Knowledge Base

Ask A Question

Questions

8

Locating libssh to triage CVE-2018-10933

Looking through Nexpose for libssh server banners I haven't seen the banners being fingerprinted. I've done initial triage with SQL reports Via SSH banners but I was curious if anyone else has already written a solid libssh fingerprint that I can borrow to write a basic vulnerability check? https://www.libssh.org/security/advisories/CVE-2018-10933.txt https://arstechnica.com/information-technology/2018/10/bug-in-libssh-makes-it-amazingly-easy-for-hackers-to-gain-root-access/ My Initial libssh banner report: ``` WITH asset_ips AS ( SELECT asset_id, ip_address, type FROM dim_asset_ip_address dips ), asset_addresses AS ( SELECT da.asset_id, (SELECT array_to_string(array_agg(ip_address), ',') FROM asset_ips WHERE asset_id = da.asset_id AND type = 'IPv4') AS ipv4s, (SELECT array_to_string(array_agg(ip_address), ',') FROM asset_ips WHERE asset_id = da.asset_id AND type = 'IPv6') AS ipv6s, (SELECT array_to_string(array_agg(mac_address), ',') FROM dim_asset_mac_address WHERE asset_id = da.asset_id) AS macs FROM dim_asset da JOIN asset_ips USING (asset_id) ), asset_names AS ( SELECT asset_id, array_to_string(array_agg(host_name), ',') AS names FROM dim_asset_host_name GROUP BY asset_id ), banners AS ( SELECT da.asset_id AS asset_id, dasc.port AS port, ds.name AS ds_name, ' [' || dasc.name::text || ': ' || array_to_string(array_agg(dasc.value),', ')::text || ']' AS banner_info FROM dim_asset da JOIN dim_asset_service_configuration dasc USING (asset_id) JOIN dim_service ds USING (service_id) GROUP BY da.asset_id, da.ip_address, dasc.port, ds.name, dasc.name ) SELECT da.ip_address AS "Asset IP Address", an.names AS "Asset Names", csv(ds.name) AS "Sites", banners.port, banners.ds_name, csv(banners.banner_info) AS "Banner Info" FROM dim_asset da LEFT OUTER JOIN asset_addresses aa USING (asset_id) LEFT OUTER JOIN asset_names an USING (asset_id) JOIN banners using (asset_id) JOIN dim_site_asset using (asset_id) JOIN dim_site ds USING (site_id) WHERE banners.banner_info ilike '%libssh%' GROUP BY da.ip_address, da.ip_address, ds.name, banners.port, banners.ds_name, an.names, ds.name ORDER BY da.ip_address, banners.port ```

Posted by BrianWGray 12 months ago

1

JSON request POST for Nexpose APIv3 issue?

Hi all, I am having an issue with Nexpose APIv3. I have a problem with acceptance of JSON request on server side. On the other hand GET is working fine. The content of my JSON file is below. I am calling API by path "https://nexpose.mydomain.com:3780/api/3/sites", based on your documentation here https://help.rapid7.com/insightvm/en-us/api/index.html#operation/createSite but I am still getting *HTTP Error 400: Bad Request*. So, I guess there is some mistake in my JSON file. According to documentation there is only one required parameter "name". I would really appreciate if you can help me with this. What is probably missing or wrong in my JSON file? Is there any standard which must be used for JSON data such as RFC 4627, RFC 7159, ECMA-404? Thank you very much! Jan ##JSON file post_sites.json { "description":"testing-site", "engineId":"", "importance":"normal", "links":[ { "href":"", "rel":"" } ], "name":"my-first-site", "scan":{ "assets":{ "excludedAssetGroups":{ "assetGroupIDs":[ 0 ], "links":[ { "href":"", "rel":"" } ] }, "excludedTargets":{ "addresses":[ "string" ], "links":[ { "href":"", "rel":"" } ] }, "includedAssetGroups":{ "assetGroupIDs":[ 0 ], "links":[ { "href":"", "rel":"" } ] }, "includedTargets":{ "addresses":[ "string" ], "links":[ { "href":"", "rel":"" } ] } }, "connection":{ "id":"" } }, "scanTemplateId":"testing-template" }

Posted by Jan Stangler about a year ago