Failed to retrieve SSH banner

Question

Failed to retrieve SSH banner

Closed this issue 3 months ago · 6 comments

python3 CVE-2024-6387_Check.py 192.168.102.10

⚠️ [!] Server at 192.168.102.10:22 is Failed to retrieve SSH banner: 'utf-8' codec can't decode byte 0x84 in position 21: invalid start byte

🛡️ Servers not vulnerable: 0


🚨 Servers likely vulnerable: 0


🔒 Servers with port 22 closed: 0

📊 Total scanned targets: 1

nc 192.168.102.10 22 -w 1

SSH-2.0-dropbear
��@�/�����:�
            ���curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,kexguess2@matt.ucc.asn.au ssh-ed25519,rsa-sha2-256,ssh-rsa3chacha20-poly1305@openssh.com,aes128-ctr,aes256-ctr3chacha20-poly1305@openssh.com,aes128-ctr,aes256-ctrhmac-sha1,hmac-sha2-256hmac-sha1,hmac-sha2-256nonenone!a

Answer 1 · 2024-07-02T18:40:26.000Z

Thanks. Can you please check again?

Answer 2 · 2024-07-02T20:23:46.000Z

mmmh

python3 CVE-2024-6387_Check.py 192.168.102.10
  File "/home/tobias/git/CVE-2024-6387_Check/CVE-2024-6387_Check.py", line 187
    print(f"\rProgress: {
          ^
SyntaxError: unterminated string literal (detected at line 187)

#22

Answer 3 · 2024-07-02T20:27:04.000Z

if #22 is merged it seems to be better:

                                      _________ _________ ___ ___ .__
_______   ____   ___________   ____  /   _____//   _____//   |   \|__| ____   ____
\_  __ \_/ __ \ / ___\_  __ \_/ __ \ \_____  \ \_____  \/    ~    \  |/  _ \ /    \
 |  | \/\  ___// /_/  >  | \/\  ___/ /        \/        \    Y    /  (  <_> )   |  \
 |__|    \___  >___  /|__|    \___  >_______  /_______  /\___|_  /|__|\____/|___|  /
             \/_____/             \/        \/        \/       \/                \/
    CVE-2024-6387 Vulnerability Checker
    v0.5 / Alex Hagenah / @xaitax / ah@primepage.de


Progress: 1/1 hosts scanned

🛡️ Servers not vulnerable: 0


🚨 Servers likely vulnerable: 0


⚠️ Servers with unknown SSH version: 1

   [+] Server at 192.168.102.10 (banner: SSH-2.0-dropbear
Ff^&(Gfcurve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,kexguess2@matt.ucc.asn.au ssh-ed25519,rsa-sha2-256,ssh-rsa3chacha20-poly1305@openssh.com,aes128-ctr,aes256-ctr3chacha20-poly1305@openssh.com,aes128-ctr,aes256-ctrhmac-sha1,hmac-sha2-256hmac-sha1,hmac-sha2-256nonenoneW_)

🔒 Servers with port 22 closed: 0

📊 Total scanned targets: 1

Answer 4 · 2024-07-03T15:36:06.000Z

@T0biii is this safe to close out now?

Answer 5 · 2024-07-03T15:55:16.000Z

the error is gone, but i am not sure if SSH-2.0-dropbear vulnerable or not

Answer 6 · 2024-07-03T22:04:55.000Z

the error is gone, but i am not sure if SSH-2.0-dropbear vulnerable or not

From their documentation at https://matt.ucc.asn.au/dropbear/dropbear.html:

Dropbear is a relatively small SSH server and client. It runs on a variety of unix platforms. Dropbear is open source software, distributed under a MIT-style license. Dropbear is particularly useful for "embedded"-type Linux (or other Unix) systems, such as wireless routers.

Since this not OpenSSH, I believe this should not be affected by this specific CVE.