(reposted without smime) Here is a corrected version of your script. Could you explain what you tried to do ? blackshellat_private wrote: >-----BEGIN PGP SIGNED MESSAGE----- > > >this tool is for the purpose of professional security people testing their own private/corporate networks. under no circumstances is the blackshell team repsonsible for any misuse of this. > >#!/usr/bin/perl -w > >#--blackshell tool1--# >#--blackshell-sshd.pl--# > ># this is a mass scanner for remote security testing ># of networks for the ssh crc32(deattack) bug. ># this is being exploited in the wild at the present time ># and it leads to complete remote compromisation ># of a vulnerable server > ># vulnerable OS'es include aix, irix, linux, solaris, hpux, unicos(yes) > ># a few thanks: dave dittrich, bindview, team-teso, #!blackshell contributors > >use Thread; >use Strict; >use Socket; >use Getopt::Std; >use Config; > >my $banner = qq( >Mass SSHD Vulnerability Scanner >by BlackShell >blackshellat_private >); > >$exploit_information = qq( > >Advisories: > >http://www.securityfocus.com/advisories/3088 >http://xforce.iss.net/alerts/advise100.php >http://razor.bindview.com/publish/advisories/adv_ssh1crc.html >http://www.securityfocus.com/bugid=2347 >http://www.ssh.com/products/ssh/advisories/ssh1_crc-32.cfm >http://openssh.org/security.html >http://www.cisco.com/warp/public/707/SSH-multiple-pub.html > > >Information: > >http://www.securityfocus.com/cgi-bin/archive.pl?id=75&start=2001-10-27&end=2001-11-02&mid=221998&threads=1 >http://staff.washington.edu/dittrich/misc/ssh-analysis.txt >http://www.newsbytes.com/news/01/171291.html >http://www.cert.org/incident_notes/IN-2001-12.html > > >Incidents: > >http://archives.neohapsis.com/archives/incidents/2001-12/0009.html >http://archives.neohapsis.com/archives/incidents/2001-12/0047.html >http://archives.neohapsis.com/archives/incidents/2001-12/0102.html >http://archives.neohapsis.com/archives/incidents/2001-12/0103.html >http://archives.neohapsis.com/archives/incidents/2001-12/0189.html >http://archives.neohapsis.com/archives/incidents/2001-12/0225.html >http://archives.neohapsis.com/archives/incidents/2001-12/0240.html > >); > > ># borrowed from dave's code(thanks :>) > >my @affected = ( >'SSH-1.5-1.2.24', >'SSH-1.5-1.2.25', >'SSH-1.5-1.2.26', >'SSH-1.5-1.2.27', >'SSH-1.5-1.2.28', >'SSH-1.5-1.2.29', >'SSH-1.5-1.2.30', >'SSH-1.5-1.2.31', >'SSH-1.5-OpenSSH-1.2', >'SSH-1.5-OpenSSH-1.2.1', >'SSH-1.5-OpenSSH-1.2.2', >'SSH-1.5-OpenSSH-1.2.3', >'SSH-1.99-OpenSSH-2.1', >'SSH-1.99-OpenSSH_2.1.1', >'SSH-1.99-OpenSSH_2.2.0', >'SSH-1.99-OpenSSH_2.2.0p1', >); > > > > >if(! $Config{'usethreads'}) >{ > print "\nNo Threading Supported"; > exit 1; >} > >getopts("d:t:l:i:",%args); > >my $debug; > > > if($args{i}) > { > my $infile = $args{i} || sshd.in; > print "\nUsing infile: $infile"; > } > elsif($args{d}) > { > $debug = 1; > print "\nUsing Debuging!"; > } > elsif($args{t}) > { > my $timeout = $args{t} || 5; > print "\nUsing Timeout: $args{t}!"; > } > elsif($args{l}) > { > my $logfile = $args{l}; > print "\nUsing logfile: $logfile"; > } > > open(FILE,"<$infile") || die "\nCant read from $logfile"; > > while(<>) > { > chomp($host = $_); > print "\nScanning $host..."; > > my $thread = Thread->new(\&check_scan,$host); > print "\nScanning $host..."; > my @return = $thread->join; > } > if($debug) > { > my $check; > foreach $check (@return) > { > print "\nDebugging running...."; > print "\n$debug info...:"; > print "\n$check"; > } > > }else{ > > print "\n\n$banner\n"; > print "\n\nOptions: "; > print "\n./$0 -i <INFILE> -l <LOGFILE> -d -t 15"; > print "\n > print "\ndefaults: "; > print "\ntimeout: 5"; > print "\nhost list: sshd.in"; > print "\nlogfile: sshd.log"; > print "\ndebug: no"; > } > > } > } > >sub check_scan ($) >{ > > eval { > > my $host = shift; > my $iaddr = inet_aton($host); > my $port = "22"; > > my $paddr = sockaddr_in($port, $host); > my $proto = getprotobyname('tcp'); > socket(SOCK,AF_INET,SOCK_STREAM,$proto) || die "\nCant make Socket: $!"; > alarm($args{t}); > if(connect(SOCK,$paddr)) > { > print "\nSSHD is open on $host"; > print "\n${host}'s response..."; > } > while(<SOCK>) > { > chomp; > print; > $response = $_; > &log($host, $response); > print "\analyzing ${host}'s response..."; > &analyze($host, $response); > } > > } > > close(SOCK); > } > > > >sub log ($$) >{ > > open(LOG,">$logfile") || die "\nCant open $logfile for writing"; > > select(LOG); > print "\n$banner\n"; > print "\n$exploit_information" > close(LOG); > > $host = shift; > $rez = shift; > > open(LOG,">>$logfile") || die "\nCant open $logfile"; > flock(LOG,2) || die "\nCant file lock"; > select(LOG); > > print "\nResults:"; > print "\n${host}: $rez"; > print "\n\nFinished...\n"; > > close(LOG); > >} > > > >sun analyze ($$) >{ > > $host = shift; > $result = shift; > > foreach $checkz (@affected)) > { > if($result = $checkz) > { > print "\n$host is running a vulnerable version of SSHD"; > print "\nversion is: $result"; > } > } >} >-----BEGIN PGP SIGNATURE----- >Version: Hush 2.1 >Note: This signature can be verified at https://www.hushtools.com > >wl8EARECAB8FAjwxR+IYHGJsYWNrc2hlbGxAaHVzaG1haWwuY29tAAoJED2VGGGCU8ut >G+kAoIRsS/BUmFjmlsdgNHSKWW2elojfAJ9ItUcz9Ao1dpbbkzuf184f1RJnNg== >=Z/EV >-----END PGP SIGNATURE----- > > >---------------------------------------------------------------------------- >This list is provided by the SecurityFocus ARIS analyzer service. >For more information on this free incident handling, management >and tracking system please see: http://aris.securityfocus.com > -- -o) Remi Cohen-Scali /\\ <Remi@Cohen-Scali.com> <rcoscaliat_private> _\_v ---- #!/usr/bin/perl -w #--blackshell tool1--# #--blackshell-sshd.pl--# # this is a mass scanner for remote security testing # of networks for the ssh crc32(deattack) bug. # this is being exploited in the wild at the present time # and it leads to complete remote compromisation # of a vulnerable server # vulnerable OS'es include aix, irix, linux, solaris, hpux, unicos(yes) # a few thanks: dave dittrich, bindview, team-teso, #!blackshell contributors use Thread; #use strict; use Socket; use Getopt::Std; use Config; my $banner = qq( Mass SSHD Vulnerability Scanner by BlackShell blackshell\@hushmail.com ); my $exploit_information = qq( Advisories: http://www.securityfocus.com/advisories/3088 http://xforce.iss.net/alerts/advise100.php http://razor.bindview.com/publish/advisories/adv_ssh1crc.html http://www.securityfocus.com/bugid=2347 http://www.ssh.com/products/ssh/advisories/ssh1_crc-32.cfm http://openssh.org/security.html http://www.cisco.com/warp/public/707/SSH-multiple-pub.html Information: http://www.securityfocus.com/cgi-bin/archive.pl?id=75&start=2001-10-27&end=2001-11-02&mid=221998&threads=1 http://staff.washington.edu/dittrich/misc/ssh-analysis.txt http://www.newsbytes.com/news/01/171291.html http://www.cert.org/incident_notes/IN-2001-12.html Incidents: http://archives.neohapsis.com/archives/incidents/2001-12/0009.html http://archives.neohapsis.com/archives/incidents/2001-12/0047.html http://archives.neohapsis.com/archives/incidents/2001-12/0102.html http://archives.neohapsis.com/archives/incidents/2001-12/0103.html http://archives.neohapsis.com/archives/incidents/2001-12/0189.html http://archives.neohapsis.com/archives/incidents/2001-12/0225.html http://archives.neohapsis.com/archives/incidents/2001-12/0240.html ); # borrowed from dave's code(thanks :>) my @affected = ( 'SSH-1.5-1.2.24', 'SSH-1.5-1.2.25', 'SSH-1.5-1.2.26', 'SSH-1.5-1.2.27', 'SSH-1.5-1.2.28', 'SSH-1.5-1.2.29', 'SSH-1.5-1.2.30', 'SSH-1.5-1.2.31', 'SSH-1.5-OpenSSH-1.2', 'SSH-1.5-OpenSSH-1.2.1', 'SSH-1.5-OpenSSH-1.2.2', 'SSH-1.5-OpenSSH-1.2.3', 'SSH-1.99-OpenSSH-2.1', 'SSH-1.99-OpenSSH_2.1.1', 'SSH-1.99-OpenSSH_2.2.0', 'SSH-1.99-OpenSSH_2.2.0p1', ); if(! $Config{'usethreads'}) { print "\nNo Threading Supported"; exit 1; } getopts("d:t:l:i:",%args); my $debug; my $infile; if($args{i}) { $infile = $args{i} || "sshd.in"; print "\nUsing infile: $infile"; } if($args{d}) { $debug = 1; print "\nUsing Debuging!"; } if($args{t}) { my $timeout = $args{t} || 5; print "\nUsing Timeout: $args{t}!"; } if($args{l}) { my $logfile = $args{l}; print "\nUsing logfile: $logfile"; } open(FILE,"<$infile") || die "\nCant read from $logfile"; my @return; while(<FILE>) { chomp($host = $_); print "\nScanning $host..."; my $thread = Thread->new(\&check_scan,$host); print "\nScanning $host..."; @return = $thread->join; } if($debug) { my $check; foreach $check (@return) { print "\nDebugging running...."; print "\n$debug info...:"; print "\n$check"; } } else { print "\n\n$banner\n"; print "\n\nOptions: "; print "\n./$0 -i <INFILE> -l <LOGFILE> -d -t 15"; print "\n"; print "\ndefaults: "; print "\ntimeout: 5"; print "\nhost list: sshd.in"; print "\nlogfile: sshd.log"; print "\ndebug: no"; } sub check_scan($) { eval { my $host = shift; my $iaddr = inet_aton($host); my $port = "22"; my $paddr = sockaddr_in($port, $host); my $proto = getprotobyname('tcp'); socket(SOCK,AF_INET,SOCK_STREAM,$proto) || die "\nCant make Socket: $!"; alarm($args{t}); if(connect(SOCK,$paddr)) { print "\nSSHD is open on $host"; print "\n${host}'s response..."; } while(<SOCK>) { chomp; print; $response = $_; &log($host, $response); print "analyzing ${host}'s response..."; &analyze($host, $response); } }; close(SOCK); } sub log ($$) { open(LOG,">$logfile") || die "\nCan't open $logfile for writing"; select(LOG); print "\n$banner\n"; print "\n$exploit_information"; close(LOG); $host = shift; $rez = shift; open(LOG,">>$logfile") || die "\nCant open $logfile"; flock(LOG,2) || die "\nCant file lock"; select(LOG); print "\nResults:"; print "\n${host}: $rez"; print "\n\nFinished...\n"; close(LOG); } sub analyze($$) { $host = shift; $result = shift; foreach $checkz (@affected) { if($result = $checkz) { print "\n$host is running a vulnerable version of SSHD"; print "\nversion is: $result"; } } }
This archive was generated by hypermail 2b30 : Wed Jan 02 2002 - 10:12:33 PST