Merge remote-tracking branch 'upstream/staging/electro-release' into staging/electro-release

2014-08-04 18:06:54 -05:00 · 2014-08-04 18:06:54 -05:00 · 6bc7643475
parent 75dfcb2791 1691795901
commit 6bc7643475
16 changed files with 122 additions and 44 deletions
--- a/.gitignore
+++ b/.gitignore
@ -7,8 +7,6 @@ Gemfile.local.lock
 .sublime-project
 # RVM control file, keep this to avoid backdooring Metasploit
 .rvmrc
-.ruby-version
-.ruby-gemset
 # YARD cache directory
 .yardoc
 # Mac OS X files
--- a/.ruby-gemset
+++ b/.ruby-gemset
@ -0,0 +1 @@
+metasploit-framework
--- a/.ruby-version
+++ b/.ruby-version
@ -0,0 +1 @@
+1.9.3-p484
--- a/2
+++ b/2
@ -7,7 +7,7 @@ group :db do
  # Needed for Msf::DbManager
  gem 'activerecord', '>= 3.0.0', '< 4.0.0'
  # Metasploit::Credential database models
-  gem 'metasploit-credential', '~>0.8.2'
+  gem 'metasploit-credential', '>= 0.8.6', '< 0.9'
  # Database models shared between framework and Pro.
  gem 'metasploit_data_models', '~> 0.19'
  # Needed for module caching in Mdm::ModuleDetails
--- a/Gemfile.lock
+++ b/Gemfile.lock
@ -61,7 +61,7 @@ GEM
    json (1.8.1)
    metasploit-concern (0.1.1)
      activesupport (~> 3.0, >= 3.0.0)
-    metasploit-credential (0.8.3)
+    metasploit-credential (0.8.6)
      metasploit-concern (~> 0.1.0)
      metasploit-model (~> 0.26.1)
      metasploit_data_models (~> 0.19.4)
@ -160,7 +160,7 @@ DEPENDENCIES
  factory_girl (>= 4.1.0)
  factory_girl_rails
  fivemat (= 1.2.1)
-  metasploit-credential (~> 0.8.2)
+  metasploit-credential (>= 0.8.6, < 0.9)
  metasploit-framework!
  metasploit_data_models (~> 0.19)
  network_interface (~> 0.0.1)
--- a/db/schema.rb
+++ b/db/schema.rb
@ -11,7 +11,7 @@
 #
 # It's strongly recommended to check this file into your version control system.

-ActiveRecord::Schema.define(:version => 20140722174919) do
+ActiveRecord::Schema.define(:version => 20140801150537) do

  create_table "api_keys", :force => true do |t|
    t.text     "token"
@ -193,6 +193,12 @@ ActiveRecord::Schema.define(:version => 20140722174919) do
  add_index "metasploit_credential_cores", ["private_id"], :name => "index_metasploit_credential_cores_on_private_id"
  add_index "metasploit_credential_cores", ["public_id"], :name => "index_metasploit_credential_cores_on_public_id"
  add_index "metasploit_credential_cores", ["realm_id"], :name => "index_metasploit_credential_cores_on_realm_id"
+  add_index "metasploit_credential_cores", ["workspace_id", "private_id"], :name => "unique_private_metasploit_credential_cores", :unique => true
+  add_index "metasploit_credential_cores", ["workspace_id", "public_id", "private_id"], :name => "unique_realmless_metasploit_credential_cores", :unique => true
+  add_index "metasploit_credential_cores", ["workspace_id", "public_id"], :name => "unique_public_metasploit_credential_cores", :unique => true
+  add_index "metasploit_credential_cores", ["workspace_id", "realm_id", "private_id"], :name => "unique_publicless_metasploit_credential_cores", :unique => true
+  add_index "metasploit_credential_cores", ["workspace_id", "realm_id", "public_id", "private_id"], :name => "unique_complete_metasploit_credential_cores", :unique => true
+  add_index "metasploit_credential_cores", ["workspace_id", "realm_id", "public_id"], :name => "unique_privateless_metasploit_credential_cores", :unique => true
  add_index "metasploit_credential_cores", ["workspace_id"], :name => "index_metasploit_credential_cores_on_workspace_id"

  create_table "metasploit_credential_logins", :force => true do |t|
--- a/lib/metasploit/framework/api.rb
+++ b/lib/metasploit/framework/api.rb
@ -0,0 +1,7 @@
+module Metasploit
+  module Framework
+    module API
+
+    end
+  end
+end
--- a/lib/metasploit/framework/api/version.rb
+++ b/lib/metasploit/framework/api/version.rb
@ -0,0 +1,16 @@
+module Metasploit
+  module Framework
+    module API
+      # @note This is a like.  The API version is not semantically version and it's version has actually never changed
+      #    even though API changes have occured.  DO NOT base compatibility on this version.
+      module Version
+        MAJOR = 1
+        MINOR = 0
+        PATCH = 0
+      end
+
+      VERSION = "#{Version::MAJOR}.#{Version::MINOR}.#{Version::PATCH}"
+      GEM_VERSION = Gem::Version.new(VERSION)
+    end
+  end
+end
--- a/lib/metasploit/framework/core.rb
+++ b/lib/metasploit/framework/core.rb
@ -0,0 +1,7 @@
+module Metasploit
+  module Framework
+    module Core
+
+    end
+  end
+end
--- a/lib/metasploit/framework/core/version.rb
+++ b/lib/metasploit/framework/core/version.rb
@ -0,0 +1,19 @@
+require 'metasploit/framework/version'
+
+module Metasploit
+  module Framework
+    # @note This is a lie.  The core libraries are not semantically versioned.  This is currently just linked to the
+    #   Metasploit::Framework::Version, which is also not semantically versioned.
+    module Core
+      module Version
+        MAJOR = Metasploit::Framework::Version::MAJOR
+        MINOR = Metasploit::Framework::Version::MINOR
+        PATCH = Metasploit::Framework::Version::PATCH
+        PRERELEASE = Metasploit::Framework::Version::PRERELEASE
+      end
+
+      VERSION = Metasploit::Framework::VERSION
+      GEM_VERSION = Gem::Version.new(Metasploit::Framework::GEM_VERSION)
+    end
+  end
+end
--- a/lib/msf/core/db.rb
+++ b/lib/msf/core/db.rb
@ -2177,9 +2177,15 @@ class DBManager
  # @return [Integer] ID of created report
  def report_report(opts)
    return if not active
-  ::ActiveRecord::Base.connection_pool.with_connection {
+    created = opts.delete(:created_at)
+    updated = opts.delete(:updated_at)
+    state   = opts.delete(:state)

+  ::ActiveRecord::Base.connection_pool.with_connection {
    report = Report.new(opts)
+    report.created_at = created
+    report.updated_at = updated
+
    unless report.valid?
      errors = report.errors.full_messages.join('; ')
      raise RuntimeError "Report to be imported is not valid: #{errors}"
@ -2194,10 +2200,14 @@ class DBManager
  # Creates a ReportArtifact based on passed parameters.
  # @param opts [Hash] of ReportArtifact attributes
  def report_artifact(opts)
+    return if not active
+
    artifacts_dir = Report::ARTIFACT_DIR
    tmp_path = opts[:file_path]
    artifact_name = File.basename tmp_path
    new_path = File.join(artifacts_dir, artifact_name)
+    created = opts.delete(:created_at)
+    updated = opts.delete(:updated_at)

    unless File.exists? tmp_path
      raise DBImportError 'Report artifact file to be imported does not exist.'
@ -2215,6 +2225,9 @@ class DBManager
    FileUtils.copy(tmp_path, new_path)
    opts[:file_path] = new_path
    artifact = ReportArtifact.new(opts)
+    artifact.created_at = created
+    artifact.updated_at = updated
+
    unless artifact.valid?
      errors = artifact.errors.full_messages.join('; ')
      raise RuntimeError "Artifact to be imported is not valid: #{errors}"
--- a/lib/msf/core/framework.rb
+++ b/lib/msf/core/framework.rb
@ -42,14 +42,6 @@ class Framework
  # EICAR canary
  EICARCorrupted      = ::Msf::Util::EXE.is_eicar_corrupted?

-  # API Version
-  APIMajor = 1
-  APIMinor = 0
-
-  # Base/API Version
-  VersionCore  = Major + (Minor / 10.0)
-  VersionAPI   = APIMajor + (APIMinor / 10.0)
-
  #
  # Mixin meant to be included into all classes that can have instances that
  # should be tied to the framework, such as modules.
--- a/lib/msf/core/modules/namespace.rb
+++ b/lib/msf/core/modules/namespace.rb
@ -1,3 +1,6 @@
+require 'metasploit/framework/api/version'
+require 'metasploit/framework/core/version'
+
 # Concern for behavior that all namespace modules that wrap Msf::Modules must support like version checking and
 # grabbing the version specific-Metasploit* class.
 module Msf::Modules::Namespace
@ -54,11 +57,11 @@ module Msf::Modules::Namespace
  def version_compatible!(module_path, module_reference_name)
    if const_defined?(:RequiredVersions)
      required_versions = const_get(:RequiredVersions)
-      minimum_core_version = required_versions[0]
-      minimum_api_version = required_versions[1]
+      minimum_core_version = Gem::Version.new(required_versions[0].to_s)
+      minimum_api_version = Gem::Version.new(required_versions[1].to_s)

-      if (minimum_core_version > ::Msf::Framework::VersionCore or
-          minimum_api_version > ::Msf::Framework::VersionAPI)
+      if (minimum_core_version > Metasploit::Framework::Core::GEM_VERSION ||
+          minimum_api_version > Metasploit::Framework::API::GEM_VERSION)
        raise Msf::Modules::VersionCompatibilityError.new(
                  :module_path => module_path,
                  :module_reference_name => module_reference_name,
--- a/lib/msf/ui/console/command_dispatcher/core.rb
+++ b/lib/msf/ui/console/command_dispatcher/core.rb
@ -408,7 +408,7 @@ class Core
    avdwarn = nil

    banner_trailers = {
-      :version     => "%yelmetasploit v#{Msf::Framework::Version} [core:#{Msf::Framework::VersionCore} api:#{Msf::Framework::VersionAPI}]%clr",
+      :version     => "%yelmetasploit v#{Msf::Framework::Version} [core:#{Metasploit::Framework::Core::GEM_VERSION} api:#{Metasploit::Framework::API::GEM_VERSION}]%clr",
      :exp_aux_pos => "#{framework.stats.num_exploits} exploits - #{framework.stats.num_auxiliary} auxiliary - #{framework.stats.num_post} post",
      :pay_enc_nop => "#{framework.stats.num_payloads} payloads - #{framework.stats.num_encoders} encoders - #{framework.stats.num_nops} nops",
      :free_trial  => "Free Metasploit Pro trial: http://r-7.co/trymsp",
--- a/modules/post/windows/gather/credentials/sso.rb
+++ b/modules/post/windows/gather/credentials/sso.rb
@ -101,24 +101,39 @@ class Metasploit3 < Msf::Post
    return if (user.empty? or pass.empty?)
    return if pass.include?("n.a.")

-    if session.db_record
-      source_id = session.db_record.id
-    else
-      source_id = nil
+    # Assemble data about the credential objects we will be creating
+    credential_data = {
+      origin_type: :session,
+      post_reference_name: self.refname,
+      private_data: pass,
+      private_type: :password,
+      session_id: session_db_id,
+      username: user,
+      workspace_id: myworkspace_id
+    }
+
+    unless domain.blank?
+      credential_data[:realm_key]   = Metasploit::Model::Realm::Key::ACTIVE_DIRECTORY_DOMAIN
+      credential_data[:realm_value] = domain
    end

-    report_auth_info(
-      :host  => session.session_host,
-      :port => 445,
-      :sname => 'smb',
-      :proto => 'tcp',
-      :source_id => source_id,
-      :source_type => "exploit",
-      :user => "#{domain}\\#{user}",
-      :pass => pass
-    )
+    credential_core = create_credential(credential_data)
+
+    # Assemble the options hash for creating the Metasploit::Credential::Login object
+    login_data = {
+      core: credential_core,
+      status: Metasploit::Model::Login::Status::UNTRIED,
+      address: ::Rex::Socket.getaddress(session.sock.peerhost, true),
+      port: 445,
+      service_name: 'smb',
+      protocol: 'tcp',
+      workspace_id: myworkspace_id
+    }
+
+    create_credential_login(login_data)
  end

+
  def is_system_user?(user)
    system_users = [
      /^$/,
--- a/spec/lib/msf/core/modules/namespace_spec.rb
+++ b/spec/lib/msf/core/modules/namespace_spec.rb
@ -209,8 +209,8 @@ describe Msf::Modules::Namespace do
      end

      context 'with minimum Core version' do
-        it 'should be <= Msf::Framework::VersionCore' do
-          minimum_core_version.should <= Msf::Framework::VersionCore
+        it 'is <= Metasploit::Framework::Core::GEM_VERSION when converted to Gem::Version' do
+          expect(Gem::Version.new(minimum_core_version.to_s)).to be <= Metasploit::Framework::Core::GEM_VERSION
        end

        context 'without minimum API version' do
@ -218,8 +218,8 @@ describe Msf::Modules::Namespace do
            2
          end

-          it 'should be > Msf::Framework::VersionAPI' do
-            minimum_api_version.should > Msf::Framework::VersionAPI
+          it 'is > Metasploit::Framework::API::GEM_VERSION when converted to Gem::Version' do
+            expect(Gem::Version.new(minimum_api_version.to_s)).to be > Metasploit::Framework::API::GEM_VERSION
          end

          it_should_behave_like 'Msf::Modules::VersionCompatibilityError'
@ -239,8 +239,8 @@ describe Msf::Modules::Namespace do
          5
        end

-        it 'should be > Msf::Framework::VersionCore' do
-          minimum_core_version.should > Msf::Framework::VersionCore
+        it 'is > Metasploit::Framework::Core::GEM_VERSION when converted to Gem::Version' do
+          expect(Gem::Version.new(minimum_core_version.to_s)).to be > Metasploit::Framework::Core::GEM_VERSION
        end

        context 'without minimum API version' do
@ -248,16 +248,16 @@ describe Msf::Modules::Namespace do
            2
          end

-          it 'should be > Msf::Framework::VersionAPI' do
-            minimum_api_version.should > Msf::Framework::VersionAPI
+          it 'is > Metasploit::Framework::API::GEM_VERSION when converted to Gem::Version' do
+            expect(Gem::Version.new(minimum_api_version.to_s)).to be > Metasploit::Framework::API::GEM_VERSION
          end

          it_should_behave_like 'Msf::Modules::VersionCompatibilityError'
        end

        context 'with minimum API version' do
-          it 'should be <= Msf::Framework::VersionAPI' do
-            minimum_api_version <= Msf::Framework::VersionAPI
+          it 'is <= Metasploit::Framework::API::GEM_VERSION when converted to Gem::Version' do
+            expect(Gem::Version.new(minimum_api_version.to_s)).to be <= Metasploit::Framework::API::GEM_VERSION
          end

          it_should_behave_like 'Msf::Modules::VersionCompatibilityError'