Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ssh tube: replaced nonexistent key with str(e) in error handling method to get proper error message displayed in stacktrace #2512

Merged
merged 1 commit into from
Jan 6, 2025

Conversation

findus
Copy link
Contributor

@findus findus commented Dec 30, 2024

When using gdb.debug with the ssh tube, exception message are not printed correctly, with the change the error message gets printed without triggering a second exception:

Current:

 During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/home/findus/repos/pwncollege/program_security/shellcode_injection/./level13.py", line 35, in <module>
    p = gdb.debug(["sudo", "-u", "root", "/challenge/babyshell-level-13"], cwd='/', ssh=s)
  File "/usr/lib/python3.13/site-packages/pwnlib/context/__init__.py", line 1582, in setter
    return function(*a, **kw)
  File "/usr/lib/python3.13/site-packages/pwnlib/gdb.py", line 676, in debug
    port = _gdbserver_port(gdbserver, ssh)
  File "/usr/lib/python3.13/site-packages/pwnlib/gdb.py", line 391, in _gdbserver_port
    remote   = ssh.connect_remote('127.0.0.1', port)
  File "/usr/lib/python3.13/site-packages/pwnlib/tubes/ssh.py", line 1147, in connect_remote
    return ssh_connecter(self, host, port, timeout, level=self.level)
  File "/usr/lib/python3.13/site-packages/pwnlib/tubes/ssh.py", line 453, in __init__
    self.exception(e.message)
                   ^^^^^^^^^
AttributeError: 'ChannelException' object has no attribute 'message'

With Fix:

[ERROR] ChannelException(1, 'Administratively prohibited')
    Traceback (most recent call last):
      File "/usr/lib/python3.13/site-packages/pwnlib/tubes/ssh.py", line 453, in __init__
        self.sock = parent.transport.open_channel('direct-tcpip', (host, port), ('127.0.0.1', 0))
                    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
      File "/usr/lib/python3.13/site-packages/paramiko/transport.py", line 1136, in open_channel
        raise e
    paramiko.ssh_exception.ChannelException: ChannelException(1, 'Administratively prohibited')
Traceback (most recent call last):
  File "/home/findus/repos/pwncollege/program_security/shellcode_injection/./level13.py", line 35, in <module>
    p = gdb.debug(args=["sudo", "-u", "root", "/challenge/babyshell-level-13"], cwd='/', ssh=s)
  File "/usr/lib/python3.13/site-packages/pwnlib/context/__init__.py", line 1582, in setter
    return function(*a, **kw)
  File "/usr/lib/python3.13/site-packages/pwnlib/gdb.py", line 676, in debug
    port = _gdbserver_port(gdbserver, ssh)
  File "/usr/lib/python3.13/site-packages/pwnlib/gdb.py", line 391, in _gdbserver_port
    remote   = ssh.connect_remote('127.0.0.1', port)
  File "/usr/lib/python3.13/site-packages/pwnlib/tubes/ssh.py", line 1150, in connect_remote
    return ssh_connecter(self, host, port, timeout, level=self.level)
  File "/usr/lib/python3.13/site-packages/pwnlib/tubes/ssh.py", line 456, in __init__
    self.exception(str(e))
    ~~~~~~~~~~~~~~^^^^^^^^
  File "/usr/lib/python3.13/site-packages/pwnlib/tubes/ssh.py", line 453, in __init__
    self.sock = parent.transport.open_channel('direct-tcpip', (host, port), ('127.0.0.1', 0))
                ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.13/site-packages/paramiko/transport.py", line 1136, in open_channel
    raise e
paramiko.ssh_exception.ChannelException: ChannelException(1, 'Administratively prohibited')

…od to get proper error message displayed in stacktrace
@Arusekk
Copy link
Member

Arusekk commented Dec 30, 2024

It looks like self.exception does not log anything but falls back to __getattr__. This is unfortunate, as calling self.exception opens another channel then I suppose.

@findus
Copy link
Contributor Author

findus commented Dec 30, 2024

The lower stacktrace is kinda weird, the "self.sock = parent.transport.open_channel" call isn't a new channel invocation, its just the old (first) one.

the self.exception call in the ssh_connector class and not in the ssh class, so __getattr__ should not get invoked at all.

@peace-maker
Copy link
Member

Thank you!

@peace-maker peace-maker merged commit 4ef3c16 into Gallopsled:dev Jan 6, 2025
13 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants