sshmitm.plugins.scp.cve202229154 module
This plugin modifies the behavior of the rsync command in SCP. The rsync-inject-file argument can be specified to add an additional file to the rsync command sent to the server. The rewritten rsync command is logged for informational purposes.
- class sshmitm.plugins.scp.cve202229154.CVE202229154(session)
Bases:
SCPForwarderInjects an additional file path into rsync commands (CVE-2022-29154).
When an rsync client syncs files over SSH, this plugin rewrites the rsync server command to append an extra file path. As a result, the rsync server sends the attacker-controlled file to the client in addition to the originally requested content.
Usage example
ssh-mitm server --scp-forwarder CVE-2022-29154 --rsync-inject-file /path/to/inject.txt
Notes
Only rsync commands (those starting with
rsync --server) are rewritten; all other SCP or exec traffic passes through unchanged.The injected file path is appended to the rsync argument list; rsync on the server side then includes that path in the transfer.
- Parameters:
session (
Session)
- classmethod parser_arguments()
- Return type:
None
- rewrite_scp_command(command)
- Parameters:
command (
str)- Return type:
str