Nessus ssh_cmd() fix?
I think I’ve found the main source of the PS1 problem with Nessus’ ssh_cmd(); it would seem it doesn’t like ksh, as it produces something like the following in the report output, which appears to be due to PS1 being set to “$ “:
Last login: Fri Dec 3 11:08:43 2010 from 192.168.1.2
$ $
If you change the login user’s shell to bash, the problem goes away (as long as PS1 ends with $, %, # or >), although I guess its possible that if the bash prompt was set to just “$ ” instead of the usual “-bash-3.00$ ” it would suffer the same problem as ksh.
Interestingly it seems to happen if you use su/sudo or not, I previously thought it was unique to su/sudo usage due to this section of code in the ssh_cmd() function from ssh_func.inc – note the prompt detection at line 2268:
# su/sudo: shell prompt -> sends command
if ( strlen(tempbuf) > 5 ) last5 = substr(tempbuf, strlen(tempbuf) - 6, strlen(tempbuf) - 1 );
else last5 = tempbuf;
if (!isnull(su) && spass == 0 && ("$" >< last5 || "#" >< last5 || ">" >< last5 || "%" >< last5 ))
{
for ( sub1 = 0 ; sub1 < strlen(cmd) ; sub1 += 1024 )
{
if ( strlen(cmd) <= sub1 + 1023 )
sub2 = strlen(cmd) - 1;
else
sub2 = sub1 + 1023;
cmdd = substr(cmd, sub1, sub2);
payload = raw_int32(i:remote_channel) + putstring(buffer:cmdd);
send_ssh_packet(payload:payload, code:raw_int8(i:94));
}
spass = 1;
}