh_channel_request_exec(channel,
+						       "cat > /dev/null");
+			if (ret < 0) {
+				log_debug(
+					"[!] %s:%d - Possible interactive login (ie SonicWall).",
+					hostname, port);
+				ssh_channel_close(channel);
+				ssh_disconnect(my_ssh_session);
+				ssh_free(my_ssh_session);
+				return -1;
+			}
+
 			ssh_disconnect(my_ssh_session);
 			ssh_free(my_ssh_session);