Metasploit mailing list archives

Previous By Date Next
Previous By Thread Next

Re: ssh_login_pubkey

From: Tod Beardsley <todb () planb-security net>
Date: Thu, 16 Dec 2010 14:27:08 -0600
In msfconsole, try set ssh_debug true -- that'll spew out most
everything the OpenSSL library is doing, which, given your error
message, seems to be where the problem lives.

On Thu, Dec 16, 2010 at 1:01 PM, Paul O'Grady <paulmogrady () gmail com> wrote:

Hi Tod,

Yeah, that works without issue. Could this be a dependency issue or
something? Do you know of any tools I could use to help debug this issue?
I'm not a ruby guy so I've been using strace : )

Cheers,

-Paul


On Wed, Dec 15, 2010 at 4:03 PM, Tod Beardsley <todb () planb-security net>
wrote:


Paul, sorry you're having trouble. Using r11344, I have no problems in
my test with a normal RSA key. My results from just this moment are
below. Does ssh -i path_to_keyfile user@host work?

----
msf auxiliary(ssh_login) > use auxiliary/scanner/ssh/ssh_login_pubkey
msf auxiliary(ssh_login_pubkey) > set KEY_FILE /tmp/ssh/id_rsa
KEY_FILE => /tmp/ssh/id_rsa
msf auxiliary(ssh_login_pubkey) > set username goofus
username => goofus
msf auxiliary(ssh_login_pubkey) > set rhosts 192.168.145.51
rhosts => 192.168.145.51
msf auxiliary(ssh_login_pubkey) > run

[*] 192.168.145.51:22 - SSH - Testing Cleartext Keys
[*] 192.168.145.51:22 - SSH - Trying 1 cleartext key per user.
[*] Command shell session 1 opened (192.168.145.1:55409 ->
192.168.145.51:22) at 2010-12-15 14:57:06 -0600
[+] 192.168.145.51:22 - SSH - Success:
'goofus':'e9:1c:94:ab:23:0b:2e:e9:91:a6:bf:bd:f6:a7:ab:fa'
'uid=1002(goofus) gid=1002(goofus)

groups=4(adm),20(dialout),21(fax),24(cdrom),26(tape),29(audio),30(dip),44(video),46(plugdev),103(fuse),1002(goofus)
Linux ubuntu 2.6.31-17-generic #54-Ubuntu SMP Thu Dec 10 16:20:31 UTC
2009 i686 GNU/Linux '
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
msf auxiliary(ssh_login_pubkey) >

----

Your keyfile

On Wed, Dec 15, 2010 at 2:17 PM, Paul O'Grady <paulmogrady () gmail com>
wrote:

Hey All,

Just curious if anyone has been experiencing the same behaviour that I
have
with the ssh_login_pubkey module:

I've confirmed that my test environment is configured right by
authenticating to my SSH server with my private key.

I set KEY_FILE to a cleartext private key
I set USERNAME to the appropriate user

my output looks like:

[*] 192.168.20.106:22 - SSH - Testing Cleartext Keys
[*] 192.168.20.106:22 - SSH - Trying 1 cleartext key per user.
[*] Error: 192.168.20.106: OpenSSL::PKey::RSAError Neither PUB key nor
PRIV
key:: not enough data
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed

I've confirmed that key_data contains a valid key before self.ssh_socket
=
Net::SSH.start is called.

tail end of SSH debug output looks like:

[...]
beginning authentication of `msfadmin'
queueing packet nr 4 type 5 len 28
sent 52 bytes
read 52 bytes
received packet nr 4 type 6 len 28
trying publickey
connecting to ssh-agent
could not connect to ssh-agent

I'm running r11341

Cheers,

-Paul



_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework






_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework
Previous By Date Next
Previous By Thread Next

Current thread: