infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Remove verifying host keys for all exploits

GSoC/Meterpreter_Web_Console
Kevin Kirsche 2018-08-15 14:54:41 -07:00
parent 09434bd57c
commit cd01f11fd2
17 changed files with 134 additions and 113 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
modules/exploits/apple_ios/ssh/cydia_default_ssh.rb
View File

@ -79,13 +79,14 @@ class MetasploitModule < Msf::Exploit::Remote
def do_login(user, pass)
factory = ssh_socket_factory
opts = {
auth_methods: ['password', 'keyboard-interactive'],
port: rport,
use_agent: false,
config: false,
password: pass,
proxy: factory,
non_interactive: true
:auth_methods => ['password', 'keyboard-interactive'],
:port => rport,
:use_agent => false,
:config => false,
:password => pass,
:proxy => factory,
:non_interactive => true,
:verify_host_key => :never
}
opts.merge!(:verbose => :debug) if datastore['SSH_DEBUG']

15
modules/exploits/linux/ssh/ceragon_fibeair_known_privkey.rb
View File

@ -74,13 +74,14 @@ class MetasploitModule < Msf::Exploit::Remote
def do_login(user)
factory = Rex::Socket::SSHFactory.new(framework,self, datastore['Proxies'])
opt_hash = {
auth_methods: ['publickey'],
port: rport,
key_data: [ key_data ],
use_agent: false,
config: false,
proxy: factory,
non_interactive: true
:auth_methods => ['publickey'],
:port => rport,
:key_data => [ key_data ],
:use_agent => false,
:config => false,
:proxy => factory,
:non_interactive => true,
:verify_host_key => :never
}
opt_hash.merge!(:verbose => :debug) if datastore['SSH_DEBUG']
begin

15
modules/exploits/linux/ssh/exagrid_known_privkey.rb
View File

@ -118,13 +118,14 @@ class MetasploitModule < Msf::Exploit::Remote
factory = ssh_socket_factory
ssh_options = {
auth_methods: ['publickey'],
config: false,
use_agent: false,
key_data: [ key_data ],
port: rport,
proxy: factory,
non_interactive: true
:auth_methods => ['publickey'],
:config => false,
:use_agent => false,
:key_data => [ key_data ],
:port => rport,
:proxy => factory,
:non_interactive => true,
:verify_host_key => :never
}
ssh_options.merge!(verbose: :debug) if datastore['SSH_DEBUG']

15
modules/exploits/linux/ssh/f5_bigip_known_privkey.rb
View File

@ -77,13 +77,14 @@ class MetasploitModule < Msf::Exploit::Remote
factory = Rex::Socket::SSHFactory.new(framework, self, datastore['Proxies'])
opt_hash = {
auth_methods: ['publickey'],
port: rport,
key_data: [ key_data ],
use_agent: false,
config: false,
proxy: factory,
non_interactive: true
:auth_methods => ['publickey'],
:port => rport,
:key_data => [ key_data ],
:use_agent => false,
:config => false,
:proxy => factory,
:non_interactive => true,
:verify_host_key => :never
}
opt_hash[:verbose] = :debug if datastore['SSH_DEBUG']

15
modules/exploits/linux/ssh/loadbalancerorg_enterprise_known_privkey.rb
View File

@ -71,13 +71,14 @@ class MetasploitModule < Msf::Exploit::Remote
def do_login(user)
factory = ssh_socket_factory
opt_hash = {
:auth_methods => ['publickey'],
:port => rport,
:key_data => [ key_data ],
:use_agent => false,
:config => false,
:proxy => factory,
:non_interactive => true
:auth_methods => ['publickey'],
:port => rport,
:key_data => [ key_data ],
:use_agent => false,
:config => false,
:proxy => factory,
:non_interactive => true,
:verify_host_key => :never
}
opt_hash.merge!(:verbose => :debug) if datastore['SSH_DEBUG']
begin

15
modules/exploits/linux/ssh/mercurial_ssh_exec.rb
View File

@ -74,13 +74,14 @@ class MetasploitModule < Msf::Exploit::Remote
def exploit
factory = ssh_socket_factory
ssh_options = {
auth_methods: ['publickey'],
config: false,
use_agent: false,
key_data: [ ssh_priv_key ],
port: rport,
proxy: factory,
non_interactive: true
:auth_methods => ['publickey'],
:config => false,
:use_agent => false,
:key_data => [ ssh_priv_key ],
:port => rport,
:proxy => factory,
:non_interactive => true,
:verify_host_key => :never
}
ssh_options.merge!(:verbose => :debug) if datastore['SSH_DEBUG']

15
modules/exploits/linux/ssh/quantum_dxi_known_privkey.rb
View File

@ -70,13 +70,14 @@ class MetasploitModule < Msf::Exploit::Remote
def do_login(user)
factory = ssh_socket_factory
opt_hash = {
:auth_methods => ['publickey'],
:port => rport,
:key_data => [ key_data ],
:use_agent => false,
:config => false,
:proxy => factory,
:non_interactive => true
:auth_methods => ['publickey'],
:port => rport,
:key_data => [ key_data ],
:use_agent => false,
:config => false,
:proxy => factory,
:non_interactive => true,
:verify_host_key => :never
}
opt_hash.merge!(:verbose => :debug) if datastore['SSH_DEBUG']
begin

15
modules/exploits/linux/ssh/quantum_vmpro_backdoor.rb
View File

@ -82,13 +82,14 @@ class MetasploitModule < Msf::Exploit::Remote
def do_login(user, pass)
factory = ssh_socket_factory
opts = {
:auth_methods => ['password', 'keyboard-interactive'],
:port => rport,
:use_agent => false,
:config => true,
:password => pass,
:proxy => factory,
:non_interactive => true
:auth_methods => ['password', 'keyboard-interactive'],
:port => rport,
:use_agent => false,
:config => true,
:password => pass,
:proxy => factory,
:non_interactive => true,
:verify_host_key => :never
}
opts.merge!(:verbose => :debug) if datastore['SSH_DEBUG']

15
modules/exploits/linux/ssh/solarwinds_lem_exec.rb
View File

@ -75,13 +75,14 @@ class MetasploitModule < Msf::Exploit::Remote
def exploit
factory = ssh_socket_factory
opts = {
:auth_methods => ['keyboard-interactive'],
:port => rport,
:use_agent => false,
:config => false,
:password => password,
:proxy => factory,
:non_interactive => true
:auth_methods => ['keyboard-interactive'],
:port => rport,
:use_agent => false,
:config => false,
:password => password,
:proxy => factory,
:non_interactive => true,
:verify_host_key => :never
}
opts.merge!(:verbose => :debug) if datastore['SSH_DEBUG']

15
modules/exploits/linux/ssh/symantec_smg_ssh.rb
View File

@ -86,13 +86,14 @@ class MetasploitModule < Msf::Exploit::Remote
def do_login(user, pass)
factory = ssh_socket_factory
opts = {
:auth_methods => ['password', 'keyboard-interactive'],
:port => rport,
:use_agent => false,
:config => false,
:password => pass,
:proxy => factory,
:non_interactive => true
:auth_methods => ['password', 'keyboard-interactive'],
:port => rport,
:use_agent => false,
:config => false,
:password => pass,
:proxy => factory,
:non_interactive => true,
:verify_host_key => :never
}
opts.merge!(:verbose => :debug) if datastore['SSH_DEBUG']

15
modules/exploits/linux/ssh/ubiquiti_airos_file_upload.rb
View File

@ -124,13 +124,14 @@ class MetasploitModule < Msf::Exploit::Remote
factory = ssh_socket_factory
ssh_opts = {
port: datastore['SSH_PORT'],
auth_methods: %w{publickey password},
key_data: [private_key],
non_interactive: true,
config: false,
use_agent: false,
proxy: factory
:port => datastore['SSH_PORT'],
:auth_methods => %w{publickey password},
:key_data => [private_key],
:non_interactive => true,
:config => false,
:use_agent => false,
:proxy => factory,
:verify_host_key => :never
}
ssh_opts.merge!(verbose: :debug) if datastore['SSH_DEBUG']

15
modules/exploits/linux/ssh/vmware_vdp_known_privkey.rb
View File

@ -70,13 +70,14 @@ class MetasploitModule < Msf::Exploit::Remote
def do_login()
factory = Rex::Socket::SSHFactory.new(framework,self, datastore['Proxies'])
opt_hash = {
auth_methods: ['publickey'],
port: rport,
key_data: [ key_data ],
use_agent: false,
config: false,
proxy: factory,
non_interactive: true
:auth_methods => ['publickey'],
:port => rport,
:key_data => [ key_data ],
:use_agent => false,
:config => false,
:proxy => factory,
:non_interactive => true,
:verify_host_key => :never
}
opt_hash.merge!(:verbose => :debug) if datastore['SSH_DEBUG']
begin

15
modules/exploits/multi/ssh/sshexec.rb
View File

@ -147,13 +147,14 @@ class MetasploitModule < Msf::Exploit::Remote
def do_login(ip, user, pass, port)
factory = ssh_socket_factory
opt_hash = {
auth_methods: ['password', 'keyboard-interactive'],
port: port,
use_agent: false,
config: false,
password: pass,
proxy: factory,
non_interactive: true
:auth_methods => ['password', 'keyboard-interactive'],
:port => port,
:use_agent => false,
:config => false,
:password => pass,
:proxy => factory,
:non_interactive => true,
:verify_host_key => :never
}
opt_hash[:verbose] = :debug if (datastore['SSH_DEBUG'])

30
modules/exploits/unix/ssh/array_vxag_vapv_privkey_privesc.rb
View File

@ -101,13 +101,14 @@ class MetasploitModule < Msf::Exploit::Remote
factory = ssh_socket_factory
opts = {
:auth_methods => ['publickey'],
:port => rport,
:use_agent => false,
:config => true,
:key_data => key_data,
:proxy => factory,
:non_interactive => true
:auth_methods => ['publickey'],
:port => rport,
:use_agent => false,
:config => true,
:key_data => key_data,
:proxy => factory,
:non_interactive => true,
:verify_host_key => :never
}
opts
@ -117,13 +118,14 @@ class MetasploitModule < Msf::Exploit::Remote
print_status("#{rhost}:#{rport} - Attempting to login with '#{user}:#{pass}'")
factory = ssh_socket_factory
opts = {
:auth_methods => ['password', 'keyboard-interactive'],
:port => rport,
:use_agent => false,
:config => true,
:password => pass,
:proxy => factory,
:non_interactive => true
:auth_methods => ['password', 'keyboard-interactive'],
:port => rport,
:use_agent => false,
:config => true,
:password => pass,
:proxy => factory,
:non_interactive => true,
:verify_host_key => :never
}
opts

6
modules/exploits/unix/ssh/tectia_passwd_changereq.rb
View File

@ -186,7 +186,11 @@ class MetasploitModule < Msf::Exploit::Remote
end
def init_ssh(user)
opts = {:user=>user, :port=>rport}
opts = {
:user => user,
:port => rport,
:verify_host_key => :never
}
options = Net::SSH::Config.for(rhost, Net::SSH::Config.default_files).merge(opts)
transport = Net::SSH::Transport::Session.new(rhost, options)
connection = Net::SSH::Connection::Session.new(transport, options)

13
modules/exploits/windows/ssh/freesshd_authbypass.rb
View File

@ -80,12 +80,13 @@ class MetasploitModule < Msf::Exploit::Remote
def setup_ssh_options
{
password: rand_text_alpha(8),
port: datastore['RPORT'],
timeout: 1,
proxies: datastore['Proxies'],
key_data: OpenSSL::PKey::RSA.new(2048).to_pem,
auth_methods: ['publickey']
:password => rand_text_alpha(8),
:port => datastore['RPORT'],
:timeout => 1,
:proxies => datastore['Proxies'],
:key_data => OpenSSL::PKey::RSA.new(2048).to_pem,
:auth_methods => ['publickey'],
:verify_host_key => :never
}
end

3
modules/exploits/windows/ssh/sysax_ssh_username.rb
View File

@ -202,7 +202,8 @@ class MetasploitModule < Msf::Exploit::Remote
timeout: 1,
proxy: factory,
config: false,
non_interactive: true
non_interactive: true,
verify_host_key: :never
)
::Timeout.timeout(1) { ssh.close }