infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Remove host key checks on ssh scanner modules

GSoC/Meterpreter_Web_Console
Kevin Kirsche 2018-08-15 06:48:35 -07:00
parent 2e75f46d34
commit 905f26372d
6 changed files with 39 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
modules/auxiliary/scanner/ssh/apache_karaf_command_execution.rb
View File

@ -70,13 +70,14 @@ class MetasploitModule < Msf::Auxiliary
def do_login(user, pass, ip)
factory = ssh_socket_factory
opts = {
auth_methods: ['password'],
port: rport,
config: false,
use_agent: false,
password: pass,
proxy: factory,
non_interactive: true
:auth_methods => ['password'],
:port => rport,
:config => false,
:use_agent => false,
:password => pass,
:proxy => factory,
:non_interactive => true,
:verify_host_key => :never
}
opts.merge!(verbose: :debug) if datastore['SSH_DEBUG']

26
modules/auxiliary/scanner/ssh/cerberus_sftp_enumusers.rb
View File

@ -67,13 +67,14 @@ class MetasploitModule < Msf::Auxiliary
def check_vulnerable(ip)
opt_hash = {
port: rport,
auth_methods: ['password', 'keyboard-interactive'],
use_agent: false,
config: false,
password_prompt: Net::SSH::Prompt.new,
non_interactive: true,
proxies: datastore['Proxies']
:port => rport,
:auth_methods => ['password', 'keyboard-interactive'],
:use_agent => false,
:config => false,
:password_prompt => Net::SSH::Prompt.new,
:non_interactive => true,
:proxies => datastore['Proxies'],
:verify_host_key => :never
}
begin
@ -105,11 +106,12 @@ class MetasploitModule < Msf::Auxiliary
pass = Rex::Text.rand_text_alphanumeric(8)
opt_hash = {
auth_methods: ['password', 'keyboard-interactive'],
port: port,
use_agent: false,
config: false,
proxies: datastore['Proxies']
:auth_methods => ['password', 'keyboard-interactive'],
:port => port,
:use_agent => false,
:config => false,
:proxies => datastore['Proxies'],
:verify_host_key => :never
}
opt_hash.merge!(verbose: :debug) if datastore['SSH_DEBUG']

13
modules/auxiliary/scanner/ssh/fortinet_backdoor.rb
View File

@ -48,14 +48,15 @@ class MetasploitModule < Msf::Auxiliary
factory = ssh_socket_factory
ssh_opts = {
port: rport,
:port => rport,
# The auth method is converted into a class name for instantiation,
# so fortinet-backdoor here becomes FortinetBackdoor from the mixin
auth_methods: ['fortinet-backdoor'],
non_interactive: true,
config: false,
use_agent: false,
proxy: factory
:auth_methods => ['fortinet-backdoor'],
:non_interactive => true,
:config => false,
:use_agent => false,
:proxy => factory,
:verify_host_key => :never
}
ssh_opts.merge!(verbose: :debug) if datastore['SSH_DEBUG']

11
modules/auxiliary/scanner/ssh/juniper_backdoor.rb
View File

@ -43,11 +43,12 @@ class MetasploitModule < Msf::Auxiliary
def run_host(ip)
factory = ssh_socket_factory
ssh_opts = {
port: rport,
auth_methods: ['password', 'keyboard-interactive'],
password: %q{<<< %s(un='%s') = %u},
proxy: factory,
:non_interactive => true
:port => rport,
:auth_methods => ['password', 'keyboard-interactive'],
:password => %q{<<< %s(un='%s') = %u},
:proxy => factory,
:non_interactive => true,
:verify_host_key => :never
}
ssh_opts.merge!(verbose: :debug) if datastore['SSH_DEBUG']

3
modules/auxiliary/scanner/ssh/ssh_enumusers.rb
View File

@ -86,7 +86,8 @@ class MetasploitModule < Msf::Auxiliary
:password => pass,
:config => false,
:proxy => factory,
:non_interactive => true
:non_interactive => true,
:verify_host_key => :never
}
opt_hash.merge!(:verbose => :debug) if datastore['SSH_DEBUG']

3
modules/auxiliary/scanner/ssh/ssh_identify_pubkeys.rb
View File

@ -210,7 +210,8 @@ class MetasploitModule < Msf::Auxiliary
:use_agent => false,
:config =>false,
:proxy => factory,
:non_interactive => true
:non_interactive => true,
:verify_host_key => :never
}
opt_hash.merge!(:verbose => :debug) if datastore['SSH_DEBUG']