Path: blob/master/modules/auxiliary/fuzzers/ssh/ssh_version_2.rb
19715 views
##1# This module requires Metasploit: https://metasploit.com/download2# Current source: https://github.com/rapid7/metasploit-framework3##45require 'English'6class MetasploitModule < Msf::Auxiliary7include Msf::Exploit::Remote::Tcp8include Msf::Auxiliary::Fuzzer910def initialize(info = {})11super(12update_info(13info,14'Name' => 'SSH 2.0 Version Fuzzer',15'Description' => %q{16This module sends a series of SSH requests with malicious version strings.17},18'Author' => [ 'hdm' ],19'License' => MSF_LICENSE,20'Notes' => {21'Stability' => [CRASH_SERVICE_DOWN],22'SideEffects' => [],23'Reliability' => []24}25)26)27register_options([28Opt::RPORT(22)29])30end3132def do_ssh_version(pkt, opts = {})33@connected = false34connect35@connected = true3637@banner = sock.get_once(-1, opts[:banner_timeout])38return if !@banner3940sock.put("#{pkt}\r\n")41end4243def run44last_str = nil45last_inp = nil46last_err = nil4748make_ssh_version_base49cnt = 05051fuzz_strings do |str|52cnt += 15354if (cnt % 100 == 0)55print_status("Fuzzing with iteration #{cnt} using #{@last_fuzzer_input}")56end5758begin59do_ssh_version(str, banner_timeout: 5)60rescue ::Interrupt61print_status("Exiting on interrupt: iteration #{cnt} using #{@last_fuzzer_input}")62raise $ERROR_INFO63rescue StandardError => e64last_err = e65ensure66disconnect67end6869if !@connected70if last_str71print_status("The service may have crashed: iteration:#{cnt - 1} method=#{last_inp} string=#{last_str.unpack('H*')[0]} error=#{last_err}")72else73print_status("Could not connect to the service: #{last_err}")74end75return76end7778if !@banner79print_status("The service may have crashed (no banner): iteration:#{cnt - 1} method=#{last_inp} string=#{last_str.unpack('H*')[0]} ")80return81end8283last_str = str84last_inp = @last_fuzzer_input85end86end8788def make_ssh_version_base89'SSH-2.0-'90end91end929394