Goliath Cleanup in preparation for merge to master

GSoC/Meterpreter_Web_Console
christopher lee 2018-03-06 10:21:22 -06:00
parent 4f6b1de9a3
commit 68d72cbfa7
11 changed files with 1995 additions and 2076 deletions

View File

@ -3,10 +3,6 @@ source 'https://rubygems.org'
# spec.add_runtime_dependency '<name>', [<version requirements>] # spec.add_runtime_dependency '<name>', [<version requirements>]
gemspec name: 'metasploit-framework' gemspec name: 'metasploit-framework'
gem 'thin'
gem 'sinatra'
# separate from test as simplecov is not run on travis-ci # separate from test as simplecov is not run on travis-ci
group :coverage do group :coverage do
# code coverage for tests # code coverage for tests

View File

@ -62,8 +62,10 @@ PATH
ruby_smb (= 0.0.18) ruby_smb (= 0.0.18)
rubyntlm rubyntlm
rubyzip rubyzip
sinatra
sqlite3 sqlite3
sshkey sshkey
thin
tzinfo tzinfo
tzinfo-data tzinfo-data
windows_error windows_error
@ -378,6 +380,7 @@ PLATFORMS
DEPENDENCIES DEPENDENCIES
factory_girl_rails factory_girl_rails
fivemat fivemat
google-protobuf (= 3.5.1)
metasploit-aggregator metasploit-aggregator
metasploit-framework! metasploit-framework!
octokit octokit
@ -387,8 +390,6 @@ DEPENDENCIES
rspec-rails rspec-rails
rspec-rerun rspec-rerun
simplecov simplecov
sinatra
thin
timecop timecop
yard yard

View File

@ -1,60 +0,0 @@
This module tests credentials on OWA 2003, 2007, 2010, 2013, and 2016 servers.
NOTE: This module assumes that login attempts that take a long time (>1 sec) to
return are using a valid domain username. This methodology does not work when
passing a full email address (user@domain.com). Full email addresses will not
be saved as potentially valid usernames unless we get a successful login.
## Verification Steps
1. Do: ```use auxiliary/scanner/http/owa_login```
2. Do: ```set RHOSTS [IP]```
3. Configure a user and password list by setting either `USERNAME`, `PASSWORD`, `USER_FILE`, or `PASS_FILE`.
4. Do: ```run```
## Scenarios
```
msf5 auxiliary(scanner/http/owa_login) > run
[*] webmail.hostingcloudapp.com:443 OWA - Testing version OWA_2013
[+] Found target domain: HOSTINGCLOUDAPP
[*] webmail.hostingcloudapp.com:443 OWA - Trying administrator : password
[*] webmail.hostingcloudapp.com:443 OWA - Resolved hostname 'webmail.hostingcloudapp.com' to address 38.126.136.24
[+] server type: EXCH2016MBX02
[*] webmail.hostingcloudapp.com:443 OWA - FAILED LOGIN, BUT USERNAME IS VALID. 0.267791 'HOSTINGCLOUDAPP\administrator' : 'password': SAVING TO CREDS
[*] webmail.hostingcloudapp.com:443 OWA - Trying administrator : password1
[*] webmail.hostingcloudapp.com:443 OWA - Resolved hostname 'webmail.hostingcloudapp.com' to address 38.126.136.24
[+] server type: EXCH2016MBX02
[*] webmail.hostingcloudapp.com:443 OWA - FAILED LOGIN, BUT USERNAME IS VALID. 0.273841 'HOSTINGCLOUDAPP\administrator' : 'password1': SAVING TO CREDS
[*] webmail.hostingcloudapp.com:443 OWA - Trying administrator : fido
[*] webmail.hostingcloudapp.com:443 OWA - Resolved hostname 'webmail.hostingcloudapp.com' to address 38.126.136.22
[+] server type: EXCH2016MBX01
[*] webmail.hostingcloudapp.com:443 OWA - FAILED LOGIN, BUT USERNAME IS VALID. 0.270796 'HOSTINGCLOUDAPP\administrator' : 'fido': SAVING TO CREDS
[*] webmail.hostingcloudapp.com:443 OWA - Trying johndoe : password
[*] webmail.hostingcloudapp.com:443 OWA - Resolved hostname 'webmail.hostingcloudapp.com' to address 38.126.136.22
[+] server type: EXCH2016MBX01
[-] webmail.hostingcloudapp.com:443 OWA - FAILED LOGIN. 2.046935 'HOSTINGCLOUDAPP\johndoe' : 'password' (HTTP redirect with reason 2)
[*] webmail.hostingcloudapp.com:443 OWA - Trying johndoe : password1
[*] webmail.hostingcloudapp.com:443 OWA - Resolved hostname 'webmail.hostingcloudapp.com' to address 38.126.136.24
[+] server type: EXCH2016MBX02
[-] webmail.hostingcloudapp.com:443 OWA - FAILED LOGIN. 2.073391 'HOSTINGCLOUDAPP\johndoe' : 'password1' (HTTP redirect with reason 2)
[*] webmail.hostingcloudapp.com:443 OWA - Trying johndoe : fido
[*] webmail.hostingcloudapp.com:443 OWA - Resolved hostname 'webmail.hostingcloudapp.com' to address 38.126.136.24
[+] server type: EXCH2016MBX02
[-] webmail.hostingcloudapp.com:443 OWA - FAILED LOGIN. 2.038717 'HOSTINGCLOUDAPP\johndoe' : 'fido' (HTTP redirect with reason 2)
[*] webmail.hostingcloudapp.com:443 OWA - Trying bob : password
[*] webmail.hostingcloudapp.com:443 OWA - Resolved hostname 'webmail.hostingcloudapp.com' to address 38.126.136.24
[+] server type: EXCH2016MBX02
[*] webmail.hostingcloudapp.com:443 OWA - FAILED LOGIN, BUT USERNAME IS VALID. 0.289186 'HOSTINGCLOUDAPP\bob' : 'password': SAVING TO CREDS
[*] webmail.hostingcloudapp.com:443 OWA - Trying bob : password1
[*] webmail.hostingcloudapp.com:443 OWA - Resolved hostname 'webmail.hostingcloudapp.com' to address 38.126.136.24
[+] server type: EXCH2016MBX02
[*] webmail.hostingcloudapp.com:443 OWA - FAILED LOGIN, BUT USERNAME IS VALID. 0.270616 'HOSTINGCLOUDAPP\bob' : 'password1': SAVING TO CREDS
[*] webmail.hostingcloudapp.com:443 OWA - Trying bob : fido
[*] webmail.hostingcloudapp.com:443 OWA - Resolved hostname 'webmail.hostingcloudapp.com' to address 38.126.136.24
[+] server type: EXCH2016MBX02
[*] webmail.hostingcloudapp.com:443 OWA - FAILED LOGIN, BUT USERNAME IS VALID. 0.275251 'HOSTINGCLOUDAPP\bob' : 'fido': SAVING TO CREDS
[*] Auxiliary module execution completed
```

View File

@ -44,11 +44,7 @@ class Metasploit::Framework::Command::Base
# #
# @return (see parsed_options) # @return (see parsed_options)
def self.require_environment! def self.require_environment!
# TODO: Look into removing Rails.application (save ~20mb)
# return self.parsed_options if ( self.parsed_options.options.database.remote_process)
parsed_options = self.parsed_options parsed_options = self.parsed_options
# RAILS_ENV must be set before requiring 'config/application.rb' # RAILS_ENV must be set before requiring 'config/application.rb'
parsed_options.environment! parsed_options.environment!
ARGV.replace(parsed_options.positional) ARGV.replace(parsed_options.positional)
@ -83,9 +79,7 @@ class Metasploit::Framework::Command::Base
def self.start def self.start
parsed_options = require_environment! parsed_options = require_environment!
is_db_remote = false # parsed_options.options.database.remote_process new(application: Rails.application, parsed_options: parsed_options).start
application = is_db_remote ? nil : Rails.application
new(application: application, parsed_options: parsed_options).start
end end
# #

View File

@ -12,28 +12,20 @@ module Msf
return return
end end
#is_remote_db = opts.delete(:is_remote_database)
allowed_module_paths = [] allowed_module_paths = []
extract_engine_module_paths(Rails.application).each do |path|
#if (!is_remote_db) allowed_module_paths << path
extract_engine_module_paths(Rails.application).each do |path| end
allowed_module_paths << path
end
#else
# allowed_module_paths << "/home/chlee/rapid7/metasploit-framework/modules"
#end
if Msf::Config.user_module_directory if Msf::Config.user_module_directory
allowed_module_paths << Msf::Config.user_module_directory allowed_module_paths << Msf::Config.user_module_directory
end end
#unless (is_remote_db) ::Rails::Engine.subclasses.map(&:instance).each do |engine|
::Rails::Engine.subclasses.map(&:instance).each do |engine| extract_engine_module_paths(engine).each do |path|
extract_engine_module_paths(engine).each do |path| allowed_module_paths << path
allowed_module_paths << path
end
end end
# end end
# If additional module paths have been defined globally, then load them. # If additional module paths have been defined globally, then load them.
# They should be separated by semi-colons. # They should be separated by semi-colons.

View File

@ -94,7 +94,6 @@ class Msf::DBManager
include Msf::DBManager::Web include Msf::DBManager::Web
include Msf::DBManager::Workspace include Msf::DBManager::Workspace
# Provides :framework and other accessors # Provides :framework and other accessors
include Msf::Framework::Offspring include Msf::Framework::Offspring

View File

@ -20,7 +20,7 @@ class SessionManager < Hash
include Framework::Offspring include Framework::Offspring
LAST_SEEN_INTERVAL = 60 * 2.5 LAST_SEEN_INTERVAL = 60 * 2.5
SCHEDULER_THREAD_COUNT = 5 SCHEDULER_THREAD_COUNT = 5
def initialize(framework) def initialize(framework)
@ -113,16 +113,14 @@ class SessionManager < Hash
last_seen_timer = Time.now.utc last_seen_timer = Time.now.utc
if framework.db.active ::ActiveRecord::Base.connection_pool.with_connection do
::ActiveRecord::Base.connection_pool.with_connection do values.each do |s|
values.each do |s| # Update the database entry on a regular basis, marking alive threads
# Update the database entry on a regular basis, marking alive threads # as recently seen. This notifies other framework instances that this
# as recently seen. This notifies other framework instances that this # session is being maintained.
# session is being maintained. if s.db_record
if s.db_record s.db_record.last_seen = Time.now.utc
s.db_record.last_seen = Time.now.utc s.db_record.save
s.db_record.save
end
end end
end end
end end

File diff suppressed because it is too large Load Diff

View File

@ -122,7 +122,7 @@ class Driver < Msf::Ui::Driver
enstack_dispatcher(dispatcher) enstack_dispatcher(dispatcher)
end end
if (framework.db.active) if framework.db && framework.db.active
require 'msf/ui/console/command_dispatcher/db' require 'msf/ui/console/command_dispatcher/db'
enstack_dispatcher(CommandDispatcher::Db) enstack_dispatcher(CommandDispatcher::Db)
require 'msf/ui/console/command_dispatcher/creds' require 'msf/ui/console/command_dispatcher/creds'
@ -195,7 +195,7 @@ class Driver < Msf::Ui::Driver
self.framework.init_module_paths(module_paths: opts['ModulePath']) self.framework.init_module_paths(module_paths: opts['ModulePath'])
end end
if framework.db.active && framework.db.is_local? && !opts['DeferModuleLoads'] if framework.db && framework.db.active && framework.db.is_local? && !opts['DeferModuleLoads']
framework.threads.spawn("ModuleCacheRebuild", true) do framework.threads.spawn("ModuleCacheRebuild", true) do
framework.modules.refresh_cache_from_module_files framework.modules.refresh_cache_from_module_files
end end

View File

@ -100,6 +100,9 @@ Gem::Specification.new do |spec|
spec.add_runtime_dependency 'redcarpet' spec.add_runtime_dependency 'redcarpet'
# Needed for Microsoft patch finding tool (msu_finder) # Needed for Microsoft patch finding tool (msu_finder)
spec.add_runtime_dependency 'patch_finder' spec.add_runtime_dependency 'patch_finder'
# Required for msfdb_ws (Metasploit data base as a webservice)
spec.add_runtime_dependency 'thin'
spec.add_runtime_dependency 'sinatra'
# TimeZone info # TimeZone info
spec.add_runtime_dependency 'tzinfo-data' spec.add_runtime_dependency 'tzinfo-data'
# Gem for dealing with SSHKeys # Gem for dealing with SSHKeys

View File

@ -254,18 +254,14 @@ class MetasploitModule < Msf::Auxiliary
else else
# Login didn't work. no point in going on, however, check if valid domain account by response time. # Login didn't work. no point in going on, however, check if valid domain account by response time.
if elapsed_time <= 1 if elapsed_time <= 1
# This timing trick doesn't work when an email address is passed, only usernames. report_cred(
# Don't save it as potentially valid in this case. ip: res.peerinfo['addr'],
unless user =~ /@\w+\.\w+/ port: datastore['RPORT'],
report_cred( service_name: 'owa',
ip: res.peerinfo['addr'], user: user
port: datastore['RPORT'], )
service_name: 'owa', print_status("#{msg} FAILED LOGIN, BUT USERNAME IS VALID. #{elapsed_time} '#{user}' : '#{pass}': SAVING TO CREDS")
user: user return :Skip_pass
)
print_status("#{msg} FAILED LOGIN, BUT USERNAME IS VALID. #{elapsed_time} '#{user}' : '#{pass}': SAVING TO CREDS")
return :Skip_pass
end
else else
vprint_error("#{msg} FAILED LOGIN. #{elapsed_time} '#{user}' : '#{pass}' (HTTP redirect with reason #{reason})") vprint_error("#{msg} FAILED LOGIN. #{elapsed_time} '#{user}' : '#{pass}' (HTTP redirect with reason #{reason})")
return :Skip_pass return :Skip_pass