feat(ssh): Add support for publickey authentication.

main
Alexandre Beaulieu 2019-11-18 12:39:17 -05:00
parent 757881cbcb
commit 4a19d4dc32
No known key found for this signature in database
GPG Key ID: 8B02EA7AE3FC7081
1 changed files with 10 additions and 5 deletions

View File

@ -13,7 +13,7 @@ class ssh(connection):
def proto_args(parser, std_parser, module_parser): def proto_args(parser, std_parser, module_parser):
ssh_parser = parser.add_parser('ssh', help="own stuff using SSH", parents=[std_parser, module_parser]) ssh_parser = parser.add_parser('ssh', help="own stuff using SSH", parents=[std_parser, module_parser])
ssh_parser.add_argument("--no-bruteforce", action='store_true', help='No spray when using file for username and password (user1 => password1, user2 => password2') ssh_parser.add_argument("--no-bruteforce", action='store_true', help='No spray when using file for username and password (user1 => password1, user2 => password2')
#ssh_parser.add_argument("--key-file", type=str, help="Authenticate using the specified private key") ssh_parser.add_argument("--key-file", type=str, help="Authenticate using the specified private key. Treats the password parameter as the key's passphrase.")
ssh_parser.add_argument("--port", type=int, default=22, help="SSH port (default: 22)") ssh_parser.add_argument("--port", type=int, default=22, help="SSH port (default: 22)")
cgroup = ssh_parser.add_argument_group("Command Execution", "Options for executing commands") cgroup = ssh_parser.add_argument_group("Command Execution", "Options for executing commands")
@ -59,11 +59,16 @@ class ssh(connection):
def plaintext_login(self, username, password): def plaintext_login(self, username, password):
try: try:
self.conn.connect(self.host, port=self.args.port, username=username, password=password) if self.args.key_file:
self.check_if_admin() passwd = password
password = u'{} (keyfile: {})'.format(passwd, self.args.key_file)
self.conn.connect(self.host, port=self.args.port, username=username, passphrase=passwd, key_filename=self.args.key_file, look_for_keys=False, allow_agent=False)
else:
self.conn.connect(self.host, port=self.args.port, username=username, password=password, look_for_keys=False, allow_agent=False)
self.logger.success(u'{}:{} {}'.format(username, self.check_if_admin()
password, self.logger.success(u'{}:{} {}'.format(username.decode('utf-8'),
password.decode('utf-8'),
highlight('({})'.format(self.config.get('CME', 'pwn3d_label')) if self.admin_privs else ''))) highlight('({})'.format(self.config.get('CME', 'pwn3d_label')) if self.admin_privs else '')))
return True return True