infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Land #10456, known_hosts fix for SSH modules

4.x
William Vu 2018-08-15 21:28:08 -05:00 committed by Metasploit
parent e11266f0a0
commit bf7c530f7e
No known key found for this signature in database
GPG Key ID: CDFB5FA52007B954
25 changed files with 191 additions and 160 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
lib/metasploit/framework/login_scanner/ssh.rb
View File

@ -55,7 +55,8 @@ module Metasploit
:config => false,
:verbose => verbosity,
:proxy => factory,
:non_interactive => true
:non_interactive => true,
:verify_host_key => :never
}
case credential.private_type
when :password, nil

15
modules/auxiliary/scanner/ssh/apache_karaf_command_execution.rb
View File

@ -70,13 +70,14 @@ class MetasploitModule < Msf::Auxiliary
def do_login(user, pass, ip)
factory = ssh_socket_factory
opts = {
auth_methods: ['password'],
port: rport,
config: false,
use_agent: false,
password: pass,
proxy: factory,
non_interactive: true
:auth_methods => ['password'],
:port => rport,
:config => false,
:use_agent => false,
:password => pass,
:proxy => factory,
:non_interactive => true,
:verify_host_key => :never
}
opts.merge!(verbose: :debug) if datastore['SSH_DEBUG']

26
modules/auxiliary/scanner/ssh/cerberus_sftp_enumusers.rb
View File

@ -67,13 +67,14 @@ class MetasploitModule < Msf::Auxiliary
def check_vulnerable(ip)
opt_hash = {
port: rport,
auth_methods: ['password', 'keyboard-interactive'],
use_agent: false,
config: false,
password_prompt: Net::SSH::Prompt.new,
non_interactive: true,
proxies: datastore['Proxies']
:port => rport,
:auth_methods => ['password', 'keyboard-interactive'],
:use_agent => false,
:config => false,
:password_prompt => Net::SSH::Prompt.new,
:non_interactive => true,
:proxies => datastore['Proxies'],
:verify_host_key => :never
}
begin
@ -105,11 +106,12 @@ class MetasploitModule < Msf::Auxiliary
pass = Rex::Text.rand_text_alphanumeric(8)
opt_hash = {
auth_methods: ['password', 'keyboard-interactive'],
port: port,
use_agent: false,
config: false,
proxies: datastore['Proxies']
:auth_methods => ['password', 'keyboard-interactive'],
:port => port,
:use_agent => false,
:config => false,
:proxies => datastore['Proxies'],
:verify_host_key => :never
}
opt_hash.merge!(verbose: :debug) if datastore['SSH_DEBUG']

1
modules/auxiliary/scanner/ssh/fortinet_backdoor.rb
View File

@ -55,6 +55,7 @@ class MetasploitModule < Msf::Auxiliary
non_interactive: true,
config: false,
use_agent: false,
verify_host_key: :never,
proxy: factory
}

11
modules/auxiliary/scanner/ssh/juniper_backdoor.rb
View File

@ -43,11 +43,12 @@ class MetasploitModule < Msf::Auxiliary
def run_host(ip)
factory = ssh_socket_factory
ssh_opts = {
port: rport,
auth_methods: ['password', 'keyboard-interactive'],
password: %q{<<< %s(un='%s') = %u},
proxy: factory,
:non_interactive => true
:port => rport,
:auth_methods => ['password', 'keyboard-interactive'],
:password => %q{<<< %s(un='%s') = %u},
:proxy => factory,
:non_interactive => true,
:verify_host_key => :never
}
ssh_opts.merge!(verbose: :debug) if datastore['SSH_DEBUG']

15
modules/auxiliary/scanner/ssh/ssh_enumusers.rb
View File

@ -80,13 +80,14 @@ class MetasploitModule < Msf::Auxiliary
pass = Rex::Text.rand_text_alphanumeric(64_000)
factory = ssh_socket_factory
opt_hash = {
:auth_methods => ['password', 'keyboard-interactive'],
:port => port,
:use_agent => false,
:password => pass,
:config => false,
:proxy => factory,
:non_interactive => true
:auth_methods => ['password', 'keyboard-interactive'],
:port => port,
:use_agent => false,
:password => pass,
:config => false,
:proxy => factory,
:non_interactive => true,
:verify_host_key => :never
}
opt_hash.merge!(:verbose => :debug) if datastore['SSH_DEBUG']

15
modules/auxiliary/scanner/ssh/ssh_identify_pubkeys.rb
View File

@ -204,13 +204,14 @@ class MetasploitModule < Msf::Auxiliary
factory = ssh_socket_factory
opt_hash = {
:auth_methods => ['publickey'],
:port => port,
:key_data => key_data[:public],
:use_agent => false,
:config =>false,
:proxy => factory,
:non_interactive => true
:auth_methods => ['publickey'],
:port => port,
:key_data => key_data[:public],
:use_agent => false,
:config => false,
:proxy => factory,
:non_interactive => true,
:verify_host_key => :never
}
opt_hash.merge!(:verbose => :debug) if datastore['SSH_DEBUG']

15
modules/exploits/apple_ios/ssh/cydia_default_ssh.rb
View File

@ -79,13 +79,14 @@ class MetasploitModule < Msf::Exploit::Remote
def do_login(user, pass)
factory = ssh_socket_factory
opts = {
auth_methods: ['password', 'keyboard-interactive'],
port: rport,
use_agent: false,
config: false,
password: pass,
proxy: factory,
non_interactive: true
:auth_methods => ['password', 'keyboard-interactive'],
:port => rport,
:use_agent => false,
:config => false,
:password => pass,
:proxy => factory,
:non_interactive => true,
:verify_host_key => :never
}
opts.merge!(:verbose => :debug) if datastore['SSH_DEBUG']

15
modules/exploits/linux/ssh/ceragon_fibeair_known_privkey.rb
View File

@ -74,13 +74,14 @@ class MetasploitModule < Msf::Exploit::Remote
def do_login(user)
factory = Rex::Socket::SSHFactory.new(framework,self, datastore['Proxies'])
opt_hash = {
auth_methods: ['publickey'],
port: rport,
key_data: [ key_data ],
use_agent: false,
config: false,
proxy: factory,
non_interactive: true
:auth_methods => ['publickey'],
:port => rport,
:key_data => [ key_data ],
:use_agent => false,
:config => false,
:proxy => factory,
:non_interactive => true,
:verify_host_key => :never
}
opt_hash.merge!(:verbose => :debug) if datastore['SSH_DEBUG']
begin

15
modules/exploits/linux/ssh/exagrid_known_privkey.rb
View File

@ -118,13 +118,14 @@ class MetasploitModule < Msf::Exploit::Remote
factory = ssh_socket_factory
ssh_options = {
auth_methods: ['publickey'],
config: false,
use_agent: false,
key_data: [ key_data ],
port: rport,
proxy: factory,
non_interactive: true
:auth_methods => ['publickey'],
:config => false,
:use_agent => false,
:key_data => [ key_data ],
:port => rport,
:proxy => factory,
:non_interactive => true,
:verify_host_key => :never
}
ssh_options.merge!(verbose: :debug) if datastore['SSH_DEBUG']

15
modules/exploits/linux/ssh/f5_bigip_known_privkey.rb
View File

@ -77,13 +77,14 @@ class MetasploitModule < Msf::Exploit::Remote
factory = Rex::Socket::SSHFactory.new(framework, self, datastore['Proxies'])
opt_hash = {
auth_methods: ['publickey'],
port: rport,
key_data: [ key_data ],
use_agent: false,
config: false,
proxy: factory,
non_interactive: true
:auth_methods => ['publickey'],
:port => rport,
:key_data => [ key_data ],
:use_agent => false,
:config => false,
:proxy => factory,
:non_interactive => true,
:verify_host_key => :never
}
opt_hash[:verbose] = :debug if datastore['SSH_DEBUG']

15
modules/exploits/linux/ssh/loadbalancerorg_enterprise_known_privkey.rb
View File

@ -71,13 +71,14 @@ class MetasploitModule < Msf::Exploit::Remote
def do_login(user)
factory = ssh_socket_factory
opt_hash = {
:auth_methods => ['publickey'],
:port => rport,
:key_data => [ key_data ],
:use_agent => false,
:config => false,
:proxy => factory,
:non_interactive => true
:auth_methods => ['publickey'],
:port => rport,
:key_data => [ key_data ],
:use_agent => false,
:config => false,
:proxy => factory,
:non_interactive => true,
:verify_host_key => :never
}
opt_hash.merge!(:verbose => :debug) if datastore['SSH_DEBUG']
begin

15
modules/exploits/linux/ssh/mercurial_ssh_exec.rb
View File

@ -74,13 +74,14 @@ class MetasploitModule < Msf::Exploit::Remote
def exploit
factory = ssh_socket_factory
ssh_options = {
auth_methods: ['publickey'],
config: false,
use_agent: false,
key_data: [ ssh_priv_key ],
port: rport,
proxy: factory,
non_interactive: true
:auth_methods => ['publickey'],
:config => false,
:use_agent => false,
:key_data => [ ssh_priv_key ],
:port => rport,
:proxy => factory,
:non_interactive => true,
:verify_host_key => :never
}
ssh_options.merge!(:verbose => :debug) if datastore['SSH_DEBUG']

15
modules/exploits/linux/ssh/quantum_dxi_known_privkey.rb
View File

@ -70,13 +70,14 @@ class MetasploitModule < Msf::Exploit::Remote
def do_login(user)
factory = ssh_socket_factory
opt_hash = {
:auth_methods => ['publickey'],
:port => rport,
:key_data => [ key_data ],
:use_agent => false,
:config => false,
:proxy => factory,
:non_interactive => true
:auth_methods => ['publickey'],
:port => rport,
:key_data => [ key_data ],
:use_agent => false,
:config => false,
:proxy => factory,
:non_interactive => true,
:verify_host_key => :never
}
opt_hash.merge!(:verbose => :debug) if datastore['SSH_DEBUG']
begin

15
modules/exploits/linux/ssh/quantum_vmpro_backdoor.rb
View File

@ -82,13 +82,14 @@ class MetasploitModule < Msf::Exploit::Remote
def do_login(user, pass)
factory = ssh_socket_factory
opts = {
:auth_methods => ['password', 'keyboard-interactive'],
:port => rport,
:use_agent => false,
:config => true,
:password => pass,
:proxy => factory,
:non_interactive => true
:auth_methods => ['password', 'keyboard-interactive'],
:port => rport,
:use_agent => false,
:config => true,
:password => pass,
:proxy => factory,
:non_interactive => true,
:verify_host_key => :never
}
opts.merge!(:verbose => :debug) if datastore['SSH_DEBUG']

15
modules/exploits/linux/ssh/solarwinds_lem_exec.rb
View File

@ -75,13 +75,14 @@ class MetasploitModule < Msf::Exploit::Remote
def exploit
factory = ssh_socket_factory
opts = {
:auth_methods => ['keyboard-interactive'],
:port => rport,
:use_agent => false,
:config => false,
:password => password,
:proxy => factory,
:non_interactive => true
:auth_methods => ['keyboard-interactive'],
:port => rport,
:use_agent => false,
:config => false,
:password => password,
:proxy => factory,
:non_interactive => true,
:verify_host_key => :never
}
opts.merge!(:verbose => :debug) if datastore['SSH_DEBUG']

15
modules/exploits/linux/ssh/symantec_smg_ssh.rb
View File

@ -86,13 +86,14 @@ class MetasploitModule < Msf::Exploit::Remote
def do_login(user, pass)
factory = ssh_socket_factory
opts = {
:auth_methods => ['password', 'keyboard-interactive'],
:port => rport,
:use_agent => false,
:config => false,
:password => pass,
:proxy => factory,
:non_interactive => true
:auth_methods => ['password', 'keyboard-interactive'],
:port => rport,
:use_agent => false,
:config => false,
:password => pass,
:proxy => factory,
:non_interactive => true,
:verify_host_key => :never
}
opts.merge!(:verbose => :debug) if datastore['SSH_DEBUG']

1
modules/exploits/linux/ssh/ubiquiti_airos_file_upload.rb
View File

@ -130,6 +130,7 @@ class MetasploitModule < Msf::Exploit::Remote
non_interactive: true,
config: false,
use_agent: false,
verify_host_key: :never,
proxy: factory
}

15
modules/exploits/linux/ssh/vmware_vdp_known_privkey.rb
View File

@ -70,13 +70,14 @@ class MetasploitModule < Msf::Exploit::Remote
def do_login()
factory = Rex::Socket::SSHFactory.new(framework,self, datastore['Proxies'])
opt_hash = {
auth_methods: ['publickey'],
port: rport,
key_data: [ key_data ],
use_agent: false,
config: false,
proxy: factory,
non_interactive: true
:auth_methods => ['publickey'],
:port => rport,
:key_data => [ key_data ],
:use_agent => false,
:config => false,
:proxy => factory,
:non_interactive => true,
:verify_host_key => :never
}
opt_hash.merge!(:verbose => :debug) if datastore['SSH_DEBUG']
begin

15
modules/exploits/multi/ssh/sshexec.rb
View File

@ -147,13 +147,14 @@ class MetasploitModule < Msf::Exploit::Remote
def do_login(ip, user, pass, port)
factory = ssh_socket_factory
opt_hash = {
auth_methods: ['password', 'keyboard-interactive'],
port: port,
use_agent: false,
config: false,
password: pass,
proxy: factory,
non_interactive: true
:auth_methods => ['password', 'keyboard-interactive'],
:port => port,
:use_agent => false,
:config => false,
:password => pass,
:proxy => factory,
:non_interactive => true,
:verify_host_key => :never
}
opt_hash[:verbose] = :debug if (datastore['SSH_DEBUG'])

30
modules/exploits/unix/ssh/array_vxag_vapv_privkey_privesc.rb
View File

@ -101,13 +101,14 @@ class MetasploitModule < Msf::Exploit::Remote
factory = ssh_socket_factory
opts = {
:auth_methods => ['publickey'],
:port => rport,
:use_agent => false,
:config => true,
:key_data => key_data,
:proxy => factory,
:non_interactive => true
:auth_methods => ['publickey'],
:port => rport,
:use_agent => false,
:config => true,
:key_data => key_data,
:proxy => factory,
:non_interactive => true,
:verify_host_key => :never
}
opts
@ -117,13 +118,14 @@ class MetasploitModule < Msf::Exploit::Remote
print_status("#{rhost}:#{rport} - Attempting to login with '#{user}:#{pass}'")
factory = ssh_socket_factory
opts = {
:auth_methods => ['password', 'keyboard-interactive'],
:port => rport,
:use_agent => false,
:config => true,
:password => pass,
:proxy => factory,
:non_interactive => true
:auth_methods => ['password', 'keyboard-interactive'],
:port => rport,
:use_agent => false,
:config => true,
:password => pass,
:proxy => factory,
:non_interactive => true,
:verify_host_key => :never
}
opts

6
modules/exploits/unix/ssh/tectia_passwd_changereq.rb
View File

@ -186,7 +186,11 @@ class MetasploitModule < Msf::Exploit::Remote
end
def init_ssh(user)
opts = {:user=>user, :port=>rport}
opts = {
:user => user,
:port => rport,
:verify_host_key => :never
}
options = Net::SSH::Config.for(rhost, Net::SSH::Config.default_files).merge(opts)
transport = Net::SSH::Transport::Session.new(rhost, options)
connection = Net::SSH::Connection::Session.new(transport, options)

13
modules/exploits/windows/ssh/freesshd_authbypass.rb
View File

@ -80,12 +80,13 @@ class MetasploitModule < Msf::Exploit::Remote
def setup_ssh_options
{
password: rand_text_alpha(8),
port: datastore['RPORT'],
timeout: 1,
proxies: datastore['Proxies'],
key_data: OpenSSL::PKey::RSA.new(2048).to_pem,
auth_methods: ['publickey']
:password => rand_text_alpha(8),
:port => datastore['RPORT'],
:timeout => 1,
:proxies => datastore['Proxies'],
:key_data => OpenSSL::PKey::RSA.new(2048).to_pem,
:auth_methods => ['publickey'],
:verify_host_key => :never
}
end

3
modules/exploits/windows/ssh/sysax_ssh_username.rb
View File

@ -202,7 +202,8 @@ class MetasploitModule < Msf::Exploit::Remote
timeout: 1,
proxy: factory,
config: false,
non_interactive: true
non_interactive: true,
verify_host_key: :never
)
::Timeout.timeout(1) { ssh.close }

32
spec/lib/metasploit/framework/login_scanner/ssh_spec.rb
View File

@ -138,14 +138,15 @@ RSpec.describe Metasploit::Framework::LoginScanner::SSH do
it 'calls Net::SSH with the correct arguments' do
factory = Rex::Socket::SSHFactory.new(nil,nil,nil)
opt_hash = {
:port => ssh_scanner.port,
:use_agent => false,
:config => false,
:verbose => ssh_scanner.verbosity,
:proxy => factory,
:auth_methods => ['password','keyboard-interactive'],
:password => private,
:non_interactive => true
:port => ssh_scanner.port,
:use_agent => false,
:config => false,
:verbose => ssh_scanner.verbosity,
:proxy => factory,
:auth_methods => ['password','keyboard-interactive'],
:password => private,
:non_interactive => true,
:verify_host_key => :never
}
allow(Rex::Socket::SSHFactory).to receive(:new).and_return factory
expect(Net::SSH).to receive(:start).with(
@ -161,13 +162,14 @@ RSpec.describe Metasploit::Framework::LoginScanner::SSH do
it 'calls Net::SSH with the correct arguments' do
factory = Rex::Socket::SSHFactory.new(nil,nil,nil)
opt_hash = {
:auth_methods => ['publickey'],
:port => ssh_scanner.port,
:use_agent => false,
:key_data => key,
:config => false,
:verbose => ssh_scanner.verbosity,
:proxy => factory
:auth_methods => ['publickey'],
:port => ssh_scanner.port,
:use_agent => false,
:key_data => key,
:config => false,
:verbose => ssh_scanner.verbosity,
:proxy => factory,
:verify_host_key => :never
}
allow(Rex::Socket::SSHFactory).to receive(:new).and_return factory
expect(Net::SSH).to receive(:start).with(