fixing sshauth bug

MythicAgents · Jul 11, 2024 · 838b2fd · 838b2fd
1 parent b542db8
commit 838b2fd
Show file tree

Hide file tree

Showing 4 changed files with 32 additions and 19 deletions.
diff --git a/Payload_Type/poseidon/poseidon/agent_code/CHANGELOG.MD b/Payload_Type/poseidon/poseidon/agent_code/CHANGELOG.MD
@@ -4,6 +4,12 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/)
 and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html).
 
+## 2.1.2 - 2024-07-11 
+
+### Changed
+
+- fixed an issue with sshauth that didn't properly validate private keys before use
+
 ## 2.1.1 - 2024-07-11
 
 ### Changed

diff --git a/Payload_Type/poseidon/poseidon/agent_code/sshauth/sshauth.go b/Payload_Type/poseidon/poseidon/agent_code/sshauth/sshauth.go
@@ -60,20 +60,24 @@ type SSHResult struct {
 }
 
 // SSH Functions
-func PublicKeyFile(file string) ssh.AuthMethod {
+func PublicKeyFile(file string) (ssh.AuthMethod, error) {
 	buffer, err := ioutil.ReadFile(file)
 	if err != nil {
-		return nil
+		return nil, err
 	}
 
 	key, err := ssh.ParsePrivateKey(buffer)
 	if err != nil {
-		return nil
+		return nil, err
 	}
-	return ssh.PublicKeys(key)
+	return ssh.PublicKeys(key), nil
 }
 
 func SSHLogin(host string, port int, cred Credential, debug bool, command string, source string, destination string) {
+	res := SSHResult{
+		Host:     host,
+		Username: cred.Username,
+	}
 	var sshConfig *ssh.ClientConfig
 	if cred.PrivateKey == "" {
 		sshConfig = &ssh.ClientConfig{
@@ -83,18 +87,22 @@ func SSHLogin(host string, port int, cred Credential, debug bool, command string
 			Auth:            []ssh.AuthMethod{ssh.Password(cred.Password)},
 		}
 	} else {
+		sshAuthMethodPrivateKey, err := PublicKeyFile(cred.PrivateKey)
+		if err != nil {
+			res.Success = false
+			res.Status = err.Error()
+			sshResultChan <- res
+			return
+		}
 		sshConfig = &ssh.ClientConfig{
 			User:            cred.Username,
 			Timeout:         500 * time.Millisecond,
 			HostKeyCallback: ssh.InsecureIgnoreHostKey(),
-			Auth:            []ssh.AuthMethod{PublicKeyFile(cred.PrivateKey)},
+			Auth:            []ssh.AuthMethod{sshAuthMethodPrivateKey},
 		}
 	}
 	// log.Println("Dialing:", host)
-	res := SSHResult{
-		Host:     host,
-		Username: cred.Username,
-	}
+
 	if cred.PrivateKey == "" {
 		res.Secret = cred.Password
 		// successStr = fmt.Sprintf("[SSH] Hostname: %s\tUsername: %s\tPassword: %s", host, cred.Username, cred.Password)
@@ -163,9 +171,9 @@ func (auth *SSHAuthenticator) Brute(port int, creds []Credential, debug bool, co
 		auth.lock.Acquire(context.TODO(), 1)
 		wg.Add(1)
 		go func(port int, cred Credential, debug bool, command string, source string, destination string) {
-			defer auth.lock.Release(1)
-			defer wg.Done()
 			SSHLogin(auth.host, port, cred, debug, command, source, destination)
+			wg.Done()
+			auth.lock.Release(1)
 		}(port, creds[i], debug, command, source, destination)
 	}
 	wg.Wait()
@@ -182,16 +190,15 @@ func SSHBruteHost(host string, port int, creds []Credential, debug bool, command
 
 func SSHBruteForce(hosts []string, port int, creds []Credential, debug bool, command string, source string, destination string) []SSHResult {
 	for i := 0; i < len(hosts); i++ {
-		go func(host string, port int, creds []Credential, debug bool, command string, source string, destination string) {
-			SSHBruteHost(host, port, creds, debug, command, source, destination)
-		}(hosts[i], port, creds, debug, command, source, destination)
+		go SSHBruteHost(hosts[i], port, creds, debug, command, source, destination)
 	}
 	var successfulHosts []SSHResult
 	for i := 0; i < len(hosts); i++ {
 		res := <-sshResultChan
-		if res.Success {
-			successfulHosts = append(successfulHosts, res)
-		}
+		//if res.Success {
+		//	successfulHosts = append(successfulHosts, res)
+		//}
+		successfulHosts = append(successfulHosts, res)
 	}
 	return successfulHosts
 }

diff --git a/Payload_Type/poseidon/poseidon/agentfunctions/builder.go b/Payload_Type/poseidon/poseidon/agentfunctions/builder.go
@@ -21,7 +21,7 @@ import (
 	"time"
 )
 
-const version = "2.1.1"
+const version = "2.1.2"
 
 type sleepInfoStruct struct {
 	Interval int       `json:"interval"`

diff --git a/Payload_Type/poseidon/poseidon/browserscripts/sshauth_new.js b/Payload_Type/poseidon/poseidon/browserscripts/sshauth_new.js
@@ -22,7 +22,7 @@ function(task, response){
 				"status": {"plaintext": data[j]["status"]},
 				"output": {"plaintext": data[j]["output"]},
 				"copy_status": {"plaintext": data[j]["copy_status"]},
-				"rowStyle": {backgroundColor: "green", color: "white"},
+				"rowStyle": {backgroundColor: data[j]["success"] ? "green" : ""},
 			});
 		}
 		return {"table": [{