From 904f3428489cae6a3996e6090e23f198439c6365 Mon Sep 17 00:00:00 2001 From: Stephen Haywood Date: Mon, 10 Dec 2018 20:38:04 -0500 Subject: [PATCH 1/9] Option to not create shell on login. --- modules/auxiliary/scanner/ssh/ssh_login.rb | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/modules/auxiliary/scanner/ssh/ssh_login.rb b/modules/auxiliary/scanner/ssh/ssh_login.rb index f56a6a84b5..560928905b 100644 --- a/modules/auxiliary/scanner/ssh/ssh_login.rb +++ b/modules/auxiliary/scanner/ssh/ssh_login.rb @@ -35,7 +35,8 @@ class MetasploitModule < Msf::Auxiliary register_options( [ - Opt::RPORT(22) + Opt::RPORT(22), + OptBool.new('NO_SHELL', [ false, 'Do not create a shell on sucessful login.', false]), ], self.class ) @@ -128,7 +129,7 @@ class MetasploitModule < Msf::Auxiliary credential_core = create_credential(credential_data) credential_data[:core] = credential_core create_credential_login(credential_data) - session_setup(result, scanner) + session_setup(result, scanner) unless datastore['NO_SHELL'] :next_user when Metasploit::Model::Login::Status::UNABLE_TO_CONNECT vprint_brute :level => :verror, :ip => ip, :msg => "Could not connect: #{result.proof}" From 8a7187ad797c150be573f6e37e48763657e8d044 Mon Sep 17 00:00:00 2001 From: Stephen Haywood Date: Tue, 11 Dec 2018 22:21:35 -0500 Subject: [PATCH 2/9] Add CREATE_SESSION option to CommanShell Register the CREATE_SESSION option in command_shell_options so it can be used with all modules that use start_session. Modify ssh_login.rb, ssh_login_pubkey.rb, and telnet_login.rb to use the new CREATE_SESSION option. When CREATE_SESSION is set to true (default) a new session is created with each successful login. When set to false a new session is not created but the successful login is still registered in the credentials database. --- lib/msf/base/sessions/command_shell_options.rb | 6 ++++++ modules/auxiliary/scanner/ssh/ssh_login.rb | 5 +++-- modules/auxiliary/scanner/ssh/ssh_login_pubkey.rb | 4 +++- modules/auxiliary/scanner/telnet/telnet_login.rb | 4 +++- 4 files changed, 15 insertions(+), 4 deletions(-) diff --git a/lib/msf/base/sessions/command_shell_options.rb b/lib/msf/base/sessions/command_shell_options.rb index 08d94b133e..3f61e1dbe3 100644 --- a/lib/msf/base/sessions/command_shell_options.rb +++ b/lib/msf/base/sessions/command_shell_options.rb @@ -15,6 +15,12 @@ module CommandShellOptions def initialize(info = {}) super(info) + register_options( + [ + OptBool.new('CREATE_SESSION', [false, 'Create a new session on successful login.', true]) + ] + ) + register_advanced_options( [ OptString.new('InitialAutoRunScript', "An initial script to run on session creation (before AutoRunScript)"), diff --git a/modules/auxiliary/scanner/ssh/ssh_login.rb b/modules/auxiliary/scanner/ssh/ssh_login.rb index 560928905b..32c298e31f 100644 --- a/modules/auxiliary/scanner/ssh/ssh_login.rb +++ b/modules/auxiliary/scanner/ssh/ssh_login.rb @@ -36,7 +36,6 @@ class MetasploitModule < Msf::Auxiliary register_options( [ Opt::RPORT(22), - OptBool.new('NO_SHELL', [ false, 'Do not create a shell on sucessful login.', false]), ], self.class ) @@ -129,7 +128,9 @@ class MetasploitModule < Msf::Auxiliary credential_core = create_credential(credential_data) credential_data[:core] = credential_core create_credential_login(credential_data) - session_setup(result, scanner) unless datastore['NO_SHELL'] + if datastore['CREATE_SESSION'] + session_setup(result, scanner) + end :next_user when Metasploit::Model::Login::Status::UNABLE_TO_CONNECT vprint_brute :level => :verror, :ip => ip, :msg => "Could not connect: #{result.proof}" diff --git a/modules/auxiliary/scanner/ssh/ssh_login_pubkey.rb b/modules/auxiliary/scanner/ssh/ssh_login_pubkey.rb index 6614f4b8f1..6430a61a43 100644 --- a/modules/auxiliary/scanner/ssh/ssh_login_pubkey.rb +++ b/modules/auxiliary/scanner/ssh/ssh_login_pubkey.rb @@ -152,7 +152,9 @@ class MetasploitModule < Msf::Auxiliary create_credential_login(credential_data) tmp_key = result.credential.private ssh_key = SSHKey.new tmp_key - session_setup(result, scanner, ssh_key.fingerprint) + if datastore['CREATE_SESSION'] + session_setup(result, scanner, ssh_key.fingerprint) + end :next_user when Metasploit::Model::Login::Status::UNABLE_TO_CONNECT if datastore['VERBOSE'] diff --git a/modules/auxiliary/scanner/telnet/telnet_login.rb b/modules/auxiliary/scanner/telnet/telnet_login.rb index 82c1452813..dccc4277c0 100644 --- a/modules/auxiliary/scanner/telnet/telnet_login.rb +++ b/modules/auxiliary/scanner/telnet/telnet_login.rb @@ -90,7 +90,9 @@ class MetasploitModule < Msf::Auxiliary credential_data[:core] = credential_core create_credential_login(credential_data) print_good "#{ip}:#{rport} - Login Successful: #{result.credential}" - start_telnet_session(ip,rport,result.credential.public,result.credential.private,scanner) + if datastore['CREATE_SESSION'] + start_telnet_session(ip,rport,result.credential.public,result.credential.private,scanner) + end else invalidate_login(credential_data) vprint_error "#{ip}:#{rport} - LOGIN FAILED: #{result.credential} (#{result.status}: #{result.proof})" From eceb47a9dac25bfd1c1e256b9064759ad42fcf16 Mon Sep 17 00:00:00 2001 From: Stephen Haywood Date: Tue, 11 Dec 2018 22:47:31 -0500 Subject: [PATCH 3/9] Move CREATE_SESSION option to advanced option CreateSession --- lib/msf/base/sessions/command_shell_options.rb | 7 +------ modules/auxiliary/scanner/ssh/ssh_login.rb | 2 +- modules/auxiliary/scanner/ssh/ssh_login_pubkey.rb | 2 +- modules/auxiliary/scanner/telnet/telnet_login.rb | 2 +- 4 files changed, 4 insertions(+), 9 deletions(-) diff --git a/lib/msf/base/sessions/command_shell_options.rb b/lib/msf/base/sessions/command_shell_options.rb index 3f61e1dbe3..d2efb35259 100644 --- a/lib/msf/base/sessions/command_shell_options.rb +++ b/lib/msf/base/sessions/command_shell_options.rb @@ -15,14 +15,9 @@ module CommandShellOptions def initialize(info = {}) super(info) - register_options( - [ - OptBool.new('CREATE_SESSION', [false, 'Create a new session on successful login.', true]) - ] - ) - register_advanced_options( [ + OptBool.new('CreateSession', [false, 'Create a new session on successful login.', true]), OptString.new('InitialAutoRunScript', "An initial script to run on session creation (before AutoRunScript)"), OptString.new('AutoRunScript', "A script to run automatically on session creation."), OptString.new('CommandShellCleanupCommand', "A command to run before the session is closed") diff --git a/modules/auxiliary/scanner/ssh/ssh_login.rb b/modules/auxiliary/scanner/ssh/ssh_login.rb index 32c298e31f..5772534f2b 100644 --- a/modules/auxiliary/scanner/ssh/ssh_login.rb +++ b/modules/auxiliary/scanner/ssh/ssh_login.rb @@ -128,7 +128,7 @@ class MetasploitModule < Msf::Auxiliary credential_core = create_credential(credential_data) credential_data[:core] = credential_core create_credential_login(credential_data) - if datastore['CREATE_SESSION'] + if datastore['CreateSession'] session_setup(result, scanner) end :next_user diff --git a/modules/auxiliary/scanner/ssh/ssh_login_pubkey.rb b/modules/auxiliary/scanner/ssh/ssh_login_pubkey.rb index 6430a61a43..aa9f7ae163 100644 --- a/modules/auxiliary/scanner/ssh/ssh_login_pubkey.rb +++ b/modules/auxiliary/scanner/ssh/ssh_login_pubkey.rb @@ -152,7 +152,7 @@ class MetasploitModule < Msf::Auxiliary create_credential_login(credential_data) tmp_key = result.credential.private ssh_key = SSHKey.new tmp_key - if datastore['CREATE_SESSION'] + if datastore['CreateSession'] session_setup(result, scanner, ssh_key.fingerprint) end :next_user diff --git a/modules/auxiliary/scanner/telnet/telnet_login.rb b/modules/auxiliary/scanner/telnet/telnet_login.rb index dccc4277c0..7e094308d9 100644 --- a/modules/auxiliary/scanner/telnet/telnet_login.rb +++ b/modules/auxiliary/scanner/telnet/telnet_login.rb @@ -90,7 +90,7 @@ class MetasploitModule < Msf::Auxiliary credential_data[:core] = credential_core create_credential_login(credential_data) print_good "#{ip}:#{rport} - Login Successful: #{result.credential}" - if datastore['CREATE_SESSION'] + if datastore['CreateSession'] start_telnet_session(ip,rport,result.credential.public,result.credential.private,scanner) end else From fa2164ebb91dd06b90e5d184d321757cfc978dd7 Mon Sep 17 00:00:00 2001 From: Stephen Haywood Date: Wed, 12 Dec 2018 13:38:58 -0500 Subject: [PATCH 4/9] Update to match coding style. --- modules/auxiliary/scanner/ssh/ssh_login.rb | 6 ++---- modules/auxiliary/scanner/ssh/ssh_login_pubkey.rb | 4 +--- modules/auxiliary/scanner/telnet/telnet_login.rb | 4 +--- 3 files changed, 4 insertions(+), 10 deletions(-) diff --git a/modules/auxiliary/scanner/ssh/ssh_login.rb b/modules/auxiliary/scanner/ssh/ssh_login.rb index 5772534f2b..d832ce03c3 100644 --- a/modules/auxiliary/scanner/ssh/ssh_login.rb +++ b/modules/auxiliary/scanner/ssh/ssh_login.rb @@ -35,7 +35,7 @@ class MetasploitModule < Msf::Auxiliary register_options( [ - Opt::RPORT(22), + Opt::RPORT(22) ], self.class ) @@ -128,9 +128,7 @@ class MetasploitModule < Msf::Auxiliary credential_core = create_credential(credential_data) credential_data[:core] = credential_core create_credential_login(credential_data) - if datastore['CreateSession'] - session_setup(result, scanner) - end + session_setup(result, scanner) if datastore['CreateSession'] :next_user when Metasploit::Model::Login::Status::UNABLE_TO_CONNECT vprint_brute :level => :verror, :ip => ip, :msg => "Could not connect: #{result.proof}" diff --git a/modules/auxiliary/scanner/ssh/ssh_login_pubkey.rb b/modules/auxiliary/scanner/ssh/ssh_login_pubkey.rb index aa9f7ae163..01ac703bf6 100644 --- a/modules/auxiliary/scanner/ssh/ssh_login_pubkey.rb +++ b/modules/auxiliary/scanner/ssh/ssh_login_pubkey.rb @@ -152,9 +152,7 @@ class MetasploitModule < Msf::Auxiliary create_credential_login(credential_data) tmp_key = result.credential.private ssh_key = SSHKey.new tmp_key - if datastore['CreateSession'] - session_setup(result, scanner, ssh_key.fingerprint) - end + session_setup(result, scanner, ssh_key.fingerprint) if datastore['CreateSession'] :next_user when Metasploit::Model::Login::Status::UNABLE_TO_CONNECT if datastore['VERBOSE'] diff --git a/modules/auxiliary/scanner/telnet/telnet_login.rb b/modules/auxiliary/scanner/telnet/telnet_login.rb index 7e094308d9..f400db31b3 100644 --- a/modules/auxiliary/scanner/telnet/telnet_login.rb +++ b/modules/auxiliary/scanner/telnet/telnet_login.rb @@ -90,9 +90,7 @@ class MetasploitModule < Msf::Auxiliary credential_data[:core] = credential_core create_credential_login(credential_data) print_good "#{ip}:#{rport} - Login Successful: #{result.credential}" - if datastore['CreateSession'] - start_telnet_session(ip,rport,result.credential.public,result.credential.private,scanner) - end + start_telnet_session(ip,rport,result.credential.public,result.credential.private,scanner) if datastore['CreateSession'] else invalidate_login(credential_data) vprint_error "#{ip}:#{rport} - LOGIN FAILED: #{result.credential} (#{result.status}: #{result.proof})" From 7cffbac65b3304622269fa21ee0c35c98c368c9e Mon Sep 17 00:00:00 2001 From: Stephen Haywood Date: Wed, 12 Dec 2018 13:57:31 -0500 Subject: [PATCH 5/9] Update additional scanner modules. --- modules/auxiliary/scanner/rservices/rexec_login.rb | 2 +- modules/auxiliary/scanner/rservices/rlogin_login.rb | 2 +- modules/auxiliary/scanner/rservices/rsh_login.rb | 2 +- modules/auxiliary/scanner/ssh/fortinet_backdoor.rb | 2 +- modules/auxiliary/scanner/telnet/brocade_enable_login.rb | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/modules/auxiliary/scanner/rservices/rexec_login.rb b/modules/auxiliary/scanner/rservices/rexec_login.rb index 045f3264b6..f3697f8637 100644 --- a/modules/auxiliary/scanner/rservices/rexec_login.rb +++ b/modules/auxiliary/scanner/rservices/rexec_login.rb @@ -182,6 +182,6 @@ class MetasploitModule < Msf::Auxiliary # Don't tie the life of this socket to the exploit self.sockets.delete(stderr_sock) - start_session(self, "rexec #{user}:#{pass} (#{host}:#{port})", merge_me) + start_session(self, "rexec #{user}:#{pass} (#{host}:#{port})", merge_me) if datastore['CreateSession'] end end diff --git a/modules/auxiliary/scanner/rservices/rlogin_login.rb b/modules/auxiliary/scanner/rservices/rlogin_login.rb index 7f0f79ad05..a86f565f6e 100644 --- a/modules/auxiliary/scanner/rservices/rlogin_login.rb +++ b/modules/auxiliary/scanner/rservices/rlogin_login.rb @@ -326,7 +326,7 @@ class MetasploitModule < Msf::Auxiliary end report_auth_info(auth_info) - start_session(self, info, merge_me) + start_session(self, info, merge_me) if datastore['CreateSession'] end end diff --git a/modules/auxiliary/scanner/rservices/rsh_login.rb b/modules/auxiliary/scanner/rservices/rsh_login.rb index 51cd447655..2d234ee9ec 100644 --- a/modules/auxiliary/scanner/rservices/rsh_login.rb +++ b/modules/auxiliary/scanner/rservices/rsh_login.rb @@ -267,6 +267,6 @@ class MetasploitModule < Msf::Auxiliary # Don't tie the life of this socket to the exploit self.sockets.delete(stderr_sock) - start_session(self, "RSH #{user} from #{luser} (#{host}:#{port})", merge_me) + start_session(self, "RSH #{user} from #{luser} (#{host}:#{port})", merge_me) if datastore['CreateSession'] end end diff --git a/modules/auxiliary/scanner/ssh/fortinet_backdoor.rb b/modules/auxiliary/scanner/ssh/fortinet_backdoor.rb index ce79658bd5..9de0acb9c4 100644 --- a/modules/auxiliary/scanner/ssh/fortinet_backdoor.rb +++ b/modules/auxiliary/scanner/ssh/fortinet_backdoor.rb @@ -89,7 +89,7 @@ class MetasploitModule < Msf::Auxiliary 'USERNAME' => 'Fortimanager_Access' } - start_session(self, info, ds_merge, false, shell.lsock) + start_session(self, info, ds_merge, false, shell.lsock) if datastore['CreateSession'] # XXX: Ruby segfaults if we don't remove the SSH socket remove_socket(ssh.transport.socket) diff --git a/modules/auxiliary/scanner/telnet/brocade_enable_login.rb b/modules/auxiliary/scanner/telnet/brocade_enable_login.rb index e7c4324142..ea2bd00bbc 100644 --- a/modules/auxiliary/scanner/telnet/brocade_enable_login.rb +++ b/modules/auxiliary/scanner/telnet/brocade_enable_login.rb @@ -152,6 +152,6 @@ class MetasploitModule < Msf::Auxiliary 'PASSWORD' => pass } - start_session(self, "TELNET #{user}:#{pass} (#{host}:#{port})", merge_me, true, scanner.sock) + start_session(self, "TELNET #{user}:#{pass} (#{host}:#{port})", merge_me, true, scanner.sock) if datastore['CreateSession'] end end From a415063acd46ccabc240eb62efd22ce4482b6434 Mon Sep 17 00:00:00 2001 From: William Vu Date: Wed, 12 Dec 2018 15:29:13 -0600 Subject: [PATCH 6/9] Reword CreateSession option description --- lib/msf/base/sessions/command_shell_options.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/msf/base/sessions/command_shell_options.rb b/lib/msf/base/sessions/command_shell_options.rb index d2efb35259..d08d5411e6 100644 --- a/lib/msf/base/sessions/command_shell_options.rb +++ b/lib/msf/base/sessions/command_shell_options.rb @@ -17,7 +17,7 @@ module CommandShellOptions register_advanced_options( [ - OptBool.new('CreateSession', [false, 'Create a new session on successful login.', true]), + OptBool.new('CreateSession', [false, 'Create a new session for every successful login', true]), OptString.new('InitialAutoRunScript', "An initial script to run on session creation (before AutoRunScript)"), OptString.new('AutoRunScript', "A script to run automatically on session creation."), OptString.new('CommandShellCleanupCommand', "A command to run before the session is closed") From 6e77ae7e3e70a626fc71dbcc997fb904b88e0a3f Mon Sep 17 00:00:00 2001 From: William Vu Date: Wed, 12 Dec 2018 15:36:32 -0600 Subject: [PATCH 7/9] Update my SSH scanner modules Especially with proper error handling for Net::SSH::CommandStream. --- .../auxiliary/scanner/ssh/fortinet_backdoor.rb | 16 +++++++++++++--- .../auxiliary/scanner/ssh/libssh_auth_bypass.rb | 4 +++- 2 files changed, 16 insertions(+), 4 deletions(-) diff --git a/modules/auxiliary/scanner/ssh/fortinet_backdoor.rb b/modules/auxiliary/scanner/ssh/fortinet_backdoor.rb index 9de0acb9c4..2a939dbed7 100644 --- a/modules/auxiliary/scanner/ssh/fortinet_backdoor.rb +++ b/modules/auxiliary/scanner/ssh/fortinet_backdoor.rb @@ -4,6 +4,7 @@ ## class MetasploitModule < Msf::Auxiliary + include Msf::Exploit::Remote::SSH include Msf::Auxiliary::Scanner include Msf::Auxiliary::CommandShell @@ -81,15 +82,23 @@ class MetasploitModule < Msf::Auxiliary shell = Net::SSH::CommandStream.new(ssh) - return unless shell + # XXX: Wait for CommandStream to log a channel request failure + sleep 0.1 - info = "Fortinet SSH Backdoor (#{version})" + if (e = shell.error) + print_error("#{ip}:#{rport} - #{e.class}: #{e.message}") + return + end + + info = "#{self.name} (#{version})" ds_merge = { 'USERNAME' => 'Fortimanager_Access' } - start_session(self, info, ds_merge, false, shell.lsock) if datastore['CreateSession'] + if datastore['CreateSession'] + start_session(self, info, ds_merge, false, shell.lsock) + end # XXX: Ruby segfaults if we don't remove the SSH socket remove_socket(ssh.transport.socket) @@ -98,4 +107,5 @@ class MetasploitModule < Msf::Auxiliary def rport datastore['RPORT'] end + end diff --git a/modules/auxiliary/scanner/ssh/libssh_auth_bypass.rb b/modules/auxiliary/scanner/ssh/libssh_auth_bypass.rb index 01c6781004..102cedbdaf 100644 --- a/modules/auxiliary/scanner/ssh/libssh_auth_bypass.rb +++ b/modules/auxiliary/scanner/ssh/libssh_auth_bypass.rb @@ -137,7 +137,9 @@ class MetasploitModule < Msf::Auxiliary case action.name when 'Shell' - start_session(self, "#{self.name} (#{version})", {}, false, shell.lsock) + if datastore['CreateSession'] + start_session(self, "#{self.name} (#{version})", {}, false, shell.lsock) + end when 'Execute' output = shell.channel && (shell.channel[:data] || '').chomp From e69f0069921cd4bedd25fd53be5b6491bc3c0405 Mon Sep 17 00:00:00 2001 From: William Vu Date: Wed, 12 Dec 2018 15:41:35 -0600 Subject: [PATCH 8/9] Remove CommandShell mixin in exploits This was cargo culting. Exploits use handler instead of start_session. --- modules/exploits/apple_ios/ssh/cydia_default_ssh.rb | 1 - .../exploits/linux/http/raidsonic_nas_ib5220_exec_noauth.rb | 1 - modules/exploits/linux/ssh/quantum_vmpro_backdoor.rb | 1 - modules/exploits/linux/ssh/symantec_smg_ssh.rb | 1 - modules/exploits/linux/ssh/vmware_vdp_known_privkey.rb | 3 +-- 5 files changed, 1 insertion(+), 6 deletions(-) diff --git a/modules/exploits/apple_ios/ssh/cydia_default_ssh.rb b/modules/exploits/apple_ios/ssh/cydia_default_ssh.rb index dc333d137d..54a0cdbefe 100644 --- a/modules/exploits/apple_ios/ssh/cydia_default_ssh.rb +++ b/modules/exploits/apple_ios/ssh/cydia_default_ssh.rb @@ -9,7 +9,6 @@ require 'net/ssh/command_stream' class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking - include Msf::Auxiliary::CommandShell include Msf::Exploit::Remote::SSH def initialize(info={}) diff --git a/modules/exploits/linux/http/raidsonic_nas_ib5220_exec_noauth.rb b/modules/exploits/linux/http/raidsonic_nas_ib5220_exec_noauth.rb index 6ba01f5927..9e43ea048d 100644 --- a/modules/exploits/linux/http/raidsonic_nas_ib5220_exec_noauth.rb +++ b/modules/exploits/linux/http/raidsonic_nas_ib5220_exec_noauth.rb @@ -7,7 +7,6 @@ class MetasploitModule < Msf::Exploit::Remote Rank = ManualRanking # It's backdooring the remote device include Msf::Exploit::Remote::HttpClient - include Msf::Auxiliary::CommandShell include Msf::Exploit::FileDropper RESPONSE_PATTERN = "\ Date: Wed, 12 Dec 2018 15:47:18 -0600 Subject: [PATCH 9/9] Update a few stragglers And since eaton_xpert_backdoor was copied from my fortinet_backdoor module, update the error handling there, too. --- .../auxiliary/scanner/ssh/eaton_xpert_backdoor.rb | 14 ++++++++++++-- modules/auxiliary/scanner/ssh/karaf_login.rb | 5 ++--- 2 files changed, 14 insertions(+), 5 deletions(-) diff --git a/modules/auxiliary/scanner/ssh/eaton_xpert_backdoor.rb b/modules/auxiliary/scanner/ssh/eaton_xpert_backdoor.rb index ec385cab3b..2f31498512 100644 --- a/modules/auxiliary/scanner/ssh/eaton_xpert_backdoor.rb +++ b/modules/auxiliary/scanner/ssh/eaton_xpert_backdoor.rb @@ -87,13 +87,23 @@ class MetasploitModule < Msf::Auxiliary shell = Net::SSH::CommandStream.new(ssh) - return unless shell + # XXX: Wait for CommandStream to log a channel request failure + sleep 0.1 + + if (e = shell.error) + print_error("#{ip}:#{rport} - #{e.class}: #{e.message}") + return + end + + info = "#{self.name} (#{version})" ds_merge = { 'USERNAME' => 'admin' } - start_session(self, "Eaton Xpert Meter SSH Backdoor (#{version})", ds_merge, false, shell.lsock) + if datastore['CreateSession'] + start_session(self, info, ds_merge, false, shell.lsock) + end # XXX: Ruby segfaults if we don't remove the SSH socket remove_socket(ssh.transport.socket) diff --git a/modules/auxiliary/scanner/ssh/karaf_login.rb b/modules/auxiliary/scanner/ssh/karaf_login.rb index a54b319907..42cec53a5e 100644 --- a/modules/auxiliary/scanner/ssh/karaf_login.rb +++ b/modules/auxiliary/scanner/ssh/karaf_login.rb @@ -8,10 +8,9 @@ require 'metasploit/framework/login_scanner/ssh' require 'metasploit/framework/credential_collection' class MetasploitModule < Msf::Auxiliary - include Msf::Auxiliary::Report - include Msf::Auxiliary::CommandShell - include Msf::Auxiliary::AuthBrute include Msf::Auxiliary::Scanner + include Msf::Auxiliary::AuthBrute + include Msf::Auxiliary::Report DEFAULT_USERNAME = 'karaf' DEFAULT_PASSWORD = 'karaf'