This commit fix the issue #16138 by adding support to old key
exchange algorithms in the net/ssh lib by defining the
`append_all_supported_algorithms` to `true`.
This module exploits a vulnerability of a combined poorly configured TACACS+ config and
Arista's bash shell.
This module has been tested successfully on:
- tac_plus version: 202001211926/PCRE/DES
- Arista HW/SW DCS-7280SRAM-48C6-R – 4.22.0.1F
- Arista HW/SW DCS-7050CX3-32S-R – 4.20.11M
- Arista HW/SW DCS-7050QX-32S-R – 4.20.9M
* Net::SSH::CommandStream typos fixed
* Net::SSH::CommandStream cleanup made more robust and refactored
* require 'net/ssh/command_stream' added to various modules
If a command is not specified to CommandStream, request a "shell"
session rather than running exec. This allows targets that do not have a
true "shell" which supports exec to instead return a raw shell session.
use a convience method to DRY up creation
of the SSHFactory inside modules. This will make it easier
to apply changes as needed in future. Also changed msframework attr
to just framework as per our normal convention
MS-1688
This change adds two new Rex exceptions and changes the local comm to raise the right one depending on the circumstances. The problem with the existing model is
that failed binds and failed connections both raised the same exception. This change is backwards compatible with modules that rescue Rex::AddressInUse in additi
on to Rex::ConnectionError. There were two corner cases that rescued Rex::AddressInUse specifically:
1. The 'r'-services mixin and modules caught the old exception when handling bind errors. These have been updated to use BindFailed
2. The meterpreter client had a catch for the old exception when the socket reports a bad destination (usually a network connection dropped). This has been updat
ed to use InvalidDestination as that was the intention prior to this change.
Since AddressInUse was part of ConnectionError, modules and mixins which caught both in the same rescue have been updated to just catch ConnectionError.
See the complaint on #4039. This doesn't fix that particular
issue (it's somewhat unrelated), but does solve around
a file parsing problem reported by @void-in
Jack Heysel