Class: Metasploit::Framework::LoginScanner::SSH

Inherits:
Object
  • Object
show all
Includes:
Base
Defined in:
lib/metasploit/framework/login_scanner/ssh.rb

Overview

This is the LoginScanner class for dealing with the Secure Shell protocol. It is responsible for taking a single target, and a list of credentials and attempting them. It then saves the results.

Constant Summary collapse

CAN_GET_SESSION =

CONSTANTS

true
DEFAULT_PORT =
22
LIKELY_PORTS =
[ DEFAULT_PORT ]
LIKELY_SERVICE_NAMES =
[ 'ssh' ]
PRIVATE_TYPES =
[ :password, :ssh_key ]
REALM_KEY =
nil
VERBOSITIES =
[
    :debug,
    :info,
    :warn,
    :error,
    :fatal
]

Instance Attribute Summary collapse

Instance Method Summary collapse

Instance Attribute Details

#skip_gather_proofBoolean

Returns Whether to skip calling gather_proof.

Returns:

  • (Boolean)

    Whether to skip calling gather_proof



45
46
47
# File 'lib/metasploit/framework/login_scanner/ssh.rb', line 45

def skip_gather_proof
  @skip_gather_proof
end

#ssh_socketNet::SSH::Connection::Session

Returns The current SSH connection.

Returns:

  • (Net::SSH::Connection::Session)

    The current SSH connection



37
38
39
# File 'lib/metasploit/framework/login_scanner/ssh.rb', line 37

def ssh_socket
  @ssh_socket
end

#verbositySymbol

The verbosity level for the SSH client.

Returns:



42
43
44
# File 'lib/metasploit/framework/login_scanner/ssh.rb', line 42

def verbosity
  @verbosity
end

Instance Method Details

#attempt_login(credential) ⇒ Object

Note:

The caller must close #ssh_socket



53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
# File 'lib/metasploit/framework/login_scanner/ssh.rb', line 53

def (credential)
  self.ssh_socket = nil
  factory = Rex::Socket::SSHFactory.new(framework,framework_module, proxies)
  opt_hash = {
    :port            => port,
    :use_agent       => false,
    :config          => false,
    :verbose         => verbosity,
    :proxy           => factory,
    :non_interactive => true,
    :verify_host_key => :never
  }
  case credential.private_type
  when :password, nil
    opt_hash.update(
      :auth_methods  => ['password','keyboard-interactive'],
      :password      => credential.private,
    )
  when :ssh_key
    opt_hash.update(
      :auth_methods  => ['publickey'],
      :key_data      => credential.private,
    )
  end

  result_options = {
    credential: credential
  }
  begin
    ::Timeout.timeout(connection_timeout) do
      self.ssh_socket = Net::SSH.start(
        host,
        credential.public,
        opt_hash
      )
    end
  rescue OpenSSL::Cipher::CipherError, ::EOFError, Net::SSH::Disconnect, Rex::ConnectionError, ::Timeout::Error, Errno::ECONNRESET => e
    result_options.merge!(status: Metasploit::Model::Login::Status::UNABLE_TO_CONNECT, proof: e)
  rescue Net::SSH::Exception
    result_options.merge!(status: Metasploit::Model::Login::Status::INCORRECT, proof: e)
  end

  unless result_options.has_key? :status
    if ssh_socket
      proof = gather_proof unless skip_gather_proof
      result_options.merge!(status: Metasploit::Model::Login::Status::SUCCESSFUL, proof: proof)
    else
      result_options.merge!(status: Metasploit::Model::Login::Status::INCORRECT, proof: nil)
    end
  end

  result = ::Metasploit::Framework::LoginScanner::Result.new(result_options)
  result.host         = host
  result.port         = port
  result.protocol     = 'tcp'
  result.service_name = 'ssh'
  result
end

#get_platform(proof) ⇒ Object



128
129
130
# File 'lib/metasploit/framework/login_scanner/ssh.rb', line 128

def get_platform(proof)
  Metasploit::Framework::Ssh::Platform.get_platform_from_info(proof)
end