Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Linux local commands over ssh through nse

From: devin bjelland <devinbjelland () gmail com>
Date: Mon, 16 Feb 2015 12:41:53 -0600
To summarize the status of the the ssh scripts, the branch is located at
/nmap-exp/devin/nmap-libssh2 and works on *nix systems. We decided to use
libssh2 since ssh2 is a rather complicated protocol. One problem was that
libssh2 wants to manage the socket itself and we wanted to reuse the
existing nsock socket pool.

Our solution was to filter the data through a socketpair and then pass the
data to nsock. I found an implementation of socketpair for windows and the
plan is to use that to allow windows support. I have been busy with school
so I haven't gotten around to finishing this. Another problem was that
calls to the nsock receive would sometimes return EOF. We think this is
related to filtering the data through the socketpair but neither my mentor
Patrick nor I have been able to get to the bottom of this yet. In the mean
time the scripts are useable though the brute force script has poor
performance compared to alternatives. See the email d33tah linked to for
usage instructions.

Cheers,
Devin

On Mon, Feb 16, 2015 at 7:41 AM, Jacek Wielemborek <d33tah () gmail com> wrote:


W dniu 16.02.2015 o 13:33, Pro Gupta pisze:

Dear Developers,
Currently, when going through nmap's Script Ideas list I came across a
topic of running linux commands over ssh connection using nse and
libssh . I really like the idea and would really like to work on it.
Please share some information if already some work is going on.



Hello,

Generally, I would suggest to flick through the mailing list archives
since GSoC 2014. Here's one thread I remember:

http://seclists.org/nmap-dev/2014/q3/500

Also, it might be a good idea to contact Devin Bjelland (CCed). Keep in
mind that according to Fyodor, "The SSH integration is not yet portable
or efficient enough to integrate, but it does work on Linux and you can
learn more about it at http://seclists.org/nmap-dev/2014/q3/319.";

Cheers,
d33tah



_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: