Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.
Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.
Path: blob/master/modules/auxiliary/fuzzers/ssh/ssh_version_2.rb
Views: 11783
##1# This module requires Metasploit: https://metasploit.com/download2# Current source: https://github.com/rapid7/metasploit-framework3##45class MetasploitModule < Msf::Auxiliary6include Msf::Exploit::Remote::Tcp7include Msf::Auxiliary::Fuzzer89def initialize(info = {})10super(update_info(info,11'Name' => 'SSH 2.0 Version Fuzzer',12'Description' => %q{13This module sends a series of SSH requests with malicious version strings.14},15'Author' => [ 'hdm' ],16'License' => MSF_LICENSE17))18register_options([19Opt::RPORT(22)20])21end2223def do_ssh_version(pkt,opts={})24@connected = false25connect26@connected = true2728@banner = sock.get_once(-1,opts[:banner_timeout])29return if not @banner30sock.put("#{pkt}\r\n")31end3233def run34last_str = nil35last_inp = nil36last_err = nil3738ver = make_ssh_version_base39cnt = 04041fuzz_strings do |str|42cnt += 14344pkt = ver + str4546if(cnt % 100 == 0)47print_status("Fuzzing with iteration #{cnt} using #{@last_fuzzer_input}")48end4950begin51r = do_ssh_version(str,:banner_timeout => 5)52rescue ::Interrupt53print_status("Exiting on interrupt: iteration #{cnt} using #{@last_fuzzer_input}")54raise $!55rescue ::Exception => e56last_err = e57ensure58disconnect59end6061if(not @connected)62if(last_str)63print_status("The service may have crashed: iteration:#{cnt-1} method=#{last_inp} string=#{last_str.unpack("H*")[0]} error=#{last_err}")64else65print_status("Could not connect to the service: #{last_err}")66end67return68end6970if(not @banner)71print_status("The service may have crashed (no banner): iteration:#{cnt-1} method=#{last_inp} string=#{last_str.unpack("H*")[0]} ")72return73end7475last_str = str76last_inp = @last_fuzzer_input77end78end7980def make_ssh_version_base81"SSH-2.0-"82end83end848586