"no such process" found when using ssh_harvester

Question

"no such process" found when using ssh_harvester

starfork opened this issue 10 months ago · 2 comments

enviroment: virtualbox [windows host] ( or I can not test like this ?)
cc: kali
agent:deepin / centos7.6

after run command
1、use ssh_harvester
2、run

I got response like
[0] !ssh_harvester
Look for passwods in /usr/share/bash-completion/completions//helpers/ssh-XXXXXX/yyyyyyyy.txt
(not like path "/tmp/xxxx" by demo)

"yyyyyyyy.txt" contents like below

[+] Starting Harvester for SSHD session 9246
2023-11-26 20:03:06.015781486 +0800 CST m=+9132.676855391
Harvester PID is 3125
2023-11-26 20:03:06.015796135 +0800 CST m=+9132.676870033
 SSHD process found in 0x408000 - 0x476000
2023-11-26 20:03:06.015833427 +0800 CST m=+9132.676907323
We (3125) are now tracing sshd session (9246)
 2023-11-26 20:03:06.015849299 +0800 CST m=+9132.676923194
PTRACE_PEEKTEXT Searching memory of 9246: **no such process**    _（ssh_harvester_amd64_linux.go#L114 // fixes "no such process" error）_ 
2023-11-26 20:03:06.043737153 +0800 CST m=+9132.704811047
 [+] Starting Harvester for SSHD session 9247
2023-11-26 20:03:06.043865546 +0800 CST m=+9132.704939451
Harvester PID is 3125
2023-11-26 20:03:06.043880395 +0800 CST m=+9132.704954293
SSHD process found in 0x0 - 0x0
2023-11-26 20:03:06.044074208 +0800 CST m=+9132.705148121
We (3125) are now tracing sshd session (9247)
2023-11-26 20:03:06.04410691 +0800 CST m=+9132.705180816
Code pattern 0x4883c4080fb6c021 not found in memory 0x0 to 0x0
2023-11-26 20:03:07.640019714 +0800 CST m=+9134.301093605
Code pattern 0x4883c4080fb6c021 not found in memory 0x408000 to 0x476000

Answer 1 · 2023-11-26T13:05:33.000Z

Code pattern 0x4883c4080fb6c021 not found means it won't work because the openssh version is incompatible.

Please read the blog post to understand how this thing works. And I will appreciate it if you submit a patch to include whatever code pattern that works with your target openssh version.

Answer 2 · 2023-11-26T15:33:13.000Z

Code pattern 0x4883c4080fb6c021 not found means it won't work because the openssh version is incompatible.

Please read the blog post to understand how this thing works. And I will appreciate it if you submit a patch to include whatever code pattern that works with your target openssh version.

thanks ~~~

answer here :~~~

https://github.com/jm33-m0/SSH-Harvester#ssh-harvester