New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add Fortinet backdoor #6612
Add Fortinet backdoor #6612
Conversation
@wvu-r7 Very smart patching from net/ssh. IMO, if the custom_handler method is specific to the Fortinet backdoor, then you might want to consider placing that patch in the module, or in a mixin. lib/net/ssh/authentication/methods feels rather generic? |
good +1
@wvu-r7 How to gain a new shell for fortigate ssh backdoor ?
|
@all3g: Still working that part out. I don't think you can use |
@wvu-r7: neat implementation, though i agree we should try to stay as far away from alterations to net/ssh itself as we can. ideally some day we will not need our own version because we will have proper integration. Any chance we can do something clever like extend the SSH object after creation instead of altering its library? |
Sigh #6463 (comment) Like I said, WIP. I'm already looking into overriding the Originally, I was modifying the class directly, but I figured adding my own auth method would be less intrusive. Next step is to put it all in the module. P.S. Does anybody read the original ticket? :) |
Dumped it all in my module. Working as expected. Will toy with a mixin. Expect an update on Monday. Thanks! |
281714d
to
a085ac1
Compare
Moving this to |
51af295
to
df6fe0a
Compare
8584fdc
to
b9e9ad4
Compare
Turns out overriding |
53d7033
to
876ac75
Compare
bd6958b
to
bb1a1df
Compare
bb1a1df
to
300fdc8
Compare
Thanks for the merge, @wchen-r7. We'll work on getting a session in another PR. |
@wvu-r7 Good man ! |
Still get "Unknown admin user ''" from a shell channel request, @busterb's more complete implementation notwithstanding. Hoping we fix this in a subsequent commit or related PR. Please see rapid7#6612 and rapid7#9524.
WIP. Finishing up module.
Test with
Net::SSH.start(host, 'Fortimanager_Access', auth_methods: ['fortinet-backdoor'], verbose: :debug); nil
inirb
.Resolves #6463.