Makes it so we don't ever use local config files for Net::SSH
Also makes sure that the :config =>false option keeps Net:SSH from meddling with knowns_hosts toounstable
parent
c386e1ce31
commit
17943c7a48
|
@ -206,7 +206,7 @@ module Net; module SSH; module Transport
|
||||||
algorithms[:compression_client] = algorithms[:compression_server] = algorithms[:compression]
|
algorithms[:compression_client] = algorithms[:compression_server] = algorithms[:compression]
|
||||||
algorithms[:language_client ] = algorithms[:language_server ] = algorithms[:language]
|
algorithms[:language_client ] = algorithms[:language_server ] = algorithms[:language]
|
||||||
|
|
||||||
if !options.key?(:host_key)
|
if !options.key?(:host_key) and options[:config]
|
||||||
# make sure the host keys are specified in preference order, where any
|
# make sure the host keys are specified in preference order, where any
|
||||||
# existing known key for the host has preference.
|
# existing known key for the host has preference.
|
||||||
|
|
||||||
|
|
|
@ -13,8 +13,9 @@ module Net; module SSH; module Verifiers
|
||||||
def verify(arguments)
|
def verify(arguments)
|
||||||
options = arguments[:session].options
|
options = arguments[:session].options
|
||||||
host = options[:host_key_alias] || arguments[:session].host_as_string
|
host = options[:host_key_alias] || arguments[:session].host_as_string
|
||||||
matches = Net::SSH::KnownHosts.search_for(host, arguments[:session].options)
|
if options[:config]
|
||||||
|
matches = Net::SSH::KnownHosts.search_for(host, arguments[:session].options)
|
||||||
|
end
|
||||||
# we've never seen this host before, so just automatically add the key.
|
# we've never seen this host before, so just automatically add the key.
|
||||||
# not the most secure option (since the first hit might be the one that
|
# not the most secure option (since the first hit might be the one that
|
||||||
# is hacked), but since almost nobody actually compares the key
|
# is hacked), but since almost nobody actually compares the key
|
||||||
|
@ -22,7 +23,9 @@ module Net; module SSH; module Verifiers
|
||||||
# security.
|
# security.
|
||||||
if matches.empty?
|
if matches.empty?
|
||||||
ip = arguments[:session].peer[:ip]
|
ip = arguments[:session].peer[:ip]
|
||||||
Net::SSH::KnownHosts.add(host, arguments[:key], arguments[:session].options)
|
if options[:config]
|
||||||
|
Net::SSH::KnownHosts.add(host, arguments[:key], arguments[:session].options)
|
||||||
|
end
|
||||||
return true
|
return true
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -43,8 +46,10 @@ module Net; module SSH; module Verifiers
|
||||||
def process_cache_miss(host, args)
|
def process_cache_miss(host, args)
|
||||||
exception = HostKeyMismatch.new("fingerprint #{args[:fingerprint]} does not match for #{host.inspect}")
|
exception = HostKeyMismatch.new("fingerprint #{args[:fingerprint]} does not match for #{host.inspect}")
|
||||||
exception.data = args
|
exception.data = args
|
||||||
exception.callback = Proc.new do
|
if options[:config]
|
||||||
Net::SSH::KnownHosts.add(host, args[:key], args[:session].options)
|
exception.callback = Proc.new do
|
||||||
|
Net::SSH::KnownHosts.add(host, args[:key], args[:session].options)
|
||||||
|
end
|
||||||
end
|
end
|
||||||
raise exception
|
raise exception
|
||||||
end
|
end
|
||||||
|
|
|
@ -201,6 +201,7 @@ class Metasploit3 < Msf::Auxiliary
|
||||||
:disable_agent => true,
|
:disable_agent => true,
|
||||||
:record_auth_info => true,
|
:record_auth_info => true,
|
||||||
:skip_private_keys => true,
|
:skip_private_keys => true,
|
||||||
|
:config =>false,
|
||||||
:accepted_key_callback => Proc.new {|key| accepted << key }
|
:accepted_key_callback => Proc.new {|key| accepted << key }
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -62,13 +62,15 @@ class Metasploit3 < Msf::Auxiliary
|
||||||
end
|
end
|
||||||
|
|
||||||
def do_login(ip,user,pass,port)
|
def do_login(ip,user,pass,port)
|
||||||
|
print_status "Home: #{ENV['HOME']}"
|
||||||
opt_hash = {
|
opt_hash = {
|
||||||
:auth_methods => ['password','keyboard-interactive'],
|
:auth_methods => ['password','keyboard-interactive'],
|
||||||
:msframework => framework,
|
:msframework => framework,
|
||||||
:msfmodule => self,
|
:msfmodule => self,
|
||||||
:port => port,
|
:port => port,
|
||||||
:disable_agent => true,
|
:disable_agent => true,
|
||||||
:password => pass
|
:password => pass,
|
||||||
|
:config => false,
|
||||||
}
|
}
|
||||||
|
|
||||||
opt_hash.merge!(:verbose => :debug) if datastore['SSH_DEBUG']
|
opt_hash.merge!(:verbose => :debug) if datastore['SSH_DEBUG']
|
||||||
|
|
|
@ -177,6 +177,7 @@ class Metasploit3 < Msf::Auxiliary
|
||||||
:port => port,
|
:port => port,
|
||||||
:key_data => key_data,
|
:key_data => key_data,
|
||||||
:disable_agent => true,
|
:disable_agent => true,
|
||||||
|
:config => false,
|
||||||
:record_auth_info => true
|
:record_auth_info => true
|
||||||
}
|
}
|
||||||
opt_hash.merge!(:verbose => :debug) if datastore['SSH_DEBUG']
|
opt_hash.merge!(:verbose => :debug) if datastore['SSH_DEBUG']
|
||||||
|
|
Loading…
Reference in New Issue