Add testing note about session channel opens

2018-10-19 13:13:22 -05:00 · 2018-10-19 13:13:22 -05:00 · cc283d9def
parent ab5fccc8f6
commit cc283d9def
1 changed files with 5 additions and 0 deletions
--- a/lib/msf/core/exploit/ssh/auth_methods.rb
+++ b/lib/msf/core/exploit/ssh/auth_methods.rb
@ -175,6 +175,11 @@ module Msf::Exploit::Remote::SSH::AuthMethods
        :byte, USERAUTH_SUCCESS
      ))

+      # We can't fingerprint or otherwise reduce false positives using a session
+      # channel open, since most implementations I've seen support only one
+      # session channel and don't support channel closing, so this would block
+      # us from getting a shell
+
      # So assume we succeeded until we can verify
      true
    end