Fallback to Python3 in sshexec when it's available #15358
Merged
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This updates the
exploit/multi/ssh/sshexec
module to automatically detect cases wherepython
is unavailable whilepython3
or evenpython2
are. This notably fixes the Python target for distributions that are missing the defaultpython
binary but have one of the others, which is the case for Ubuntu 18.04.When the SSH connection is open and established, it is not a full blown session in Metasploit terms. This means that the
CommandShell#binary_exists
method is not directly callable. This is unfortunate because this method has been improved recently to do things like usewhich
orcommand
depending on which is available. To retain this functionality instead of duplicating it in the module, this PR adds a#binary_exists
class method that takes a callback block which executes an operating system command and returns the result as a string. This means that other places in the framework can getbinary_exists
functionality without necessarily having a fully established session.Also the invocation technique used by Python now leverages echo and a pipe to get the argument (which is the payload) out of the output of things like
ps
. This does mean that it won't work on Windows, if SSH was hypothetically installed. This is also the reason the platform to the new#binary_exists
method is hard coded to:unix
.I looked for instances of this problem elsewhere in the framework and there did not seem to be any obvious cases. The
post/multi/manage/shell_to_meterpreter
checks ifpython
is available before selecting that as a target and the other references I noticed were within exploit modules which have presumably been tested on their applicable targets.Verification
Download and install and Ubuntu 18.04 server instance. Notice that
python
is not installed by default, but ensure thatpython3
is and is in the PATH.msfconsole
use exploit/ssh/sshexec
python
binary was not available in the PATHExample Output
Notice the
Executing command...
lines in the output as it's identifying which version of Python is available before automatically selectingpython3
.