make pubkey verifier work with old module

make the new pubkey verifier class and the old identify_pubkeys aux module work together 7321
2016-09-19 15:20:35 -05:00 · 2016-09-19 15:20:35 -05:00 · 06ff7303a6
parent 2f17ae0946
commit 06ff7303a6
2 changed files with 29 additions and 16 deletions
--- a/lib/net/ssh/pubkey_verifier.rb
+++ b/lib/net/ssh/pubkey_verifier.rb
@ -7,13 +7,13 @@ module Net
      include Net::SSH::Transport::Constants
      include Net::SSH::Authentication::Constants

-      attr_accessor :host, :key, :options, :user
+      attr_accessor :connection, :host, :key, :options, :user

      def initialize(host,user, opts)
        @host = host
-        # Parse Keyfile out into a PKey object
-        pubkey_file = opts.fetch(:pubkey_file)
-        @key = Net::SSH::KeyFactory.load_public_key(pubkey_file)
+        # Parse public key data out into a PKey object
+        pubkey_data = opts.fetch(:key_data)
+        @key = Net::SSH::KeyFactory.load_data_public_key(pubkey_data)
        @user = user

        # Always set auth methods to ONLY publickey regardless
@ -45,6 +45,7 @@ module Net
        response_message = auth.next_message
        case response_message.type
          when USERAUTH_PK_OK
+            @connection = Net::SSH::Connection::Session.new(transport, options)
            true
          when USERAUTH_FAILURE
            false
--- a/modules/auxiliary/scanner/ssh/ssh_identify_pubkeys.rb
+++ b/modules/auxiliary/scanner/ssh/ssh_identify_pubkeys.rb
@ -6,6 +6,7 @@
 require 'msf/core'
 require 'net/ssh'
 require 'sshkey' # TODO: Actually include this!
+require 'net/ssh/pubkey_verifier'

 class MetasploitModule < Msf::Auxiliary

@ -203,13 +204,11 @@ class MetasploitModule < Msf::Auxiliary
        key_info = "- #{$3.strip}"
      end

-      accepted = []
      factory = ssh_socket_factory
      opt_hash = {
        :auth_methods => ['publickey'],
        :port         => port,
-        #:key_data     => key_data[:public],
-        :keys => [ datastore['KEY_FILE'] ],
+        :key_data     => key_data[:public],
        :use_agent     => false,
        :config =>false,
        :proxy	  => factory,
@ -220,7 +219,12 @@ class MetasploitModule < Msf::Auxiliary

      begin
        ssh_socket = nil
-        ::Timeout.timeout(datastore['SSH_TIMEOUT']) { ssh_socket = Net::SSH.start(ip, user, opt_hash) }
+        success = false
+        verifier = Net::SSH::PubkeyVerifier.new(ip,user,opt_hash)
+        ::Timeout.timeout(datastore['SSH_TIMEOUT']) do
+           success = verifier.verify
+           ssh_socket = verifier.connection
+        end

        if datastore['SSH_BYPASS'] and ssh_socket
          data = nil
@ -246,21 +250,29 @@ class MetasploitModule < Msf::Auxiliary
        return [:fail,nil] # For whatever reason.
      end

-      if accepted.length == 0
+      unless success
        if @key_files
          print_brute :level => :verror, :msg =>  "User #{user} does not accept key #{@key_files[key_idx+1]} #{key_info}"
        else
          print_brute :level => :verror, :msg => "User #{user} does not accept key #{key_idx+1} #{key_info}"
        end
+        return [:fail,nil]
      end

-      accepted.each do |key|
-        private_key_present = (key[:data][:private] != "") ? 'Yes' : 'No'
-        key_fingerprint = key[:key][:fingerprint]
-        print_brute :level => :good, :msg => \
-          "Public key accepted: '#{user}' with key '#{key_fingerprint}' (Private Key: #{private_key_present}) #{key_info}"
-        do_report(ip, rport, user, key)
-      end
+      key = verifier.key
+      key_fingerprint = key.fingerprint
+      user = verifier.user
+      private_key_present = (key_data[:private] != "") ? 'Yes' : 'No'
+
+      print_brute :level => :good, :msg => "Public key accepted: '#{user}' with key '#{key_fingerprint}' (Private Key: #{private_key_present}) #{key_info}"
+
+      key_hash = {
+        data: key_data,
+        key: key,
+        info: key_info
+      }
+      do_report(ip, rport, user, key_hash)
+
    end
  end