Failed to retrieve SSH banner
Closed this issue · 6 comments
python3 CVE-2024-6387_Check.py 192.168.102.10
⚠️ [!] Server at 192.168.102.10:22 is Failed to retrieve SSH banner: 'utf-8' codec can't decode byte 0x84 in position 21: invalid start byte
🛡️ Servers not vulnerable: 0
🚨 Servers likely vulnerable: 0
🔒 Servers with port 22 closed: 0
📊 Total scanned targets: 1
nc 192.168.102.10 22 -w 1
SSH-2.0-dropbear
��@�/�����:�
���curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,kexguess2@matt.ucc.asn.au ssh-ed25519,rsa-sha2-256,ssh-rsa3chacha20-poly1305@openssh.com,aes128-ctr,aes256-ctr3chacha20-poly1305@openssh.com,aes128-ctr,aes256-ctrhmac-sha1,hmac-sha2-256hmac-sha1,hmac-sha2-256nonenone!a
Thanks. Can you please check again?
mmmh
python3 CVE-2024-6387_Check.py 192.168.102.10
File "/home/tobias/git/CVE-2024-6387_Check/CVE-2024-6387_Check.py", line 187
print(f"\rProgress: {
^
SyntaxError: unterminated string literal (detected at line 187)
if #22 is merged it seems to be better:
_________ _________ ___ ___ .__
_______ ____ ___________ ____ / _____// _____// | \|__| ____ ____
\_ __ \_/ __ \ / ___\_ __ \_/ __ \ \_____ \ \_____ \/ ~ \ |/ _ \ / \
| | \/\ ___// /_/ > | \/\ ___/ / \/ \ Y / ( <_> ) | \
|__| \___ >___ /|__| \___ >_______ /_______ /\___|_ /|__|\____/|___| /
\/_____/ \/ \/ \/ \/ \/
CVE-2024-6387 Vulnerability Checker
v0.5 / Alex Hagenah / @xaitax / ah@primepage.de
Progress: 1/1 hosts scanned
🛡️ Servers not vulnerable: 0
🚨 Servers likely vulnerable: 0
⚠️ Servers with unknown SSH version: 1
[+] Server at 192.168.102.10 (banner: SSH-2.0-dropbear
Ff^&(Gfcurve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,kexguess2@matt.ucc.asn.au ssh-ed25519,rsa-sha2-256,ssh-rsa3chacha20-poly1305@openssh.com,aes128-ctr,aes256-ctr3chacha20-poly1305@openssh.com,aes128-ctr,aes256-ctrhmac-sha1,hmac-sha2-256hmac-sha1,hmac-sha2-256nonenoneW_)
🔒 Servers with port 22 closed: 0
📊 Total scanned targets: 1
@T0biii is this safe to close out now?
the error is gone, but i am not sure if SSH-2.0-dropbear
vulnerable or not
the error is gone, but i am not sure if
SSH-2.0-dropbear
vulnerable or not
From their documentation at https://matt.ucc.asn.au/dropbear/dropbear.html:
Dropbear is a relatively small SSH server and client. It runs on a variety of unix platforms. Dropbear is open source software, distributed under a MIT-style license. Dropbear is particularly useful for "embedded"-type Linux (or other Unix) systems, such as wireless routers.
Since this not OpenSSH, I believe this should not be affected by this specific CVE.