From 838b2fd82cd73ae4d50c2fa03ce24f9045379992 Mon Sep 17 00:00:00 2001 From: its-a-feature Date: Thu, 11 Jul 2024 15:34:49 -0500 Subject: [PATCH] fixing sshauth bug --- .../poseidon/poseidon/agent_code/CHANGELOG.MD | 6 +++ .../poseidon/agent_code/sshauth/sshauth.go | 41 +++++++++++-------- .../poseidon/agentfunctions/builder.go | 2 +- .../poseidon/browserscripts/sshauth_new.js | 2 +- 4 files changed, 32 insertions(+), 19 deletions(-) diff --git a/Payload_Type/poseidon/poseidon/agent_code/CHANGELOG.MD b/Payload_Type/poseidon/poseidon/agent_code/CHANGELOG.MD index 0070fa2..fb15a5a 100644 --- a/Payload_Type/poseidon/poseidon/agent_code/CHANGELOG.MD +++ b/Payload_Type/poseidon/poseidon/agent_code/CHANGELOG.MD @@ -4,6 +4,12 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html). +## 2.1.2 - 2024-07-11 + +### Changed + +- fixed an issue with sshauth that didn't properly validate private keys before use + ## 2.1.1 - 2024-07-11 ### Changed diff --git a/Payload_Type/poseidon/poseidon/agent_code/sshauth/sshauth.go b/Payload_Type/poseidon/poseidon/agent_code/sshauth/sshauth.go index 46daf8a..d588ef7 100755 --- a/Payload_Type/poseidon/poseidon/agent_code/sshauth/sshauth.go +++ b/Payload_Type/poseidon/poseidon/agent_code/sshauth/sshauth.go @@ -60,20 +60,24 @@ type SSHResult struct { } // SSH Functions -func PublicKeyFile(file string) ssh.AuthMethod { +func PublicKeyFile(file string) (ssh.AuthMethod, error) { buffer, err := ioutil.ReadFile(file) if err != nil { - return nil + return nil, err } key, err := ssh.ParsePrivateKey(buffer) if err != nil { - return nil + return nil, err } - return ssh.PublicKeys(key) + return ssh.PublicKeys(key), nil } func SSHLogin(host string, port int, cred Credential, debug bool, command string, source string, destination string) { + res := SSHResult{ + Host: host, + Username: cred.Username, + } var sshConfig *ssh.ClientConfig if cred.PrivateKey == "" { sshConfig = &ssh.ClientConfig{ @@ -83,18 +87,22 @@ func SSHLogin(host string, port int, cred Credential, debug bool, command string Auth: []ssh.AuthMethod{ssh.Password(cred.Password)}, } } else { + sshAuthMethodPrivateKey, err := PublicKeyFile(cred.PrivateKey) + if err != nil { + res.Success = false + res.Status = err.Error() + sshResultChan <- res + return + } sshConfig = &ssh.ClientConfig{ User: cred.Username, Timeout: 500 * time.Millisecond, HostKeyCallback: ssh.InsecureIgnoreHostKey(), - Auth: []ssh.AuthMethod{PublicKeyFile(cred.PrivateKey)}, + Auth: []ssh.AuthMethod{sshAuthMethodPrivateKey}, } } // log.Println("Dialing:", host) - res := SSHResult{ - Host: host, - Username: cred.Username, - } + if cred.PrivateKey == "" { res.Secret = cred.Password // successStr = fmt.Sprintf("[SSH] Hostname: %s\tUsername: %s\tPassword: %s", host, cred.Username, cred.Password) @@ -163,9 +171,9 @@ func (auth *SSHAuthenticator) Brute(port int, creds []Credential, debug bool, co auth.lock.Acquire(context.TODO(), 1) wg.Add(1) go func(port int, cred Credential, debug bool, command string, source string, destination string) { - defer auth.lock.Release(1) - defer wg.Done() SSHLogin(auth.host, port, cred, debug, command, source, destination) + wg.Done() + auth.lock.Release(1) }(port, creds[i], debug, command, source, destination) } wg.Wait() @@ -182,16 +190,15 @@ func SSHBruteHost(host string, port int, creds []Credential, debug bool, command func SSHBruteForce(hosts []string, port int, creds []Credential, debug bool, command string, source string, destination string) []SSHResult { for i := 0; i < len(hosts); i++ { - go func(host string, port int, creds []Credential, debug bool, command string, source string, destination string) { - SSHBruteHost(host, port, creds, debug, command, source, destination) - }(hosts[i], port, creds, debug, command, source, destination) + go SSHBruteHost(hosts[i], port, creds, debug, command, source, destination) } var successfulHosts []SSHResult for i := 0; i < len(hosts); i++ { res := <-sshResultChan - if res.Success { - successfulHosts = append(successfulHosts, res) - } + //if res.Success { + // successfulHosts = append(successfulHosts, res) + //} + successfulHosts = append(successfulHosts, res) } return successfulHosts } diff --git a/Payload_Type/poseidon/poseidon/agentfunctions/builder.go b/Payload_Type/poseidon/poseidon/agentfunctions/builder.go index 8192a33..956036b 100644 --- a/Payload_Type/poseidon/poseidon/agentfunctions/builder.go +++ b/Payload_Type/poseidon/poseidon/agentfunctions/builder.go @@ -21,7 +21,7 @@ import ( "time" ) -const version = "2.1.1" +const version = "2.1.2" type sleepInfoStruct struct { Interval int `json:"interval"` diff --git a/Payload_Type/poseidon/poseidon/browserscripts/sshauth_new.js b/Payload_Type/poseidon/poseidon/browserscripts/sshauth_new.js index a4b9f17..7f6ec07 100644 --- a/Payload_Type/poseidon/poseidon/browserscripts/sshauth_new.js +++ b/Payload_Type/poseidon/poseidon/browserscripts/sshauth_new.js @@ -22,7 +22,7 @@ function(task, response){ "status": {"plaintext": data[j]["status"]}, "output": {"plaintext": data[j]["output"]}, "copy_status": {"plaintext": data[j]["copy_status"]}, - "rowStyle": {backgroundColor: "green", color: "white"}, + "rowStyle": {backgroundColor: data[j]["success"] ? "green" : ""}, }); } return {"table": [{