Goliath Cleanup in preparation for merge to master

2018-03-06 10:21:22 -06:00 · 2018-03-06 10:21:22 -06:00 · 68d72cbfa7
parent 4f6b1de9a3
commit 68d72cbfa7
11 changed files with 1995 additions and 2076 deletions
--- a/4
+++ b/4
@ -3,10 +3,6 @@ source 'https://rubygems.org'
 #   spec.add_runtime_dependency '<name>', [<version requirements>]
 gemspec name: 'metasploit-framework'

-
-gem 'thin'
-gem 'sinatra'
-
 # separate from test as simplecov is not run on travis-ci
 group :coverage do
  # code coverage for tests
--- a/Gemfile.lock
+++ b/Gemfile.lock
@ -62,8 +62,10 @@ PATH
      ruby_smb (= 0.0.18)
      rubyntlm
      rubyzip
+      sinatra
      sqlite3
      sshkey
+      thin
      tzinfo
      tzinfo-data
      windows_error
@ -378,6 +380,7 @@ PLATFORMS
 DEPENDENCIES
  factory_girl_rails
  fivemat
+  google-protobuf (= 3.5.1)
  metasploit-aggregator
  metasploit-framework!
  octokit
@ -387,8 +390,6 @@ DEPENDENCIES
  rspec-rails
  rspec-rerun
  simplecov
-  sinatra
-  thin
  timecop
  yard

--- a/documentation/modules/auxiliary/scanner/http/owa_login.md
+++ b/documentation/modules/auxiliary/scanner/http/owa_login.md
@ -1,60 +0,0 @@
-This module tests credentials on OWA 2003, 2007, 2010, 2013, and 2016 servers.
-
-NOTE: This module assumes that login attempts that take a long time (>1 sec) to
-return are using a valid domain username. This methodology does not work when
-passing a full email address (user@domain.com). Full email addresses will not
-be saved as potentially valid usernames unless we get a successful login.
-
-## Verification Steps
-
-1. Do: ```use auxiliary/scanner/http/owa_login```
-2. Do: ```set RHOSTS [IP]```
-3. Configure a user and password list by setting either `USERNAME`, `PASSWORD`, `USER_FILE`, or `PASS_FILE`.
-4. Do: ```run```
-
-## Scenarios
-
-```
-msf5 auxiliary(scanner/http/owa_login) > run
-
-[*] webmail.hostingcloudapp.com:443 OWA - Testing version OWA_2013
-[+] Found target domain: HOSTINGCLOUDAPP
-[*] webmail.hostingcloudapp.com:443 OWA - Trying administrator : password
-[*] webmail.hostingcloudapp.com:443 OWA - Resolved hostname 'webmail.hostingcloudapp.com' to address 38.126.136.24
-[+] server type: EXCH2016MBX02
-[*] webmail.hostingcloudapp.com:443 OWA - FAILED LOGIN, BUT USERNAME IS VALID. 0.267791 'HOSTINGCLOUDAPP\administrator' : 'password': SAVING TO CREDS
-[*] webmail.hostingcloudapp.com:443 OWA - Trying administrator : password1
-[*] webmail.hostingcloudapp.com:443 OWA - Resolved hostname 'webmail.hostingcloudapp.com' to address 38.126.136.24
-[+] server type: EXCH2016MBX02
-[*] webmail.hostingcloudapp.com:443 OWA - FAILED LOGIN, BUT USERNAME IS VALID. 0.273841 'HOSTINGCLOUDAPP\administrator' : 'password1': SAVING TO CREDS
-[*] webmail.hostingcloudapp.com:443 OWA - Trying administrator : fido
-[*] webmail.hostingcloudapp.com:443 OWA - Resolved hostname 'webmail.hostingcloudapp.com' to address 38.126.136.22
-[+] server type: EXCH2016MBX01
-[*] webmail.hostingcloudapp.com:443 OWA - FAILED LOGIN, BUT USERNAME IS VALID. 0.270796 'HOSTINGCLOUDAPP\administrator' : 'fido': SAVING TO CREDS
-[*] webmail.hostingcloudapp.com:443 OWA - Trying johndoe : password
-[*] webmail.hostingcloudapp.com:443 OWA - Resolved hostname 'webmail.hostingcloudapp.com' to address 38.126.136.22
-[+] server type: EXCH2016MBX01
-[-] webmail.hostingcloudapp.com:443 OWA - FAILED LOGIN. 2.046935 'HOSTINGCLOUDAPP\johndoe' : 'password' (HTTP redirect with reason 2)
-[*] webmail.hostingcloudapp.com:443 OWA - Trying johndoe : password1
-[*] webmail.hostingcloudapp.com:443 OWA - Resolved hostname 'webmail.hostingcloudapp.com' to address 38.126.136.24
-[+] server type: EXCH2016MBX02
-[-] webmail.hostingcloudapp.com:443 OWA - FAILED LOGIN. 2.073391 'HOSTINGCLOUDAPP\johndoe' : 'password1' (HTTP redirect with reason 2)
-[*] webmail.hostingcloudapp.com:443 OWA - Trying johndoe : fido
-[*] webmail.hostingcloudapp.com:443 OWA - Resolved hostname 'webmail.hostingcloudapp.com' to address 38.126.136.24
-[+] server type: EXCH2016MBX02
-[-] webmail.hostingcloudapp.com:443 OWA - FAILED LOGIN. 2.038717 'HOSTINGCLOUDAPP\johndoe' : 'fido' (HTTP redirect with reason 2)
-[*] webmail.hostingcloudapp.com:443 OWA - Trying bob : password
-[*] webmail.hostingcloudapp.com:443 OWA - Resolved hostname 'webmail.hostingcloudapp.com' to address 38.126.136.24
-[+] server type: EXCH2016MBX02
-[*] webmail.hostingcloudapp.com:443 OWA - FAILED LOGIN, BUT USERNAME IS VALID. 0.289186 'HOSTINGCLOUDAPP\bob' : 'password': SAVING TO CREDS
-[*] webmail.hostingcloudapp.com:443 OWA - Trying bob : password1
-[*] webmail.hostingcloudapp.com:443 OWA - Resolved hostname 'webmail.hostingcloudapp.com' to address 38.126.136.24
-[+] server type: EXCH2016MBX02
-[*] webmail.hostingcloudapp.com:443 OWA - FAILED LOGIN, BUT USERNAME IS VALID. 0.270616 'HOSTINGCLOUDAPP\bob' : 'password1': SAVING TO CREDS
-[*] webmail.hostingcloudapp.com:443 OWA - Trying bob : fido
-[*] webmail.hostingcloudapp.com:443 OWA - Resolved hostname 'webmail.hostingcloudapp.com' to address 38.126.136.24
-[+] server type: EXCH2016MBX02
-[*] webmail.hostingcloudapp.com:443 OWA - FAILED LOGIN, BUT USERNAME IS VALID. 0.275251 'HOSTINGCLOUDAPP\bob' : 'fido': SAVING TO CREDS
-[*] Auxiliary module execution completed
-
-```
--- a/lib/metasploit/framework/command/base.rb
+++ b/lib/metasploit/framework/command/base.rb
@ -44,11 +44,7 @@ class Metasploit::Framework::Command::Base
  #
  # @return (see parsed_options)
  def self.require_environment!
-    # TODO: Look into removing Rails.application (save ~20mb)
-    # return self.parsed_options if ( self.parsed_options.options.database.remote_process)
-
    parsed_options = self.parsed_options
-
    # RAILS_ENV must be set before requiring 'config/application.rb'
    parsed_options.environment!
    ARGV.replace(parsed_options.positional)
@ -83,9 +79,7 @@ class Metasploit::Framework::Command::Base

  def self.start
    parsed_options = require_environment!
-    is_db_remote = false # parsed_options.options.database.remote_process
-    application = is_db_remote ? nil : Rails.application
-    new(application: application, parsed_options: parsed_options).start
+    new(application: Rails.application, parsed_options: parsed_options).start
  end

  #
--- a/lib/msf/base/simple/framework/module_paths.rb
+++ b/lib/msf/base/simple/framework/module_paths.rb
@ -12,28 +12,20 @@ module Msf
            return
          end

-          #is_remote_db = opts.delete(:is_remote_database)
          allowed_module_paths = []
-
-          #if (!is_remote_db)
-            extract_engine_module_paths(Rails.application).each do |path|
-              allowed_module_paths << path
-            end
-          #else
-          #  allowed_module_paths << "/home/chlee/rapid7/metasploit-framework/modules"
-          #end
+          extract_engine_module_paths(Rails.application).each do |path|
+            allowed_module_paths << path
+          end

          if Msf::Config.user_module_directory
            allowed_module_paths << Msf::Config.user_module_directory
          end

-          #unless (is_remote_db)
-            ::Rails::Engine.subclasses.map(&:instance).each do |engine|
-              extract_engine_module_paths(engine).each do |path|
-                allowed_module_paths << path
-              end
+          ::Rails::Engine.subclasses.map(&:instance).each do |engine|
+            extract_engine_module_paths(engine).each do |path|
+              allowed_module_paths << path
            end
-         # end
+          end

          # If additional module paths have been defined globally, then load them.
          # They should be separated by semi-colons.
--- a/lib/msf/core/db_manager.rb
+++ b/lib/msf/core/db_manager.rb
@ -94,7 +94,6 @@ class Msf::DBManager
  include Msf::DBManager::Web
  include Msf::DBManager::Workspace

-
  # Provides :framework and other accessors
  include Msf::Framework::Offspring

--- a/lib/msf/core/session_manager.rb
+++ b/lib/msf/core/session_manager.rb
@ -20,7 +20,7 @@ class SessionManager < Hash

  include Framework::Offspring

-  LAST_SEEN_INTERVAL = 60 * 2.5
+  LAST_SEEN_INTERVAL  = 60 * 2.5
  SCHEDULER_THREAD_COUNT = 5

  def initialize(framework)
@ -113,16 +113,14 @@ class SessionManager < Hash

          last_seen_timer = Time.now.utc

-          if framework.db.active
-            ::ActiveRecord::Base.connection_pool.with_connection do
-              values.each do |s|
-                # Update the database entry on a regular basis, marking alive threads
-                # as recently seen.  This notifies other framework instances that this
-                # session is being maintained.
-                if s.db_record
-                  s.db_record.last_seen = Time.now.utc
-                  s.db_record.save
-                end
+          ::ActiveRecord::Base.connection_pool.with_connection do
+            values.each do |s|
+              # Update the database entry on a regular basis, marking alive threads
+              # as recently seen.  This notifies other framework instances that this
+              # session is being maintained.
+              if s.db_record
+                s.db_record.last_seen = Time.now.utc
+                s.db_record.save
              end
            end
          end
--- a/lib/msf/ui/console/command_dispatcher/db.rb
+++ b/lib/msf/ui/console/command_dispatcher/db.rb
--- a/lib/msf/ui/console/driver.rb
+++ b/lib/msf/ui/console/driver.rb
@ -122,7 +122,7 @@ class Driver < Msf::Ui::Driver
      enstack_dispatcher(dispatcher)
    end

-    if (framework.db.active)
+    if framework.db && framework.db.active
        require 'msf/ui/console/command_dispatcher/db'
        enstack_dispatcher(CommandDispatcher::Db)
        require 'msf/ui/console/command_dispatcher/creds'
@ -195,7 +195,7 @@ class Driver < Msf::Ui::Driver
      self.framework.init_module_paths(module_paths: opts['ModulePath'])
    end

-    if framework.db.active && framework.db.is_local? && !opts['DeferModuleLoads']
+    if framework.db && framework.db.active && framework.db.is_local? && !opts['DeferModuleLoads']
      framework.threads.spawn("ModuleCacheRebuild", true) do
        framework.modules.refresh_cache_from_module_files
      end
--- a/metasploit-framework.gemspec
+++ b/metasploit-framework.gemspec
@ -100,6 +100,9 @@ Gem::Specification.new do |spec|
  spec.add_runtime_dependency 'redcarpet'
  # Needed for Microsoft patch finding tool (msu_finder)
  spec.add_runtime_dependency 'patch_finder'
+  # Required for msfdb_ws (Metasploit data base as a webservice)
+  spec.add_runtime_dependency 'thin'
+  spec.add_runtime_dependency 'sinatra'
  # TimeZone info
  spec.add_runtime_dependency 'tzinfo-data'
  # Gem for dealing with SSHKeys
--- a/modules/auxiliary/scanner/http/owa_login.rb
+++ b/modules/auxiliary/scanner/http/owa_login.rb
@ -254,18 +254,14 @@ class MetasploitModule < Msf::Auxiliary
      else
        # Login didn't work. no point in going on, however, check if valid domain account by response time.
        if elapsed_time <= 1
-          # This timing trick doesn't work when an email address is passed, only usernames.
-          # Don't save it as potentially valid in this case.
-          unless user =~ /@\w+\.\w+/
-            report_cred(
-              ip: res.peerinfo['addr'],
-              port: datastore['RPORT'],
-              service_name: 'owa',
-              user: user
-            )
-            print_status("#{msg} FAILED LOGIN, BUT USERNAME IS VALID. #{elapsed_time} '#{user}' : '#{pass}': SAVING TO CREDS")
-            return :Skip_pass
-          end
+          report_cred(
+            ip: res.peerinfo['addr'],
+            port: datastore['RPORT'],
+            service_name: 'owa',
+            user: user
+          )
+          print_status("#{msg} FAILED LOGIN, BUT USERNAME IS VALID. #{elapsed_time} '#{user}' : '#{pass}': SAVING TO CREDS")
+          return :Skip_pass
        else
          vprint_error("#{msg} FAILED LOGIN. #{elapsed_time} '#{user}' : '#{pass}' (HTTP redirect with reason #{reason})")
          return :Skip_pass