• notsofast24 5 days ago
    • neilv 5 days ago

      Nice catch. IMHO, it's a little too obvious, so probably not a bugdoor. Maybe someone who knows better wasn't getting enough sleep.

      • mikeweiss 4 days ago

        Can someone explain for those of us who aren't as savvy?

        • tapanih 4 days ago

          With a well-crafted filename, you can run arbitrary commands on the attackers computer.

          • tecleandor 4 days ago

            I know just a little bit of python and that looks like it does what the description says. Maybe I wouldn't use subprocess but do it via the standard lib.

            What should we be looking for in the code?

            • craigds 4 days ago

              shell=True is a security risk unless you're very careful with escaping inputs. In this case any filename with a `;` in it (or various other shell characters) will run arbitrary commands on the attacker's computer.

              best to pass a list of arguments to subprocess rather than a string, and avoid shell=True

              • tecleandor 2 days ago

                Ah true! I fixated on exactly the line that was marked. I guess it's not that bad because you're choosing the file to copy, but I wouldn't have used a subshell for copying a file anyway.

                • sandreas 4 days ago

                  I never understood why there even is an api for using a string...

                  Same for SQL statements, single quotes in a query string should generate a warning to just use prepared statements instead :-)

            • IshKebab 5 days ago

              Python is a pretty big "I don't know what I'm doing" flag so I wouldn't be too surprised. Not always of course - there are plenty of well written Python projects - but Python and JavaScript are so popular for beginners that projects written by beginners tend to concentrate in those languages.

              • handwarmers 5 days ago

                sit down rust boy.

                • 2-3-7-43-1807 5 days ago

                  and you know what you're doing, aren't you? lol

                  • IshKebab 4 days ago

                    Yes I do know how to avoid basic string injection vulnerabilities.

            • bjored 5 days ago

              Looking at the SSH actions, the "brute force" attack is just iterating through a list of usernames and passwords from an external file. Wow. Much impress. So Hacker.

              • ipnon 5 days ago

                Is there a simpler approach than dictionary attack?

                • PhilipRoman 5 days ago

                  Take a look at the list of CVEs and start hammering, chances are the SSH server was last updated some time around 2010.

                  • dartos 3 days ago

                    A lot of complexity in that “start hammering” bit.

                • poincaredisk 3 days ago

                  Mock all you want, a brute force attack (why the quotes? This is literally the textbook brute force attack) is an important part of pentesting.

                • pstoll 5 days ago

                  If it ends up living up to the promise of the quality of the documentation (ie the README), I can’t wait to try it. Also screenshots of the display look cool.

                  • insomagent 5 days ago

                    The documentation looks a bit LLMish to me.

                    • alisaleh88 5 days ago

                      Which is good tbh, we get quality write down. LLMs are around for 2 years now, but not all the documentations use them.

                  • assanineass 5 days ago

                    I know I’m just a troll account but I can’t believe all it takes to get 1k stars on GitHub is just rewriting an automated file transfer script using five different protocols and claiming it’s some powerful offensive capability lmfao

                    • tveita 4 days ago

                      There's also a cute display which I assume is much of the appeal.

                      The sophistication of the scanner seems a bit oversold at the moment.

                      • Fuzzwah 5 days ago

                        You are more than a troll account.

                      • pvitz 5 days ago

                        For the brute-force attack, THC's hydra could be used instead of reinventing the wheel. Or are there licensing issues involved?

                        • 3abiton 5 days ago

                          I don't see the "selling value" of this, can you give me a qrd?

                          • StrauXX 5 days ago

                            Hydra unifies brute forcing dozens of protocols into a singular (cli) API. It is useful in that you don't have to have dozens of tools for each kind of service you might want to enumerate, each with their own interfaces.

                        • miah_ 4 days ago

                          If this integrated with Metasploit or some other tooling I might be impressed.the graphics are cool though.

                          • boomskats 4 days ago

                            Ahh yeah Bjorn, my pwnagotchi's new older brother. I really hope he can cheer him up - the little guy hasn't been the same ever since daddy decided he was more interested in penetrating that cups server.

                            • jamaicanindian 4 days ago

                              [dead]

                              • mike_d 5 days ago

                                [flagged]

                                • khana 5 days ago

                                  [dead]