Metasploit-framework: ssh_login_pubkey errors on keys/dirs
ssh_login_pubkey does not correctly use the key_path variable and throws io errors.
when setting key_path to a folder, it doesn't use the files inside of it.
msf6 > use auxiliary/scanner/ssh/ssh_login_pubkey
msf6 auxiliary(scanner/ssh/ssh_login_pubkey) > set KEY_PATH /home/gwillcox/.ssh/
KEY_PATH => /home/gwillcox/.ssh/
msf6 auxiliary(scanner/ssh/ssh_login_pubkey) > set RHOSTS 127.0.0.1
RHOSTS => 127.0.0.1
msf6 auxiliary(scanner/ssh/ssh_login_pubkey) > set USERNAME root
USERNAME => root
msf6 auxiliary(scanner/ssh/ssh_login_pubkey) > run
[*] 127.0.0.1:22 SSH - Testing Cleartext Keys
[*] Error: 127.0.0.1: Errno::EISDIR Is a directory @ io_fread - /home/gwillcox/.ssh
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
msf6 auxiliary(scanner/ssh/ssh_login_pubkey) >
When setting it to an actual file.
set key_path /root/id_rsa
same thing:
Errno::EISDIR Is a directory @ io_fillbuf - fd:14 /root
Metasploit version
- 6.0.17-dev
- 5.0.101-dev
- master (@gwillcox-r7 tested)
Additional Information
Both modes, a folder, or a file seem to fail. A folder doesn't read the files inside, and a file is cut back one+ dir.
h00die
All 3 comments
@h00die I'm not familiar with this module, but should this module have been called scanner/ssh/ssh_login_privkey or something similar?
adfoster-r7
on 30 Nov 2020
We can fix that up too if that is the case :+1:
If it's not the case, and this was intentional, at least I learnt something 馃槃
adfoster-r7
on 30 Nov 2020
I'd actually argue the KEY_PATH parameter should just be an option for ssh_login and we drop this whole module, which is most likely 90%+ similar.
h00die
on 30 Nov 2020
👍2
Was this page helpful?
0 / 5 - 0 ratings
Related issues
ejholmes
路
3Comments
XSecr3t
路
3Comments
wvu-r7
路
3Comments
idetest41
路
3Comments
Funeoz
路
3Comments
Most helpful comment
I'd actually argue the
KEY_PATHparameter should just be an option forssh_loginand we drop this whole module, which is most likely 90%+ similar.