Wednesday, April 8, 2015

Running System Commands Against Multiple SSH Servers with Fabric


Fabric is a python library to automate tasks

As the README says:
Fabric is a Python (2.5-2.7) library and command-line tool for streamlining the use of SSH for application deployment or systems administration tasks.
 
More specifically, Fabric is:
A tool that lets you execute arbitrary Python functions via the command line;
A library of subroutines (built on top of a lower-level library) to make executing shell commands over SSH easy and Pythonic.

http://docs.fabfile.org/en/latest/tutorial.html

Quick and dirty script to get the same output as we did with the Metasploit post

$cat fab_ssh.py

from fabric.api import run,env

env.hosts = ['root@192.168.1.50:22', 'root@192.168.1.51:22']
env.passwords = {'root@192.168.1.50:22': 'password1, 'root@192.168.1.51:22': 'password2'}

def host_uptime():
    run('uptime')


And now lets run it

$fab host_uptime -f fab_ssh.py
from fabric.api import run,env
[root@192.168.1.50:22] Executing task 'host_uptime'
[root@192.168.1.50:22] run: uptime
[root@192.168.1.50:22] out:  07:08:26 up 22 days, 11:12,  1 user,  load average: 0.00, 0.03, 0.05
[root@192.168.1.50:22] out:

[root@192.168.1.51:22] Executing task 'host_uptime'
[root@192.168.1.51:22] run: uptime
[root@192.168.1.51:22] out:  07:08:32 up 22 days, 11:12,  1 user,  load average: 0.07, 0.02, 0.00
[root@192.168.1.51:22] out:


Done.
Disconnecting from root@192.168.1.50... done.
Disconnecting from root@192.168.1.51... done.


CG

Monday, April 6, 2015

Running System Commands Against Multiple SSH Servers With Metasploit


Want:
To run a command against multiple SSH servers and you want to use metasploit to do it


How:
There doesn't exist a multi_ssh_exec type aux module to run commands. Luckily ? the ssh_login module creates a command shell session for you, on successful logins. You can use the builtin sessions functionality to run a command against all your (SSH) sessions.

msf auxiliary(ssh_login) > sessions -h
Usage: sessions [options]

Active session manipulation and interaction.

OPTIONS:

    -K        Terminate all sessions
    -c  Run a command on the session given with -i, or all
    -d  Detach an interactive session
    -h        Help banner
    -i  Interact with the supplied session ID
    -k  Terminate sessions by session ID and/or range
    -l        List all active sessions
    -q        Quiet mode
    -r        Reset the ring buffer for the session given with -i, or all
    -s  Run a script on the session given with -i, or all
    -t  Set a response timeout (default: 15)
    -u  Upgrade a shell to a meterpreter session on many platforms
    -v        List verbose fields


Many options allow specifying session ranges using commas and dashes.
For example:  sessions -s checkvm -i 1,3-5  or  sessions -k 1-2,5,6

So given some sessions, you can pass a

sessions -c 'command' all 

against all the sessions or a

sessions -c 'command' -i 2,4,5 

against specified sessions.

Example:





CG