2f24f2dfcf
Land #11481 , Drupal SA-CORE-2019-003/CVE-2019-6340
2019-03-05 19:10:46 -08:00
3cb8ef82dc
Land #11103 , CreateSession option for aux modules
2018-12-12 14:32:26 -08:00
d8e0b17777
Land #10973 , Rework DisclosureDate check in msftidy, including ISO 8601 support
2018-11-19 08:50:32 -08:00
ff7f10b637
Land #10572 eaton ssh private key scanner
2018-11-15 14:19:16 -08:00
c2405c2750
Land #10888 , Fix Net::SSH::CommandStream session open failure
2018-11-05 09:16:54 -08:00
609e706e63
Land #10866 , libssh_auth_bypass check updates
2018-10-25 12:33:06 -07:00
2c347d51b1
Land #10855 , Enable non-session command output for SSH modules
2018-10-23 16:44:03 -05:00
833807973c
Land #10835 , libssh fingerprint improvements
2018-10-19 19:13:36 -07:00
2b997432f2
Land #10819 , os_name population for ssh_login*
2018-10-19 13:55:10 -07:00
f88790c2c0
Land #10820 , Add libssh authentication bypass scanner/"exploit"
2018-10-19 12:03:28 -07:00
2ee6a49a27
Land #10649 , https://seclists.org references
2018-09-17 15:09:39 -07:00
42784dceb1
Land #10593 , Refactor SSH mixins and update modules
2018-09-10 13:43:30 -07:00
91bab0d842
Land #10510 , full disclosure for CVE-2018-15473
2018-08-22 12:52:48 -07:00
0739892cc8
Land #10498 , module doc for ssh_enumusers
2018-08-21 09:05:07 -07:00
5970f4882d
Land #10479 , Add CVE-2018-15473 to ssh_enumusers
2018-08-21 09:05:06 -07:00
bf7c530f7e
Land #10456 , known_hosts fix for SSH modules
2018-08-16 13:43:26 -07:00
72d2b46ac8
Land #9767 land magick number blog link update
2018-03-27 14:21:46 -05:00
dcb514e5ac
Land #9694 , move ssh platforms to lib
2018-03-17 20:33:04 -07:00
f6223c0193
Land #9614 , Juniper post enum module
2018-03-07 07:49:29 -08:00
826b986018
Land #9602 , Create sessions with the Fortinet SSH backdoor scanner
2018-02-22 08:27:36 -08:00
4e8fe54c6c
Land #9524 , prefer 'shell' channels over 'exec' channels for ssh CommandStream
2018-02-22 08:27:36 -08:00
ab610f599b
Land #9442 , Remove NoMethod Rescue for cerberus_sftp_enumusers
...
Land #9442
2018-01-24 17:12:25 -06:00
10fafb62bb
Land #9436 - Fix cerberus_sftp_enumusers undefined method start for nil
...
Land #9436
Thanks Steve!
2018-01-24 17:12:16 -06:00
f2a8d68a1f
Permit encrypted SSH keys for login scanner
...
Net::SSH::KeyFactory permits loading keys using a passphrase.
The Framework SSH modules were implemented back when we had a fork
of net-ssh in our tree, and can now use functionality provided by
the upstream gem.
Update the ssh key login scanner to add a KEY_PASS datastore
OptString which is then passed to the KeyCollection class and used
in the updated :read_key method which now calls the KeyFactory to
read data and give us the appropriate String representation of the
key in the KeyCollection's cache.
A bit of cleanup performed as well, removing legacy code paths no
longer hit by the module. Shamelessly added self to authors, fair
amount of blood and sweat in the SSH subsystem over the years, hope
nobody objects.
Testing:
None yet
2017-12-31 02:53:06 -05:00
b24f70c7c6
Update ssh_login.rb
...
Added credential data type so password is stored in creds.
2017-11-30 11:02:06 -06:00
1a4db844c0
Refactor build_brute_message for legacy printing
2017-08-14 11:17:34 -05:00
3396afb41a
Add IP and port (peer) to print_brute messages
2017-08-08 15:46:40 -05:00
39e59805f9
Fix annoying print_brute messages in ssh_login
2017-08-08 15:15:23 -05:00
6300758c46
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
ef826b3f2c
OCD - print_good & print_error
2017-07-19 12:48:52 +01:00
b8d80d87f1
Remove last newline after class - Make @wvu-r7 happy
2017-07-19 11:19:49 +01:00
4720d1a31e
OCD fixes - Spaces
2017-07-14 08:46:59 +01:00
fd843f364b
Removed extra lines
2017-07-14 08:17:16 +01:00
67310fa96c
print_status -> print_good. [When it is successful, show it!]
2017-07-14 00:09:35 +01:00
424522147e
OCD fixes - Start of *.rb files
2017-07-13 23:53:59 +01:00
64452de06d
Fix msf/core and self.class msftidy warnings
...
Also fixed rex requires.
2017-05-03 15:44:51 -05:00
4f13bde471
Override empty? for the weird ones
...
Fixes #7899
2017-02-09 14:57:20 -06:00
a9a1146155
fix more ssh option hashes
2016-09-20 01:30:35 -05:00
e315ec4e73
Merge branch 'master' into bug/7321/fix-ssh-modules
2016-09-19 15:27:37 -05:00
06ff7303a6
make pubkey verifier work with old module
...
make the new pubkey verifier class and
the old identify_pubkeys aux module work
together
7321
2016-09-19 15:20:35 -05:00
4ba1ed2e00
Fix formatting in fortinet_backdoor
...
Also add :config and :use_agent options.
2016-09-16 12:32:30 -05:00
26491eed1a
pass the public key in as a file instead of data
...
when using key_data it seems to assume it is a private
key now. the initial key parsing error can be bypassed
by doing this
7321
2016-09-16 11:48:51 -05:00
dfcd5742c1
some more minor fixes
...
some more minor fixes around broken
ssh modules
7321
2016-09-15 14:25:17 -05:00
e10c133eef
fix the exagrid exploit module
...
split the exagrid exploit module up and
refactor to be able to easily tell if the
key or the password was used
7321
2016-09-15 11:44:19 -05:00
7352029497
first round of SSL damage fixes
2016-09-13 17:42:31 -05:00
20947cd6cd
remove old dependency on net-ssh moneykpatch
...
the ssh_login_pubkey scanner relied on functionality that
was monkeypatched into our vendored copy. this was an uneeded solution
in the first palce, and we now use a more sane method of accomplishing
the same thing
2016-08-22 10:54:09 -05:00
ff63e6e05a
Land #7018 , unvendor net-ssh
2016-07-19 17:06:35 -05:00
b08d1ad8d8
Revert "Land #6812 , remove broken OSVDB references"
...
This reverts commit 2b016e02167b1d9596c7
2016-07-15 12:00:31 -05:00
b6b52952f4
set ssh to non-interactive
...
have to set the non-interactive flag so that it does not
prompt the user on an incorrect password
MS-1688
2016-07-14 11:12:03 -05:00
01d0d1702b
Merge branch 'master' into feature/MS-1688/net-ssh-cleanup
2016-07-14 09:48:28 -05:00
William Vu