SSH connexion cannot parse '@' character in password #281
Description
Bug Description
The pwncat-cs ssh connexion string with password is not working if the password contains the @ character. It looks like the pwncat-cs parser is splitting the command on the first @ found.
I precise that I also have attempted to submit the password value between simple and double quotes, I also tried by adding backslashes and through environment variable in order to bypass this behavior, without any success.
EDIT : After checking the source code, I figured out that the parsing is made with a regex allowing to escape with a backslash and this can solve my issue. However, I also have a ! character in the password I want to make use of. Since the ! character is breaking any command if not quoted properly, I guess making use of it is adding complexity to this. I suppose that the mix of those both issues seem to break either the parsing, or the content of the ssh login attempt (in the query or in the submitted credentials themselves, this remains unclear to me).
pwncat version
$ pwncat --version
0.5.4
Target System (aka "victim")
None, this can be tested locally.
Steps to Reproduce
Steps to reproduce the behavior:
- Create a new local user with a password containing
@likepwncat_user:r00t5P@ssw0rd - Try to perform the following ssh connexion
pwncat-cs ssh://pwncat_user:r00t5P@[email protected]
Expected Behavior
The pwncat-cs parser should split on the last @ char found instead of the first one.
Screenshots
