Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Deregister PASSWORD_SPRAY option for LoginScanner modules #12022

Merged
merged 1 commit into from Jun 28, 2019

Conversation

Projects
None yet
3 participants
@jbarnett-r7
Copy link
Contributor

commented Jun 27, 2019

This PR deregisters the PASSWORD_SPRAY option for any scanner modules that use the LoginScanner.scan! method to iterate through credentials, which fixes #12009. The PASSWORD_SPRAY option was added to the AuthBrute module with #9634 so the option is registered anywhere that module is included. Most of the LoginScanner modules still include AuthBrute, so the option was showing as available even though it was never honored.

The best fix for this would be to port the PASSWORD_SPRAY logic over to LoginScanner, but that looks to be quite a bit of work. Opting for disabling the option for now in modules where it is not properly honored until that work can be completed.

Verification

List the steps needed to make sure this thing works

  • Start msfconsole
  • use auxiliary/scanner/ssh/ssh_login (or any module updated in this PR)
  • show advanced
  • Verify the PASSWORD_SPRAY option is not displayed

@wvu-r7 wvu-r7 self-assigned this Jun 27, 2019

@wvu-r7

wvu-r7 approved these changes Jun 27, 2019

Copy link
Contributor

left a comment

Code looks good. Giving it a test.

@wvu-r7

This comment has been minimized.

Copy link
Contributor

commented Jun 27, 2019

msf5 auxiliary(scanner/ssh/ssh_login) > grep PASSWORD_SPRAY options
msf5 auxiliary(scanner/ssh/ssh_login) > grep PASSWORD_SPRAY advanced
   TRANSITION_DELAY            0                                        no        Amount of time (in minutes) to delay before transitioning to the next user in the array (or password when PASSWORD_SPRAY=true)
msf5 auxiliary(scanner/ssh/ssh_login) >

You may want to deregister related options.

@jbarnett-r7

This comment has been minimized.

Copy link
Contributor Author

commented Jun 28, 2019

You may want to deregister related options

So this option isn't exclusive to password_spray, but it does fall into the exact same issue. It won't be honored unless the AuthBrute iterator is used. I'll add this one to the list to just knock it out, too.

@wvu-r7

This comment has been minimized.

Copy link
Contributor

commented Jun 28, 2019

Oh, you're right. I didn't read #9634 closely enough. Don't bother unless you're feeling ambitious. I'm sure there are others. Removing options one at a time isn't sustainable.

@wvu-r7

wvu-r7 approved these changes Jun 28, 2019

@wvu-r7 wvu-r7 merged commit 2ed8e6d into rapid7:master Jun 28, 2019

3 checks passed

Metasploit Automation - Sanity Test Execution Successfully completed all tests.
Details
Metasploit Automation - Test Execution Successfully completed all tests.
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details
@wvu-r7

This comment has been minimized.

Copy link
Contributor

commented Jun 28, 2019

Release Notes

This deregisters the PASSWORD_SPRAY option from LoginScanner modules, since it is not supported yet.

wvu-r7 added a commit that referenced this pull request Jun 28, 2019

@wvu-r7

This comment has been minimized.

Copy link
Contributor

commented Jun 28, 2019

Feel free to do your next pass in a separate PR if you desire. I consider this fixed.

@day1player

This comment has been minimized.

Copy link

commented Jun 28, 2019

Any plans on supporting this in the future? I guess technically the problem is solved but a more desirable solution would be to support the password spray functionality

https://imgur.com/a/5vNGnzM

@jbarnett-r7

This comment has been minimized.

Copy link
Contributor Author

commented Jun 28, 2019

Any plans on supporting this in the future? I guess technically the problem is solved but a more desirable solution would be to support the password spray functionality

https://imgur.com/a/5vNGnzM

That is definitely the plan. I spent a couple of hours just trying to plan on how we could port that logic over to LoginScanner and couldn't come up with anything that doesn't require a major overhaul (or major hack). It's going to take some planning and work to complete that task and unfortunately I have some higher priority stuff that I have to get done at this time.

If you want to take a stab at it feel free! We'd love the contribution :).

jmartin-r7 added a commit that referenced this pull request Jun 28, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.