Comments (3)
Unfortunately i could reproduce the problem. Currently Medusa does not have a host timeout or timeout option in general. If you have a bad host (e.g. https://en.wikipedia.org/wiki/Tarpit_(networking) or unresponsive service), which keeps the TCP connection alive and never closes it and don't return any banner, medusa will wait for it.
Possible Reason
However this should most likely be an error in the libssh2 library. After reading through the code of medusa i stumbled upon the following line. if (libssh2_session_startup(session, hSocket))
and to a note of the author:
Some notes regarding libssh2... Using the stock libssh2 library, it is likely
that the user will encounter hung module threads when running Medusa. This problem is
due to libssh2's libssh2_session_startup() not always returning. The cause of this hang
within libssh2, I believe, stems from the SSH servers being tested getting pissed and not
sending back a banner.
So there you have it - it's official documented since 2015 , but i'm unsure if this is really the problem or it's 00:21 and i don't see clear :D
Since the problem is already in medusa brutespray is not able to help here*.
Implementation ideas:
- C lang: Help implement such a feature in Medusa (https://github.com/jmk-foofus/medusa) e.g. timeout ( or a fix in lib ssh2 ? if this is the origin of the problem ?)
- Python: try to reduce the amount of hosts of a medusa run to a minimum and scale the processes - afterwards kill the process after a specific period. This can be achieved using signals (https://docs.python.org/3/library/signal.html#signal.SIGALRM) so a function can be killed after a specific timeout. Patator also uses this (
https://github.com/lanjelot/patator/blob/master/patator.py#L2114) - your lang of choice: Code your own
Alternative solutions:
In my option: use the right tool for the right job. That means that you need to search for an alternative for SSH or clean your host list from those services.
Side note:
Same can be applied to MYSQL. Newer version cannot be identified or tested with medusa (https://github.com/jmk-foofus/medusa/blob/292193b3995444aede53ff873899640b08129fc7/src/modsrc/mysql.c#L814).
I guess the problem of implementing everything in c should be a problem of the past with all these great open source libraries available, which abstract a vast amount of logic.
Reproduce
Medusa: v.2.2
libssh2-1: 1.8.0-2.1build1
Simply reproduce by specifying an open NC connection:
user@localhost: nc -l -p 1337
user@localhost: time medusa -u test -p test -M ssh -h 127.0.0.1 -n 1337 -v1000000 -w10000
i killed the connection after one hour.
Debug output of medusa
Medusa v2.2 [http://www.foofus.net] (C) JoMo-Kun / Foofus Networks <[email protected]>
DEBUG [E5FA0D80]: Successfully loaded login information.
GENERAL: Parallel Hosts: 1 Parallel Logins: 1
GENERAL: Total Hosts: 1
GENERAL: Total Users: 1
GENERAL: Total Passwords: 1
DEBUG AUDIT [E5FA0D80]: adding new server (0) to queue
DEBUG AUDIT [E5FA0D80]: waiting for server pool to end
DEBUG SERVER [E5F9F700]: Server ID: 0 Host: 127.0.0.1 iUserPassCnt: 1 iLoginCnt: 1
DEBUG SERVER [E5F9F700]: Set IPv4 address: 127.0.0.1 (127.0.0.1)
DEBUG SERVER [E5F9F700]: Adding new login task (0) to server queue (0)
DEBUG SERVER [E5F9F700]: waiting for server 0 login pool to end
DEBUG [E579E700]: startModule iId: 0 pLogin: E5F9EAB0 modParams->argv: D2460ED0 modParams: E5F9EA90
DEBUG [E579E700]: Trying module path of .
DEBUG [E579E700]: Attempting to load ./ssh.mod
DEBUG [E579E700]: Trying module path of /usr/lib/x86_64-linux-gnu/medusa/modules
DEBUG [E579E700]: Attempting to load /usr/lib/x86_64-linux-gnu/medusa/modules/ssh.mod
DEBUG MODULE [E579E700]: OMG teh ssh.mod module has been called!!
DEBUG [E579E700]: [getNextNormalCred] Initial credential set request for login module.
DEBUG [E579E700]: [getNextNormalCred] (PARALLEL_LOGINS_PASSWORD) setting user: test
DEBUG MODULE [E579E700]: [ssh.mod] module started for host: 127.0.0.1 user: test
DEBUG MODULE [E579E700]: Attempting to set banner: SSH-2.0-MEDUSA_1.0
DEBUG MODULE [E579E700]: Attempting to initiate SSH session.
DEBUG [E579E700]: Connected (internal)
from brutespray.
This should be a simple to fix by pushing a patch to Medusa. https://github.com/jmk-foofus/medusa.. I will look into it.
from brutespray.
thank you @x90skysn3k
from brutespray.
Related Issues (20)
- RDP HOT 1
- brutespray erroring out HOT 3
- brutespray not parsing properly HOT 7
- Python 3 - NameError: name 'args' is not defined HOT 2
- ERROR: Failed to match regex pattern within server's response. HOT 2
- error in selecting services HOT 2
- Adding debug & verbose mode HOT 2
- Error File Format HOT 3
- Feature Request - Parsing vuln scanner output HOT 3
- Show port number with successful brute force HOT 2
- nessus scan not working HOT 3
- "Error loading file, please check your filename."
- requirements.txt empty
- Format failed!
- rdp HOT 6
- Parallelism is not present anymore HOT 5
- Debian packaging broken HOT 2
- Nmap output f*cks up.. HOT 5
- support for cred list and custom interface HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from brutespray.