Merge branch 'master' of github.com:rapid7/metasploit-framework
This commit is contained in:
commit
181fe2d925
|
@ -55,6 +55,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
register_advanced_options(
|
||||
[
|
||||
OptBool.new('SSH_DEBUG', [ false, 'Enable SSH debugging output (Extreme verbosity!)', false]),
|
||||
OptBool.new('SSH_BYPASS', [ false, 'Verify that authentication was not bypassed when keys are found', false]),
|
||||
OptString.new('SSH_KEYFILE_B64', [false, 'Raw data of an unencrypted SSH public key. This should be used by programmatic interfaces to this module only.', '']),
|
||||
OptPath.new('KEY_DIR', [false, 'Directory of several keys. Filenames must not begin with a dot in order to be read.'])
|
||||
]
|
||||
|
@ -210,7 +211,21 @@ class Metasploit3 < Msf::Auxiliary
|
|||
|
||||
begin
|
||||
ssh_socket = Net::SSH.start(ip, user, opt_hash)
|
||||
ssh_socket.close rescue nil
|
||||
|
||||
if datastore['SSH_BYPASS']
|
||||
data = nil
|
||||
|
||||
print_status("#{ip}:#{rport} - SSH - User #{user} is being tested for authentication bypass...")
|
||||
|
||||
begin
|
||||
::Timeout.timeout(5) { data = ssh_socket.exec!("help\nid\nuname -a").to_s }
|
||||
rescue ::Exception
|
||||
end
|
||||
|
||||
print_good("#{ip}:#{rport} - SSH - User #{user} successfully bypassed authentication: #{data.inspect} ") if data
|
||||
end
|
||||
|
||||
::Timeout.timeout(1) { ssh_socket.close } rescue nil
|
||||
|
||||
rescue Rex::ConnectionError, Rex::AddressInUse
|
||||
return :connection_error
|
||||
|
|
Loading…
Reference in New Issue