RageLtMan
f0b24339fe
Create the Rex::Proto::Ssh namespace and implement hrr_rb_ssh objects in the Rex namespace with Rex' sockets stack, permissive default connection options to accept any authentication, ACLs for port forwarding, and a modified Connection #initialize method for simplified instantiation. The actual Rex::Proto::Ssh::Server object follow standard Rex semantics for services to permit use in handlers, exploits, and auxiliary modules in the same manner as the Http::Server is used today. This work is far from complete - the HrrRbSsh low-level objects should be decomposed into Rex' pattern as they currently depend heavily on their own Procs and Threads internally which use the parent Connection object's attributes to look up which Proc should be called in response to a Channel or Authentication request. This is a bit difficult to do piecemeal given the intertwined data and execution dependency inside of HrrRbSsh. Next steps: 1. Create handler and reverse_ssh command session payloads 1a. POSIX systems generally have SSH already 1b. Windows Powershell is likely able to hotload SSH libs as a pre-stager. 1c. Other interpreted runtimes usually have client-ssh libraries 2. Implement options parsing, handling, etc for user-customizable functionality from the Msf namespace. 3. Use libssh2 to permit mettle use of the SSH transport. 3a. Bother @OJ about doing the same for Windows Meterpreter. 3b. Bother @zeroSteiner to implement SSH transport for PyMeterp. 3c. Ask @timwr and @mihi how viable this is for Android/Java. 3d. See if @OJ will do this for CLR-meterp on a livestream. 4. Write a post module which runs this SSH server from a mettle session using the compromised hosts's own host keys and passwd file for "valid" authentication while logging and MITMing the entire command stream remotely - help folks shake off some of the complacency around "secure shells." 5. Write a plugin which will permit sharing of the entire console context, specific acquired sessions, or TCP forwards with the pugin's SSH clients based on the credentials used to connect. 6. Further decompose the server code into Rex to permit writing client fuzzers, loggers, and other tooling to test the posture of SSH client implementations. 7. Work to implement SSH client functionality in HrrRbSsh and convert the rest of Rex/Msf to use this library instead only. 8. Rewrite and import MetaSsh into Metasploit proper using the new Rex::Proto::Ssh code. ----- Huge thanks to @hirura for writing HrrRbSsh. I've spent countless hours on and off working to implement server-side semantics in net/ssh years ago and it was becoming a pretty full rewrite due to the ordering of server/client req/resp messages and who sent what to whom. This library is a much much cleaner implementation and provides full, modern SSH servers in pure Ruby.
5 lines
72 B
Ruby
5 lines
72 B
Ruby
# encoding: binary
|
|
|
|
# SSH server support
|
|
require 'rex/proto/ssh/server'
|