metasploit-public-bot
commented
9 years ago Can one of the admins verify this patch? For more information see: https://github.com/rapid7/meterpreter/wiki/CI-Testing
Closed stufus closed 8 years ago
metasploit-public-bot
commented
9 years ago Can one of the admins verify this patch? For more information see: https://github.com/rapid7/meterpreter/wiki/CI-Testing
OJ
commented
9 years ago Thanks for the submission @stufus! I'll get around to looking at this as some point today.
stufus
commented
9 years ago @OJ No worries mate, thanks for looking at it :) Hope I don't need to change too much......
OJ
commented
9 years ago General code style comment:
We need to stick with the style used for the windows code, which uses BSD style braces instead of K&R style, and always wraps blocks in braces even if there is just one line to wrap.
OJ
commented
9 years ago Another one:
Local vars are camelCased, functions are snake_cased. Global vars are frowned upon :)
OJ
commented
9 years ago Thanks again for the submission @stufus :) I know it looks like I'm being picky/critical here but I'm not. It's just a few general tidies and a couple of semantic questions that I was interested in.
Will chat more on IRC. Cheers!
stufus
commented
9 years ago @OJ - No worries mate, I need to be consistent. I've committed a bunch of changes, hopefully this is looking in better shape
stufus
commented
9 years ago @OJ Are the changes here ok, or do I need to copy this over to the new repo?
bcook-r7
commented
9 years ago I'm going to grab this for tomorrow.
stufus
commented
9 years ago Cheers, I feel like I have some work to do on it still - will re read everything in case I have missed anything!
S
On 3 Sep 2015, at 21:29, Brent Cook notifications@github.com wrote:
I'm going to grab this for tomorrow.
— Reply to this email directly or view it on GitHub.
stufus
commented
9 years ago @bcook-r7 - Shall I just copy this to a new branch in the metasploit-payloads repo?
bcook-r7
commented
9 years ago I'm so sorry @stufus - if you have time, please do! I kept starting to do it, then getting distracted by lower hanging fruit.
stufus
commented
9 years ago @bcook-r7 no worries mate, will do - is there a clever way to preserve the history or shall I just not worry about it? :)
busterb
commented
8 years ago I wouldn't worry about it; I actually got some time today to work on this and will add a new PR on metasploit-payloads in a bit once I'm done testing.
bcook-r7
commented
8 years ago Closing this one for now.
Overview
PageantJacker is designed to allow SSH agent commands and data to be forwarded through meterpreter, between a UNIX ssh agent client and a Windows Pageant server. An example of a use case is one in which a penetration tester running Metasploit has been able to upload meterpreter onto a remote Windows machine and has discovered that Pageant is running with keys loaded. This extension would allow them to interact with the agent as if it was local. Commands such as 'ssh-add' will work natively, allowing keys to be added or deleted, and the 'ssh' client will attempt to use the keys stored in Pageant to authenticate to a host.
Components
Note that the PuTTY Enumeration module (https://github.com/rapid7/metasploit-framework/pull/5359) may be useful in determining whether to load this extension or not.
Meterpreter Extension
This extension provides the functionality to communicate with Pageant running in Windows. The IPC is implemented using shared memory, with events being generated through the Windows event loop. OpenSSH ssh-* commands can therefore be rewritten to Pageant, with the output being sent back through meterpreter.