adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
46,254 Commits 27 Branches 1,043 Tags
94de5a4e42cfb1dc0fdfc1233707f71b6d9a628b
Commit Graph

239 Commits

Author SHA1 Message Date
Andrew Morris 217dea60fc Update blog link to up-to-date blog post 2018-03-26 15:43:10 -04:00
h00die 97dbc1273a copy pasta 2018-03-12 20:14:08 -04:00
h00die ec7a62bc4c move ssh platforms to lib 2018-03-08 21:23:11 -05:00
h00die c7bbc6eca4 juniper post enum module 2018-02-22 21:08:21 -05:00
William Vu 3880f6a65e Finally fix "Unknown admin user ''" after 2yrs 
The failed password auth was necessary after all. I misread the PoC. :'(

Apparently the password auth sets the username, while the backdoored
keyboard-interactive auth sets the password.
 2018-02-21 20:44:35 -06:00
William Vu cc2495dd9c Explain fortinet-backdoor -> FortinetBackdoor 2018-02-21 17:05:30 -06:00
William Vu a5d78b82d4 Add require for Net::SSH::CommandStream 2018-02-21 15:51:53 -06:00
William Vu 854ac67b8e Use start_session in fortinet_backdoor 
Still get "Unknown admin user ''" from a shell channel request,
@busterb's more complete implementation notwithstanding.

Hoping we fix this in a subsequent commit or related PR.

Please see #6612 and #9524.
 2018-02-21 15:33:34 -06:00
Brent Cook b1d0529161 prefer 'shell' channels over 'exec' channels for ssh 
If a command is not specified to CommandStream, request a "shell"
session rather than running exec. This allows targets that do not have a
true "shell" which supports exec to instead return a raw shell session.
 2018-02-08 02:21:16 -06:00
Wei Chen 394c31c1e3 Remove NoMethod Rescue for cerberus_sftp_enumusers 
Please see reasons in #9436
 2018-01-22 11:10:23 -06:00
Wei Chen 38d056b930 Land #9436 - Fix cerberus_sftp_enumusers undefined method start for nil 
Land #9436

Thanks Steve!
 2018-01-22 11:07:23 -06:00
Wei Chen 85d018096b Pass password_prompt and non_interactive to fix #8970 
Fix #8970
 2018-01-22 11:06:12 -06:00
Steve Embling 8f75d3a46b Possible fix to changes in net::ssh usage 2018-01-19 15:10:14 +00:00
RageLtMan f2a8d68a1f Permit encrypted SSH keys for login scanner 
Net::SSH::KeyFactory permits loading keys using a passphrase.
The Framework SSH modules were implemented back when we had a fork
of net-ssh in our tree, and can now use functionality provided by
the upstream gem.
Update the ssh key login scanner to add a KEY_PASS datastore
OptString which is then passed to the KeyCollection class and used
in the updated :read_key method which now calls the KeyFactory to
read data and give us the appropriate String representation of the
key in the KeyCollection's cache.
A bit of cleanup performed as well, removing legacy code paths no
longer hit by the module. Shamelessly added self to authors, fair
amount of blood and sweat in the SSH subsystem over the years, hope
nobody objects.

Testing:
  None yet
 2017-12-31 02:53:06 -05:00
nromsdahl b24f70c7c6 Update ssh_login.rb 
Added credential data type so password is stored in creds.
 2017-11-30 11:02:06 -06:00
William Vu 1a4db844c0 Refactor build_brute_message for legacy printing 2017-08-14 11:17:34 -05:00
William Vu 3396afb41a Add IP and port (peer) to print_brute messages 2017-08-08 15:46:40 -05:00
William Vu 39e59805f9 Fix annoying print_brute messages in ssh_login 2017-08-08 15:15:23 -05:00
Brent Cook 6300758c46 use https for metaploit.com links 2017-07-24 06:26:21 -07:00
g0tmi1k ef826b3f2c OCD - print_good & print_error 2017-07-19 12:48:52 +01:00
g0tmi1k b8d80d87f1 Remove last newline after class - Make @wvu-r7 happy 2017-07-19 11:19:49 +01:00
g0tmi1k 4720d1a31e OCD fixes - Spaces 2017-07-14 08:46:59 +01:00
g0tmi1k fd843f364b Removed extra lines 2017-07-14 08:17:16 +01:00
g0tmi1k 67310fa96c print_status -> print_good. [When it is successful, show it!] 2017-07-14 00:09:35 +01:00
g0tmi1k 424522147e OCD fixes - Start of *.rb files 2017-07-13 23:53:59 +01:00
William Vu 64452de06d Fix msf/core and self.class msftidy warnings 
Also fixed rex requires.
 2017-05-03 15:44:51 -05:00
James Lee 4f13bde471 Override empty? for the weird ones 
Fixes #7899
 2017-02-09 14:57:20 -06:00
Brent Cook a9a1146155 fix more ssh option hashes 2016-09-20 01:30:35 -05:00
David Maloney e315ec4e73 Merge branch 'master' into bug/7321/fix-ssh-modules 2016-09-19 15:27:37 -05:00
David Maloney 06ff7303a6 make pubkey verifier work with old module 
make the new pubkey verifier class and
the old identify_pubkeys aux module work
together

7321
 2016-09-19 15:20:35 -05:00
William Vu 4ba1ed2e00 Fix formatting in fortinet_backdoor 
Also add :config and :use_agent options.
 2016-09-16 12:32:30 -05:00
David Maloney 26491eed1a pass the public key in as a file instead of data 
when using key_data it seems to assume it is a private
key now. the initial key parsing error can be bypassed
by doing this

7321
 2016-09-16 11:48:51 -05:00
David Maloney dfcd5742c1 some more minor fixes 
some more minor fixes around broken
ssh modules

7321
 2016-09-15 14:25:17 -05:00
David Maloney e10c133eef fix the exagrid exploit module 
split the exagrid exploit module up and
refactor to be able to easily tell if the
key or the password was used

7321
 2016-09-15 11:44:19 -05:00
Brent Cook 7352029497 first round of SSL damage fixes 2016-09-13 17:42:31 -05:00
David Maloney 20947cd6cd remove old dependency on net-ssh moneykpatch 
the ssh_login_pubkey scanner relied on functionality that
was monkeypatched into our vendored copy. this was an uneeded solution
in the first palce, and we now use a more sane method of accomplishing
the same thing
 2016-08-22 10:54:09 -05:00
James Lee ff63e6e05a Land #7018, unvendor net-ssh 2016-07-19 17:06:35 -05:00
Brent Cook b08d1ad8d8 Revert "Land #6812, remove broken OSVDB references" 
This reverts commit 2b016e0216, reversing
changes made to 7b1d9596c7.
 2016-07-15 12:00:31 -05:00
David Maloney b6b52952f4 set ssh to non-interactive 
have to set the non-interactive flag so that it does not
prompt the user on an incorrect password

MS-1688
 2016-07-14 11:12:03 -05:00
David Maloney 01d0d1702b Merge branch 'master' into feature/MS-1688/net-ssh-cleanup 2016-07-14 09:48:28 -05:00
Brent Cook 2b016e0216 Land #6812, remove broken OSVDB references 2016-07-11 22:59:11 -05:00
David Maloney 3d93c55174 move sshfactory into a mixin method 
use a convience method to DRY up creation
of the SSHFactory inside modules. This will make it easier
to apply changes as needed in future. Also changed msframework attr
to just framework as per our normal convention

MS-1688
 2016-06-28 15:23:12 -05:00
David Maloney 6c3871bd0c update ssh modules to use new SSHFactory 
updated all of our SSh based module to use the
new SSHFactory class to plug Rex::Sockets into
Net::SSH

MS-1688
 2016-06-24 13:55:28 -05:00
David Maloney 5bc513d6cd get ssh sessions working properly 
ssh sessions now working correctly

MD-1688
 2016-06-24 12:14:48 -05:00
David Maloney 3e94abe555 put net:ssh::commandstream back 
this was apparently our own creation for doing
ssh sessions

MD-1688
 2016-06-22 15:02:36 -05:00
William Vu 3dfdf1d936 Land #6528, tilde expansion and more for OptPath 2016-05-24 16:01:59 -05:00
Jon Hart 48c25dd863 Remove need for expand_path in this module; normalize handles it now 2016-05-24 13:30:12 -07:00
Jon Hart 3df4c38e82 Use correct key file var 2016-05-24 13:28:08 -07:00
William Vu 9c61490676 Fix some inconsistencies 
Failed to catch these while editing. :(
 2016-05-17 02:50:12 -05:00
Jon Hart 92d07f74ff Remove unnecessary double expand_path 2016-05-16 17:34:12 -07:00