use a convience method to DRY up creation
of the SSHFactory inside modules. This will make it easier
to apply changes as needed in future. Also changed msframework attr
to just framework as per our normal convention
MS-1688
Previously, something like this would fail:
command="/some/script.sh" ssh-rsa adsfadfa root@whatever
This format is valid authorized_keys and should work here too. It does
now.
This change adds two new Rex exceptions and changes the local comm to raise the right one depending on the circumstances. The problem with the existing model is
that failed binds and failed connections both raised the same exception. This change is backwards compatible with modules that rescue Rex::AddressInUse in additi
on to Rex::ConnectionError. There were two corner cases that rescued Rex::AddressInUse specifically:
1. The 'r'-services mixin and modules caught the old exception when handling bind errors. These have been updated to use BindFailed
2. The meterpreter client had a catch for the old exception when the socket reports a bad destination (usually a network connection dropped). This has been updat
ed to use InvalidDestination as that was the intention prior to this change.
Since AddressInUse was part of ConnectionError, modules and mixins which caught both in the same rescue have been updated to just catch ConnectionError.
See the complaint on #4039. This doesn't fix that particular
issue (it's somewhat unrelated), but does solve around
a file parsing problem reported by @void-in
Downcases lots and standardizes a few. Notably, modules that reported a
service name of "TNS" are now "oracle". Modules that report http
now check for SSL and report https instead.
[Fixes#6437]
Pubkeys are now stored as loot, and the Cred model has new and exciting
ways to discover which pubkeys match which privkeys.
Squashed commit of the following:
commit 036d2eb61500da7e161f50d348a44fbf615f6e17
Author: Tod Beardsley <todb@metasploit.com>
Date: Sun Jan 8 22:23:32 2012 -0600
Updates ssh credentials to easily find common keys
Instead of making the modules do all the work of cross-checking keys,
this introduces a few new methods to the Cred model to make this more
universal.
Also includes the long-overdue workspace() method for credentials.
So far, nothing actually implements it, but it's nice that it's there
now.
commit c28430a721fc6272e48329bed902dd5853b4a75a
Author: Tod Beardsley <todb@metasploit.com>
Date: Sun Jan 8 20:10:40 2012 -0600
Adding back cross-checking for privkeys.
Needs to test to see if anything depends on order, but should
be okay to mark up the privkey proof with this as well.
commit dd3563995d4d3c015173e730eebacf471c671b4f
Author: Tod Beardsley <todb@metasploit.com>
Date: Sun Jan 8 16:49:56 2012 -0600
Add SSHKey gem, convert PEM pubkeys to SSH pubkeys
commit 11fc363ebda7bda2c3ad6d940299bf4cbafac6fd
Author: Tod Beardsley <todb@metasploit.com>
Date: Sun Jan 8 13:51:55 2012 -0600
Store pubkeys as loot for reuse.
Yanked cross checking for now, will drop back in before pushing.
commit aad12b31a897db2952999f7be0161df1f59b6000
Author: Tod Beardsley <todb@metasploit.com>
Date: Sun Jan 8 02:10:12 2012 -0600
Fixes up a couple typos in ssh_identify_pubkeys
commit 48937728a92b9ae52d0b93cdcd20bb83f15f8803
Author: Tod Beardsley <todb@metasploit.com>
Date: Sat Jan 7 17:18:33 2012 -0600
Updates to ssh_identify_pubkeys and friends
Switches reporting to cred-based rather than note-based, accurately deal
with DSA keys, adds disable_agent option to other ssh modules, and
reports successful ssh_login attempts pubkey fingerprints as well.
This last thing Leads to some double accounting of creds, so I'm not
super-thrilled, but it sure makes searching for ssh_pubkey types a lot
easier.... maybe a better solution is to just have a special method for
the cred model, though.
Brent Cook
g0tmi1k
William Vu
David Maloney
Jon Hart
Christian Mehlmauer
Stuart Morgan
Christian Catalan
HD Moore
URI Assassin
Tod Beardsley
RageLtMan
sinn3r
James Lee
Tod Beardsley