diff --git a/Gemfile.lock b/Gemfile.lock index c91d43fb7e..1a789e4824 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -271,7 +271,7 @@ GEM metasm rex-core rex-text - rex-socket (0.1.14) + rex-socket (0.1.15) rex-core rex-sslscan (0.1.5) rex-core diff --git a/lib/net/ssh/command_stream.rb b/lib/net/ssh/command_stream.rb index 11ef475d28..18642896ed 100644 --- a/lib/net/ssh/command_stream.rb +++ b/lib/net/ssh/command_stream.rb @@ -20,15 +20,11 @@ class CommandStream channel[:data] = '' channel.on_eof do - self.rsock.close rescue nil - self.ssh.close rescue nil - self.thread.kill + cleanup end channel.on_close do - self.rsock.close rescue nil - self.ssh.close rescue nil - self.thread.kill + cleanup end channel.on_data do |ch,data| @@ -42,7 +38,7 @@ class CommandStream self.channel = channel end - def initialize(ssh, cmd = nil, cleanup = true) + def initialize(ssh, cmd = nil, cleanup = false) self.lsock, self.rsock = Rex::Socket.tcp_socket_pair() self.lsock.extend(Rex::IO::Stream) @@ -60,10 +56,10 @@ class CommandStream self.lsock.localinfo = "#{info[1]}:#{info[2]}" rssh.open_channel do |rch| - if cmd.nil? + if rcmd.nil? rch.send_channel_request("shell", &method(:shell_requested)) else - rch.exec(rsh, &method(:shell_requested)) + rch.exec(rcmd, &method(:shell_requested)) end end @@ -90,7 +86,7 @@ class CommandStream end # Shut down the SSH session if requested - if rcleanup + if !rcmd.nil? && rcleanup rssh.close end end @@ -106,6 +102,14 @@ class CommandStream end end + def cleanup + self.monitor.kill + self.lsock.close rescue nil + self.rsock.close rescue nil + self.ssh.close rescue nil + self.thread.kill + end + end end end diff --git a/modules/exploits/apple_ios/ssh/cydia_default_ssh.rb b/modules/exploits/apple_ios/ssh/cydia_default_ssh.rb index e0ac301d69..8587909e9c 100644 --- a/modules/exploits/apple_ios/ssh/cydia_default_ssh.rb +++ b/modules/exploits/apple_ios/ssh/cydia_default_ssh.rb @@ -4,6 +4,7 @@ ## require 'net/ssh' +require 'net/ssh/command_stream' class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking diff --git a/modules/exploits/linux/ssh/ceragon_fibeair_known_privkey.rb b/modules/exploits/linux/ssh/ceragon_fibeair_known_privkey.rb index 96864ee5b4..367f9fb1ca 100644 --- a/modules/exploits/linux/ssh/ceragon_fibeair_known_privkey.rb +++ b/modules/exploits/linux/ssh/ceragon_fibeair_known_privkey.rb @@ -4,6 +4,7 @@ ## require 'net/ssh' +require 'net/ssh/command_stream' class MetasploitModule < Msf::Exploit::Remote include Msf::Auxiliary::Report diff --git a/modules/exploits/linux/ssh/exagrid_known_privkey.rb b/modules/exploits/linux/ssh/exagrid_known_privkey.rb index 5742000cc3..de48870954 100644 --- a/modules/exploits/linux/ssh/exagrid_known_privkey.rb +++ b/modules/exploits/linux/ssh/exagrid_known_privkey.rb @@ -4,6 +4,7 @@ ## require 'net/ssh' +require 'net/ssh/command_stream' class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking diff --git a/modules/exploits/linux/ssh/f5_bigip_known_privkey.rb b/modules/exploits/linux/ssh/f5_bigip_known_privkey.rb index 4fe890b696..fee94159e7 100644 --- a/modules/exploits/linux/ssh/f5_bigip_known_privkey.rb +++ b/modules/exploits/linux/ssh/f5_bigip_known_privkey.rb @@ -4,6 +4,7 @@ ## require 'net/ssh' +require 'net/ssh/command_stream' class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking diff --git a/modules/exploits/linux/ssh/loadbalancerorg_enterprise_known_privkey.rb b/modules/exploits/linux/ssh/loadbalancerorg_enterprise_known_privkey.rb index 5fb276c2ba..65e2b9b5d7 100644 --- a/modules/exploits/linux/ssh/loadbalancerorg_enterprise_known_privkey.rb +++ b/modules/exploits/linux/ssh/loadbalancerorg_enterprise_known_privkey.rb @@ -4,6 +4,7 @@ ## require 'net/ssh' +require 'net/ssh/command_stream' class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking diff --git a/modules/exploits/linux/ssh/quantum_dxi_known_privkey.rb b/modules/exploits/linux/ssh/quantum_dxi_known_privkey.rb index 0d8a939067..ac8692b7bf 100644 --- a/modules/exploits/linux/ssh/quantum_dxi_known_privkey.rb +++ b/modules/exploits/linux/ssh/quantum_dxi_known_privkey.rb @@ -4,6 +4,7 @@ ## require 'net/ssh' +require 'net/ssh/command_stream' class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking diff --git a/modules/exploits/linux/ssh/quantum_vmpro_backdoor.rb b/modules/exploits/linux/ssh/quantum_vmpro_backdoor.rb index d2c4f96ea6..3d369744c8 100644 --- a/modules/exploits/linux/ssh/quantum_vmpro_backdoor.rb +++ b/modules/exploits/linux/ssh/quantum_vmpro_backdoor.rb @@ -4,6 +4,7 @@ ## require 'net/ssh' +require 'net/ssh/command_stream' class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking diff --git a/modules/exploits/linux/ssh/symantec_smg_ssh.rb b/modules/exploits/linux/ssh/symantec_smg_ssh.rb index b48a856c9b..5e878c4935 100644 --- a/modules/exploits/linux/ssh/symantec_smg_ssh.rb +++ b/modules/exploits/linux/ssh/symantec_smg_ssh.rb @@ -4,6 +4,7 @@ ## require 'net/ssh' +require 'net/ssh/command_stream' class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking diff --git a/modules/exploits/linux/ssh/ubiquiti_airos_file_upload.rb b/modules/exploits/linux/ssh/ubiquiti_airos_file_upload.rb index 4094cb72a6..128cfab33f 100644 --- a/modules/exploits/linux/ssh/ubiquiti_airos_file_upload.rb +++ b/modules/exploits/linux/ssh/ubiquiti_airos_file_upload.rb @@ -3,6 +3,9 @@ # Current source: https://github.com/rapid7/metasploit-framework ## +require 'net/ssh' +require 'net/ssh/command_stream' + class MetasploitModule < Msf::Exploit::Remote # See note about overwritten files diff --git a/modules/exploits/unix/ssh/array_vxag_vapv_privkey_privesc.rb b/modules/exploits/unix/ssh/array_vxag_vapv_privkey_privesc.rb index 778902cb34..e16a7cc60c 100644 --- a/modules/exploits/unix/ssh/array_vxag_vapv_privkey_privesc.rb +++ b/modules/exploits/unix/ssh/array_vxag_vapv_privkey_privesc.rb @@ -4,6 +4,7 @@ ## require 'net/ssh' +require 'net/ssh/command_stream' class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking diff --git a/modules/exploits/unix/ssh/tectia_passwd_changereq.rb b/modules/exploits/unix/ssh/tectia_passwd_changereq.rb index 85064b1092..f42f911004 100644 --- a/modules/exploits/unix/ssh/tectia_passwd_changereq.rb +++ b/modules/exploits/unix/ssh/tectia_passwd_changereq.rb @@ -4,6 +4,7 @@ ## require 'net/ssh' +require 'net/ssh/command_stream' class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking