The failed password auth was necessary after all. I misread the PoC. :'(
Apparently the password auth sets the username, while the backdoored
keyboard-interactive auth sets the password.
The Auxiliary command dispatcher checks modules for passive actions
expecting them to have included Msf::Module::HasActions mixin. The
mixin is included in post and aux modules already, but not in
exploits. When the aux dispatcher handles an exploit module, it
may get upset along the lines of:
```
[-] Error while running command exploit: undefined method 'passive'
for #<Msf::Modules::M...3::MetasploitModule:0x0000000d83de0428>
Did you mean? passive?
Call stack:
/opt/metasploit4/msf4/lib/msf/ui/console/command_dispatcher/
auxiliary.rb:106:in `cmd_run'
```
Avoid this mess by having the conditional which checks the methods
included by that mixin depend on the module having included the
mixin in the first place.
Testing:
In local fork (hence the lineno) it seems to fix the problem.
The problem condition and fix should be independently tested
upstream.
While this method here is somewhat noisy on the network it eliminates
a poor user experience when the handler is started but the payload is
not yet running on the target.
When a target is sent a udp packet and it is not rejected push down
an initial "echo syn" command that will respond with output. This
allows framework to be aware that the payload is what is running on
the server port instead of assuming a non-existent target is a valid
session.
If a command is not specified to CommandStream, request a "shell"
session rather than running exec. This allows targets that do not have a
true "shell" which supports exec to instead return a raw shell session.
Packet handlers should only return true if they consume a packet.
Otherwise, they should return false so something else can consume it.
This fixes port forwards by allowing the socket handler to see packets
that were otherwise being discarded in the pivot handler.
Aaron Soto
Jacob Robles
Brent Cook
William Vu
UserExistsError
Wei Chen
a1exdandy
RageLtMan
Jeffrey Martin
UserExistsError
Spencer McIntyre
Adam Cammack