Wulf Pfeiffer vor 10 Jahren
Ursprung
Commit
a9a36510c2
1 geänderte Dateien mit 13 neuen und 8 gelöschten Zeilen
  1. 13 8
      src/de/tudarmstadt/informatik/hostage/protocol/SSH.java

+ 13 - 8
src/de/tudarmstadt/informatik/hostage/protocol/SSH.java

@@ -181,16 +181,17 @@ public class SSH implements Protocol {
 		case NONE:
 			responsePackets
 					.add(new Packet(serverVersion + serverType + "\r\n", toString()));
+			responsePackets.add(kexInit());
 			state = STATE.SERVER_VERSION;
 			break;
 		case SERVER_VERSION:
 			extractType(request);
 			extractPayload(request);
-			responsePackets.add(kexInit());
-			state = STATE.CLIENT_VERSION;
+			extractPubKey(request);
+			responsePackets.add(dhKexReply());
+			state = STATE.KEX_INIT;
 			break;
 		case CLIENT_VERSION:
-			extractPubKey(request);
 			responsePackets.add(dhKexReply());
 			state = STATE.KEX_INIT;
 			break;
@@ -236,7 +237,7 @@ public class SSH implements Protocol {
 
 	@Override
 	public TALK_FIRST whoTalksFirst() {
-		return TALK_FIRST.SERVER;
+		return TALK_FIRST.CLIENT;
 	}
 
 	/**
@@ -387,7 +388,6 @@ public class SSH implements Protocol {
 		} catch (Exception e) {
 			e.printStackTrace();
 		}
-
 		return wrapPacket(response);
 	}
 
@@ -470,10 +470,15 @@ public class SSH implements Protocol {
 	 *            containing the clients public key
 	 */
 	private void extractPubKey(byte[] request) {
-		e = new byte[byteToInt(new byte[] { request[6], request[7], request[8],
-				request[9] })];
+		int packetLength = byteToInt(new byte[] { request[0],
+				request[1], request[2],
+				request[3] });
+		int paddingLength = byteToInt(new byte[] { request[4] });
+		byte[] len = new byte[] { request[2+packetLength + paddingLength], request[3+ packetLength + paddingLength], request[4 + paddingLength + packetLength],
+				request[5 + packetLength + paddingLength] };
+		e = new byte[byteToInt(len)];
 		for (int i = 0; i < e.length; i++) {
-			e[i] = request[i + 10];
+			e[i] = request[i+packetLength + paddingLength+6];
 		}
 	}