Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

post/multi/gather/ssh_creds should verify it has access to a file bef… #12614

Merged
merged 1 commit into from
Dec 10, 2019
Merged

post/multi/gather/ssh_creds should verify it has access to a file bef… #12614

merged 1 commit into from
Dec 10, 2019

Conversation

MangyCoyote
Copy link
Contributor

Resolves #12609 .

wvu
wvu approved these changes Nov 21, 2019
View reviewed changes
Copy link
Contributor

@wvu wvu left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks good to me.

@wvu wvu self-assigned this Nov 21, 2019
wvu added a commit that referenced this pull request Dec 10, 2019
@wvu
Land #12614, post/multi/gather/ssh_creds fixes
871b295
@wvu wvu merged commit a7e7b9d into rapid7:master Dec 10, 2019
@wvu
Copy link
Contributor

wvu commented Dec 10, 2019 

msf5 post(multi/gather/ssh_creds) > run

[*] Finding .ssh directories
[*] Looting 2 .ssh directories
[*] Looting /home/ubuntu/.ssh directory
[!] Cannot access directory: /home/ubuntu/.ssh . Missing execute permission. Skipping.
[*] Looting /home/vagrant/.ssh directory
[!] Cannot read file: /home/vagrant/.ssh/authorized_keys . Missing read permission. Skipping.
[*] Post module execution completed
msf5 post(multi/gather/ssh_creds) > run

[*] Finding .ssh directories
[*] Looting 2 .ssh directories
[*] Looting /home/ubuntu/.ssh directory
[!] Cannot access directory: /home/ubuntu/.ssh . Missing execute permission. Skipping.
[*] Looting /home/vagrant/.ssh directory
[+] Downloaded /home/vagrant/.ssh/authorized_keys -> /Users/wvu/.msf4/loot/20191209200515_default_172.28.128.5_ssh.authorized_k_729103.txt
[*] Post module execution completed
msf5 post(multi/gather/ssh_creds) >

98c586b

Thanks!

@wvu
Copy link
Contributor

wvu commented Dec 10, 2019
edited by tperry-r7
Loading

Release Notes

The post/multi/gather/ssh_creds module now checks if directories have execute permission (access to files) and if files have read permission. Fixes #12609.

msjenkins-r7 pushed a commit that referenced this pull request Dec 10, 2019
@wvu @msjenkins-r7
Land #12614, post/multi/gather/ssh_creds fixes
299bd5f
@MangyCoyote MangyCoyote deleted the verify_rights branch December 10, 2019 08:06
@tperry-r7 tperry-r7 added the rn-fix release notes fix label Jan 14, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@wvu wvu wvu approved these changes

@powertothepeople2017 powertothepeople2017 powertothepeople2017 approved these changes

Assignees

@wvu wvu

Labels
bug module rn-fix release notes fix
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

post/multi/gather/ssh_creds should verify it has access to a file before reading it
5 participants
@MangyCoyote @wvu @powertothepeople2017 @acammack-r7 @tperry-r7