The details are not relevant for our consideration, so I skip them here. This process parses the HTTP request and sends the respective HTTP response. Within the process function a new process is forked to handle the connection. The main function of the program is listening for new connections in an infinite loop and calls the function process for every new connection: The following pictures shows an excerpt of the decompile window of ghidra.
#Openssh 7.6p1 exploit code#
By giving the used variables meaningful names and adding comments to the decompiled code it is a good way to document acquired insights. In order to get a quick overview what the binary is doing, I usually use ghidra. The directory contains a file called httpserver, which probably is the web server itself. When static resources like the root-page are accessed the server does not provide a Server header, which may reveal what kind of web server is in echo -ne 'GET.
There is some javascript code for clientside validation of the input fields, but this does not lead to anything useful. Since we cannot do much with SSH for now, let’s have a closer look at the web server running on port 9999. We should also check for UDP services, though there are none running here.
#Openssh 7.6p1 exploit full#
Based on the output it is obviously a web server running on this port.ĭo not forget to also run a full port scan e.g. Port 9999 is also open, though nmap cannot determine the service/version. Nmap done: 1 IP address (1 host up) scanned in 142.66 secondsĪccordingly there is an OpenSSH server running on port 22.
Service Info: OS: Linux CPE: cpe:/o:linux:linux_kernel If you know the service/version, please submit the following fingerprint at : 22/tcp open ssh OpenSSH 7.6p1 Ubuntu 4ubuntu0.3 (Ubuntu Linux protocol 2.0)
0 kommentar(er)
