ncrack segmentation fault( tested on ssh) (only on multi target mode(-iL)) about ncrack HOT 18 OPEN

Could you please provide the version of the SSH server (and ideally configuration) you are targeting so I can replicate the crash?

from ncrack.

no one helpping???

from ncrack.

i scanned the ip range of a datacenter for port 22 and it's not a single server and there could be different version ( but most o f them should be ssh2-linux(ubuntu or fedroa or centos)

from ncrack.

do you mean that this crash relates to the sshserver that i'm trageting and the problem it's not from the program itself or my kernel or ..

from ncrack.

The particular SSH server you are targeting might be sending back a reply packet that Ncrack currently doesn't know how to handle (although it should because the code is based on the OpenSSH client which supports all SSH servers out there). Nevertheless, knowing the exact SSH server version will help me replicate the crash and see what's going under the hood there.

from ncrack.

ok.
i uploaded two core files hope it will help you
http://64.90.63.37/ncrack_core/core
http://64.90.63.37/ncrack_core/core2

also this is the output for
root@ds9989:/home/ncrack# ncrack -iL nl_adh22.txt --user admin,root --pass Pa$$W0rd,Admin@2017,WildCat.1234 -p ssh

"
ssh://88.208.36.210:22 Pool: Removed root Pa24865W0rd
ssh://88.208.36.210:22 Pool: Removed root Pa24865W0rd
ssh://88.208.36.210:22 (EID 3369) Attempts: total 7 completed 7 supported 3 --- rate 356.43
ssh://88.208.35.139:22 (EID 4521) Initiating new Connection
ssh://88.208.39.178:22 (EID 3239) Login failed: 'root' 'Admin@2017'
ssh://88.208.39.178:22 last: 0.00 current 0.00 parallelism 10
ssh://88.208.39.178:22 Increasing connection limit to: 13
ssh://88.208.39.178:22 (EID 3239) Attempts: total 5 completed 5 supported 3 --- rate 356.29
ssh://88.208.17.113:22 (EID 4522) Initiating new Connection
ssh://88.208.32.233:22 (EID 3265) Login failed: 'root' 'Admin@2017'
ssh://88.208.32.233:22 last: 0.00 current 0.00 parallelism 10
ssh://88.208.32.233:22 Increasing connection limit to: 13
ssh://88.208.32.233:22 (EID 3265) Login failed: 'admin' 'WildCat.1234'
ssh://88.208.32.233:22 Pool: Append 'admin' 'WildCat.1234'
ssh://88.208.32.233:22 (EID 3265) closed on us in the middle of authentication!
ssh://88.208.32.233:22 (EID 3265) Connection closed by peer
ssh://88.208.32.233:22 (EID 3265) Dropping connection limit due to connection error to: 8
ssh://88.208.32.233:22 (EID 3265) Attempts: total 7 completed 6 supported 3 --- rate 356.68
ssh://88.208.3.73:22 pushed to list PAIRFINI
ssh://88.208.7.8:22 Pool: extract 'root' 'Pa24865W0rd'
ssh://88.208.7.8:22 (EID 4523) Initiating new Connection
ssh://88.208.39.178:22 (EID 3238) Login failed: 'root' 'Pa24865W0rd'
ssh://88.208.39.178:22 Pool: Removed root Pa24865W0rd
ssh://88.208.39.178:22 (EID 3238) Attempts: total 6 completed 6 supported 3 --- rate 356.86
ssh://88.208.3.80:22 pushed to list PAIRFINI
ssh://88.208.17.52:22 pushed to list PAIRFINI
ssh://88.208.17.61:22 pushed to list PAIRFINI
ssh://88.208.39.86:22 pushed to list PAIRFINI
ssh://88.208.16.175:22 pushed to list PAIRFINI
ssh://88.208.3.78:22 Pool: extract 'admin' 'WildCat.1234'
ssh://88.208.3.78:22 (EID 4524) Initiating new Connection
ssh://88.208.36.227:22 (EID 3324) Login failed: 'root' 'Pa24865W0rd'
ssh://88.208.36.227:22 Pool: Removed root Pa24865W0rd
ssh://88.208.36.227:22 (EID 3324) Attempts: total 8 completed 8 supported 3 --- rate 357.04
ssh://88.208.36.227:22 pushed to list FINISHED
ssh://88.208.39.173:22 (EID 3253) Login failed: 'root' 'WildCat.1234'
ssh://88.208.39.173:22 (EID 3253) Attempts: total 6 completed 6 supported 3 --- rate 357.23
ssh://88.208.39.173:22 (EID 3251) Login failed: 'root' 'Admin@2017'
ssh://88.208.39.173:22 (EID 3251) Attempts: total 7 completed 7 supported 3 --- rate 357.43
ssh://88.208.60.7:22 (EID 3226) Login failed: 'root' 'Pa24865W0rd'
ssh://88.208.60.7:22 last: 0.00 current 0.00 parallelism 10
ssh://88.208.60.7:22 Increasing connection limit to: 13
ssh://88.208.60.7:22 Pool: Removed root Pa24865W0rd
ssh://88.208.60.7:22 (EID 3226) Attempts: total 5 completed 5 supported 3 --- rate 357.62
ssh://88.208.39.178:22 (EID 3241) Login failed: 'root' 'WildCat.1234'"

also "dmesg: output

"ncrack[32449]: segfault at ffffffffffffffc0 ip 000001ef58a1ea54 sp 000003ef5dcf79c8 error 5 in libc-2.19.so[1ef58996000+1be000]
grsec: From 2.191.245.143: Segmentation fault occurred at ffffffffffffffc0 in /usr/local/bin/ncrack[ncrack:32449] uid/euid:0/0 gid/egid:0/0, parent /bin/bash[bash:24865] uid/euid:0/0 gid/egid:0/0
ncrack[32470]: segfault at ffffffffffffffc0 ip 000001c8cc9e8a54 sp 0000038e790497b8 error 5 in libc-2.19.so[1c8cc960000+1be000]
grsec: From 2.191.245.143: Segmentation fault occurred at ffffffffffffffc0 in /usr/local/bin/ncrack[ncrack:32470] uid/euid:0/0 gid/egid:0/0, parent /bin/bash[bash:24865] uid/euid:0/0 gid/egid:0/0
ncrack[1224]: segfault at 31 ip 000001f4eaec69ea sp 000003ae58a6f2b8 error 4 in libc-2.19.so[1f4eae3e000+1be000]
grsec: From 2.191.245.143: Segmentation fault occurred at 0000000000000031 in /usr/local/bin/ncrack[ncrack:1224] uid/euid:0/0 gid/egid:0/0, parent /bin/bash[bash:24865] uid/euid:0/0 gid/egid:0/0
ncrack[1552]: segfault at 205 ip 0000029ef4b52943 sp 000003d7e2599380 error 4 in libc-2.19.so[29ef4b07000+1be000]
grsec: From 2.191.245.143: ncrack[32449]: segfault at ffffffffffffffc0 ip 000001ef58a1ea54 sp 000003ef5dcf79c8 error 5 in libc-2.19.so[1ef58996000+1be000]
grsec: From 2.191.245.143: Segmentation fault occurred at ffffffffffffffc0 in /usr/local/bin/ncrack[ncrack:32449] uid/euid:0/0 gid/egid:0/0, parent /bin/bash[bash:24865] uid/euid:0/0 gid/egid:0/0
ncrack[32470]: segfault at ffffffffffffffc0 ip 000001c8cc9e8a54 sp 0000038e790497b8 error 5 in libc-2.19.so[1c8cc960000+1be000]
grsec: From 2.191.245.143: Segmentation fault occurred at ffffffffffffffc0 in /usr/local/bin/ncrack[ncrack:32470] uid/euid:0/0 gid/egid:0/0, parent /bin/bash[bash:24865] uid/euid:0/0 gid/egid:0/0
ncrack[1224]: segfault at 31 ip 000001f4eaec69ea sp 000003ae58a6f2b8 error 4 in libc-2.19.so[1f4eae3e000+1be000]
grsec: From 2.191.245.143: Segmentation fault occurred at 0000000000000031 in /usr/local/bin/ncrack[ncrack:1224] uid/euid:0/0 gid/egid:0/0, parent /bin/bash[bash:24865] uid/euid:0/0 gid/egid:0/0
ncrack[1552]: segfault at 205 ip 0000029ef4b52943 sp 000003d7e2599380 error 4 in libc-2.19.so[29ef4b07000+1be000]
grsec: From 2.191.245.143: Segmentation fault occurred at 0000000000000205 in /usr/local/bin/ncrack[ncrack:1552] uid/euid:0/0 gid/egid:0/0, parent /bin/bash[bash:24865] uid/euid:0/0 gid/egid:0/0 occurred at 0000000000000205 in /usr/local/bin/ncrack[ncrack:1552] uid/euid:0/0 gid/egid:0/0, parent /bin/bash[bash:24865] uid/euid:0/0 gid/egid:0/0"

it've tried sevral time and rarly it whas not recived Segmentation fault ( les than 3 time in 500 time) (with diifren ips)

i've also tried in diffrent machines (all with the same image and kernel(because the datacenter that my didcated server is from provides only that image (also tried to change the kernel and update it but was not seccussfull these machine even don't have any bootloader installed and did everything i could to change the campaney's modified kernel but couldn't (i think maybe the problem is from this kernel)
thanks for reading and helping

from ncrack.

http://64.90.63.37/ncrack_core/nl_adh22.txt
ip list file

from ncrack.

ithilgore, cpuld find the problem??

from ncrack.

from ncrack.

thanks

from ncrack.

I tested on other clean and fresh installed ubuntu 16.04 with last kernel but the same thing happens
(all with a 1gbps internet) seems it only happens on multi target mode

from ncrack.

Interesting. So the bug is triggered only with the -iL switch? How many hosts did you have in there to crack?

from ncrack.

i have test on many different number of hosts 200,300,500,1000,2000,5000,10000,30000(not exact number)
from different datacenters (mean that the host server are different )
i've tested a few time in olny one host mode and the bruteforce has been completed seccussfully
i've noticed most of time the fault happens in lib-c[version].so before ncrack and i think that causes ncrack to get segmentation fault (not alwayes but most of times) i've also tired -cl=200*,CL=500*,at 10 but made no difference

if you want to see the eroor sonn use 1-3 password and 1-3 user so you'll see it in less than 2 mins

from ncrack.

i tested this error does not only happen for ssh . it also happens to rdp protocol
so i think the problemn is not from the server but it's from ncrack it self

from ncrack.

please add bug lable to this
it concerns all moudles

from ncrack.

Anyone found a workaround?

from ncrack.

Hi I used the newest version 0.7 and it's fine now.

used 0.8 and it's not work. not very sure whether 0.7 is fine.

from ncrack.

Dump file for linux is at #106
I find that large IPlist can trigger it easier.

from ncrack.