remove old dependency on net-ssh moneykpatch

the ssh_login_pubkey scanner relied on functionality that was monkeypatched into our vendored copy. this was an uneeded solution in the first palce, and we now use a more sane method of accomplishing the same thing
2016-08-22 10:54:09 -05:00 · 2016-08-22 10:54:09 -05:00 · 20947cd6cd
parent b6dff719f3
commit 20947cd6cd
1 changed files with 7 additions and 3 deletions
--- a/modules/auxiliary/scanner/ssh/ssh_login_pubkey.rb
+++ b/modules/auxiliary/scanner/ssh/ssh_login_pubkey.rb
@ -7,6 +7,8 @@ require 'msf/core'
 require 'net/ssh'
 require 'metasploit/framework/login_scanner/ssh'
 require 'metasploit/framework/credential_collection'
+require 'sshkey'
+require 'net/ssh/command_stream'

 class MetasploitModule < Msf::Auxiliary

@ -140,7 +142,7 @@ class MetasploitModule < Msf::Auxiliary
    return cleartext_keys
  end

-  def session_setup(result, ssh_socket)
+  def session_setup(result, ssh_socket, fingerprint)
    return unless ssh_socket

    # Create a new session from the socket
@ -157,7 +159,7 @@ class MetasploitModule < Msf::Auxiliary
      'KEY_PATH'        => nil
    }

-    info = "SSH #{result.credential.public}:#{ssh_socket.auth_info[:pubkey_id]} (#{ip}:#{rport})"
+    info = "SSH #{result.credential.public}:#{fingerprint} (#{ip}:#{rport})"
    s = start_session(self, info, merge_me, false, conn.lsock)
    self.sockets.delete(ssh_socket.transport.socket)

@ -229,7 +231,9 @@ class MetasploitModule < Msf::Auxiliary
          credential_core = create_credential(credential_data)
          credential_data[:core] = credential_core
          create_credential_login(credential_data)
-          session_setup(result, scanner.ssh_socket)
+          tmp_key = result.credential.private
+          ssh_key = SSHKey.new tmp_key
+          session_setup(result, scanner.ssh_socket, ssh_key.fingerprint)
          :next_user
        when Metasploit::Model::Login::Status::UNABLE_TO_CONNECT
          if datastore['VERBOSE']