SSH Client Defaults Are Not Widely Used #16328
Comments
|
In addition to the KEX issue, modules are likely having to also configure their own socket factory to ensure that the connections can be made with Metasploit's Rex::Socket subsystem to ensure they can be pivoted. I haven't noticed any modules that fail to do this, but modules shouldn't have to handle that themselves. |
|
I'll take it, you can assign it to me. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Metasploit's SSH client functionality is provided by the Net::SSH library. In order to streamline and configure it in a somewhat consistent manner for Metasploit's purposes the
Msf::Exploit::Remote::SSHmixin defines the#ssh_client_defaultsmethod.Looking through the current Metasploit modules and libraries, it only appears to be used by the
exploit/solaris/ssh/pam_username_bofmodule. This means that when options to fix bugs such as those proposed in #16318 are made, modules do not consistently get them. This notably means that many modules that use SSH client connections are likely still affected by the KEX issue identified in the aforementioned PR.We should update SSH client usages to use the defaults to fix bugs like these.
The text was updated successfully, but these errors were encountered: