infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
45,154 Commits
7 Branches
556 Tags
421 MiB
Commit Graph

233 Commits (5171e7edd27afcdf64bb1c49e4d0bd455d7b73a2)

Author SHA1 Message Date
h00die 72d2b46ac8
Land #9767 land magick number blog link update 2018-03-27 14:21:46 -05:00
Brent Cook dcb514e5ac
Land #9694, move ssh platforms to lib 2018-03-17 20:33:04 -07:00
Brent Cook f6223c0193
Land #9614, Juniper post enum module 2018-03-07 07:49:29 -08:00
Brent Cook 826b986018
Land #9602, Create sessions with the Fortinet SSH backdoor scanner 2018-02-22 08:27:36 -08:00
Brent Cook 4e8fe54c6c
Land #9524, prefer 'shell' channels over 'exec' channels for ssh CommandStream 2018-02-22 08:27:36 -08:00
Wei Chen ab610f599b
Land #9442, Remove NoMethod Rescue for cerberus_sftp_enumusers 
Land #9442
 2018-01-24 17:12:25 -06:00
Wei Chen 10fafb62bb
Land #9436 - Fix cerberus_sftp_enumusers undefined method start for nil 
Land #9436

Thanks Steve!
 2018-01-24 17:12:16 -06:00
RageLtMan f2a8d68a1f Permit encrypted SSH keys for login scanner 
Net::SSH::KeyFactory permits loading keys using a passphrase.
The Framework SSH modules were implemented back when we had a fork
of net-ssh in our tree, and can now use functionality provided by
the upstream gem.
Update the ssh key login scanner to add a KEY_PASS datastore
OptString which is then passed to the KeyCollection class and used
in the updated :read_key method which now calls the KeyFactory to
read data and give us the appropriate String representation of the
key in the KeyCollection's cache.
A bit of cleanup performed as well, removing legacy code paths no
longer hit by the module. Shamelessly added self to authors, fair
amount of blood and sweat in the SSH subsystem over the years, hope
nobody objects.

Testing:
  None yet
 2017-12-31 02:53:06 -05:00
nromsdahl b24f70c7c6
Update ssh_login.rb 
Added credential data type so password is stored in creds.
 2017-11-30 11:02:06 -06:00
William Vu 1a4db844c0 Refactor build_brute_message for legacy printing 2017-08-14 11:17:34 -05:00
William Vu 3396afb41a Add IP and port (peer) to print_brute messages 2017-08-08 15:46:40 -05:00
William Vu 39e59805f9 Fix annoying print_brute messages in ssh_login 2017-08-08 15:15:23 -05:00
Brent Cook 6300758c46 use https for metaploit.com links 2017-07-24 06:26:21 -07:00
g0tmi1k ef826b3f2c OCD - print_good & print_error 2017-07-19 12:48:52 +01:00
g0tmi1k b8d80d87f1 Remove last newline after class - Make @wvu-r7 happy 2017-07-19 11:19:49 +01:00
g0tmi1k 4720d1a31e OCD fixes - Spaces 2017-07-14 08:46:59 +01:00
g0tmi1k fd843f364b Removed extra lines 2017-07-14 08:17:16 +01:00
g0tmi1k 67310fa96c print_status -> print_good. [When it is successful, show it!] 2017-07-14 00:09:35 +01:00
g0tmi1k 424522147e OCD fixes - Start of *.rb files 2017-07-13 23:53:59 +01:00
William Vu 64452de06d Fix msf/core and self.class msftidy warnings 
Also fixed rex requires.
 2017-05-03 15:44:51 -05:00
James Lee 4f13bde471
Override `empty?` for the weird ones 
Fixes #7899
 2017-02-09 14:57:20 -06:00
Brent Cook a9a1146155 fix more ssh option hashes 2016-09-20 01:30:35 -05:00
David Maloney e315ec4e73
Merge branch 'master' into bug/7321/fix-ssh-modules 2016-09-19 15:27:37 -05:00
David Maloney 06ff7303a6
make pubkey verifier work with old module 
make the new pubkey verifier class and
the old identify_pubkeys aux module work
together

7321
 2016-09-19 15:20:35 -05:00
William Vu 4ba1ed2e00
Fix formatting in fortinet_backdoor 
Also add :config and :use_agent options.
 2016-09-16 12:32:30 -05:00
David Maloney 26491eed1a
pass the public key in as a file instead of data 
when using key_data it seems to assume it is a private
key now. the initial key parsing error can be bypassed
by doing this

7321
 2016-09-16 11:48:51 -05:00
David Maloney dfcd5742c1
some more minor fixes 
some more minor fixes around broken
ssh modules

7321
 2016-09-15 14:25:17 -05:00
David Maloney e10c133eef
fix the exagrid exploit module 
split the exagrid exploit module up and
refactor to be able to easily tell if the
key or the password was used

7321
 2016-09-15 11:44:19 -05:00
Brent Cook 7352029497 first round of SSL damage fixes 2016-09-13 17:42:31 -05:00
David Maloney 20947cd6cd
remove old dependency on net-ssh moneykpatch 
the ssh_login_pubkey scanner relied on functionality that
was monkeypatched into our vendored copy. this was an uneeded solution
in the first palce, and we now use a more sane method of accomplishing
the same thing
 2016-08-22 10:54:09 -05:00
James Lee ff63e6e05a
Land #7018, unvendor net-ssh 2016-07-19 17:06:35 -05:00
Brent Cook b08d1ad8d8
Revert "Land #6812, remove broken OSVDB references" 
This reverts commit 2b016e0216, reversing
changes made to 7b1d9596c7.
 2016-07-15 12:00:31 -05:00
David Maloney b6b52952f4
set ssh to non-interactive 
have to set the non-interactive flag so that it does not
prompt the user on an incorrect password

MS-1688
 2016-07-14 11:12:03 -05:00
David Maloney 01d0d1702b
Merge branch 'master' into feature/MS-1688/net-ssh-cleanup 2016-07-14 09:48:28 -05:00
Brent Cook 2b016e0216
Land #6812, remove broken OSVDB references 2016-07-11 22:59:11 -05:00
David Maloney 3d93c55174
move sshfactory into a mixin method 
use a convience method to DRY up creation
of the SSHFactory inside modules. This will make it easier
to apply changes as needed in future. Also changed msframework attr
to just framework as per our normal convention

MS-1688
 2016-06-28 15:23:12 -05:00
David Maloney 6c3871bd0c
update ssh modules to use new SSHFactory 
updated all of our SSh based module to use the
new SSHFactory class to plug Rex::Sockets into
Net::SSH

MS-1688
 2016-06-24 13:55:28 -05:00
David Maloney 5bc513d6cd
get ssh sessions working properly 
ssh sessions now working correctly

MD-1688
 2016-06-24 12:14:48 -05:00
David Maloney 3e94abe555
put net:ssh::commandstream back 
this was apparently our own creation for doing
ssh sessions

MD-1688
 2016-06-22 15:02:36 -05:00
William Vu 3dfdf1d936
Land #6528, tilde expansion and more for OptPath 2016-05-24 16:01:59 -05:00
Jon Hart 48c25dd863
Remove need for expand_path in this module; normalize handles it now 2016-05-24 13:30:12 -07:00
Jon Hart 3df4c38e82
Use correct key file var 2016-05-24 13:28:08 -07:00
William Vu 9c61490676 Fix some inconsistencies 
Failed to catch these while editing. :(
 2016-05-17 02:50:12 -05:00
Jon Hart 92d07f74ff
Remove unnecessary double expand_path 2016-05-16 17:34:12 -07:00
Jon Hart 8bccfef571
Fix merge conflict 2016-05-16 17:29:45 -07:00
wchen-r7 816bc91e45 Resolve #6807, remove all OSVDB references. 
OSVDB is no longer a vulnerability database, therefore all the
references linked to it are invalid.

Resolve #6807
 2016-04-23 12:32:34 -05:00
William Vu 41b802a8a2 Clean up module 2016-04-01 13:54:27 -05:00
h00die 7fc2c860e9 remove comment 2016-03-29 21:26:36 -04:00
h00die d35b5e9c2a First add of CVE-2015-7755 2016-03-29 21:20:12 -04:00
wchen-r7 38153d227c Move apache_karaf_command_execution to the SSH directory 
apache_karaf_command_execution does not gather data, therefore
it is not suitable to be in the gather directory.
 2016-03-14 00:32:59 -05:00