fix bug to detect ssh password auth on older servers

praetorian-inc · Jan 24, 2023 · 248f8fd · 248f8fd
1 parent 962694b
commit 248f8fd
Showing 1 changed file with 20 additions and 0 deletions.
diff --git a/pkg/plugins/services/ssh/ssh.go b/pkg/plugins/services/ssh/ssh.go
@@ -231,6 +231,26 @@ func (p *SSHPlugin) Run(conn net.Conn, timeout time.Duration, target plugins.Tar
 	conf.Auth = append(conf.Auth, ssh.Password("admin"))
 	conf.User = "admin"
 	conf.HostKeyCallback = ssh.InsecureIgnoreHostKey()
+	// use all the ciphers supported by the go crypto ssh library
+	conf.KeyExchanges = append(conf.KeyExchanges,
+		"diffie-hellman-group-exchange-sha256",
+		"diffie-hellman-group-exchange-sha1",
+		"diffie-hellman-group1-sha1",
+		"diffie-hellman-group14-sha1",
+		"diffie-hellman-group14-sha256",
+		"ecdh-sha2-nistp256",
+		"ecdh-sha2-nistp384",
+		"ecdh-sha2-nistp521",
+		"[email protected]",
+		"curve25519-sha256",
+	)
+	conf.Ciphers = append(conf.Ciphers,
+		"aes128-ctr", "aes192-ctr", "aes256-ctr", "[email protected]",
+		"[email protected]",
+		"arcfour256", "arcfour128", "arcfour",
+		"aes128-cbc",
+		"3des-cbc",
+	)
 
 	authClient, err := ssh.Dial("tcp", target.Address.String(), &conf)