Class: Metasploit::Framework::LoginScanner::SSH
- Inherits:
-
Object
- Object
- Metasploit::Framework::LoginScanner::SSH
- Includes:
- Base
- Defined in:
- lib/metasploit/framework/login_scanner/ssh.rb
Overview
This is the LoginScanner class for dealing with the Secure Shell protocol. It is responsible for taking a single target, and a list of credentials and attempting them. It then saves the results.
Constant Summary collapse
- CAN_GET_SESSION =
CONSTANTS
true- DEFAULT_PORT =
22- LIKELY_PORTS =
[ DEFAULT_PORT ]
- LIKELY_SERVICE_NAMES =
[ 'ssh' ]
- PRIVATE_TYPES =
[ :password, :ssh_key ]
- REALM_KEY =
nil- VERBOSITIES =
[ :debug, :info, :warn, :error, :fatal ]
Instance Attribute Summary collapse
-
#skip_gather_proof ⇒ Boolean
Whether to skip calling gather_proof.
-
#ssh_socket ⇒ Net::SSH::Connection::Session
The current SSH connection.
-
#verbosity ⇒ Symbol
The verbosity level for the SSH client.
Instance Method Summary collapse
Instance Attribute Details
#skip_gather_proof ⇒ Boolean
Returns Whether to skip calling gather_proof.
44 45 46 |
# File 'lib/metasploit/framework/login_scanner/ssh.rb', line 44 def skip_gather_proof @skip_gather_proof end |
#ssh_socket ⇒ Net::SSH::Connection::Session
Returns The current SSH connection.
36 37 38 |
# File 'lib/metasploit/framework/login_scanner/ssh.rb', line 36 def ssh_socket @ssh_socket end |
#verbosity ⇒ Symbol
The verbosity level for the SSH client.
41 42 43 |
# File 'lib/metasploit/framework/login_scanner/ssh.rb', line 41 def verbosity @verbosity end |
Instance Method Details
#attempt_login(credential) ⇒ Object
Note:
The caller must close #ssh_socket
52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 |
# File 'lib/metasploit/framework/login_scanner/ssh.rb', line 52 def attempt_login(credential) self.ssh_socket = nil factory = Rex::Socket::SSHFactory.new(framework,framework_module, proxies) opt_hash = { :port => port, :use_agent => false, :config => false, :verbose => verbosity, :proxy => factory, :non_interactive => true, :verify_host_key => :never } case credential.private_type when :password, nil opt_hash.update( :auth_methods => ['password','keyboard-interactive'], :password => credential.private, ) when :ssh_key opt_hash.update( :auth_methods => ['publickey'], :key_data => credential.private, ) end = { credential: credential } begin ::Timeout.timeout(connection_timeout) do self.ssh_socket = Net::SSH.start( host, credential.public, opt_hash ) end rescue OpenSSL::Cipher::CipherError, ::EOFError, Net::SSH::Disconnect, Rex::ConnectionError, ::Timeout::Error => e .merge!(status: Metasploit::Model::Login::Status::UNABLE_TO_CONNECT, proof: e) rescue Net::SSH::Exception .merge!(status: Metasploit::Model::Login::Status::INCORRECT, proof: e) end unless .has_key? :status if ssh_socket proof = gather_proof unless skip_gather_proof .merge!(status: Metasploit::Model::Login::Status::SUCCESSFUL, proof: proof) else .merge!(status: Metasploit::Model::Login::Status::INCORRECT, proof: nil) end end result = ::Metasploit::Framework::LoginScanner::Result.new() result.host = host result.port = port result.protocol = 'tcp' result.service_name = 'ssh' result end |
#get_platform(proof) ⇒ Object
195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 |
# File 'lib/metasploit/framework/login_scanner/ssh.rb', line 195 def get_platform(proof) case proof when /unifi\.version|UniFiSecurityGateway/ #Ubiquiti Unifi. uname -a is left in, so we got to pull before Linux 'unifi' when /Linux/ 'linux' when /Darwin/ 'osx' when /SunOS/ 'solaris' when /BSD/ 'bsd' when /HP-UX/ 'hpux' when /AIX/ 'aix' when /Win32|Windows|Microsoft/ 'windows' when /Unknown command or computer name|Line has invalid autocommand/ 'cisco-ios' when /unknown keyword/ # ScreenOS 'juniper' when /JUNOS Base OS/ # JunOS 'juniper' when /MikroTik/ 'mikrotik' when /Arista/ 'arista' else 'unknown' end end |