Merge pull request #18 from clee-r7/goliath_cleanup
Goliath Cleanup in preparation for merge to masterGSoC/Meterpreter_Web_Console
commit
a872c13d9f
4
Gemfile
4
Gemfile
|
@ -3,10 +3,6 @@ source 'https://rubygems.org'
|
|||
# spec.add_runtime_dependency '<name>', [<version requirements>]
|
||||
gemspec name: 'metasploit-framework'
|
||||
|
||||
|
||||
gem 'thin'
|
||||
gem 'sinatra'
|
||||
|
||||
# separate from test as simplecov is not run on travis-ci
|
||||
group :coverage do
|
||||
# code coverage for tests
|
||||
|
|
|
@ -62,8 +62,10 @@ PATH
|
|||
ruby_smb (= 0.0.18)
|
||||
rubyntlm
|
||||
rubyzip
|
||||
sinatra
|
||||
sqlite3
|
||||
sshkey
|
||||
thin
|
||||
tzinfo
|
||||
tzinfo-data
|
||||
windows_error
|
||||
|
@ -378,6 +380,7 @@ PLATFORMS
|
|||
DEPENDENCIES
|
||||
factory_girl_rails
|
||||
fivemat
|
||||
google-protobuf (= 3.5.1)
|
||||
metasploit-aggregator
|
||||
metasploit-framework!
|
||||
octokit
|
||||
|
@ -387,8 +390,6 @@ DEPENDENCIES
|
|||
rspec-rails
|
||||
rspec-rerun
|
||||
simplecov
|
||||
sinatra
|
||||
thin
|
||||
timecop
|
||||
yard
|
||||
|
||||
|
|
|
@ -1,60 +0,0 @@
|
|||
This module tests credentials on OWA 2003, 2007, 2010, 2013, and 2016 servers.
|
||||
|
||||
NOTE: This module assumes that login attempts that take a long time (>1 sec) to
|
||||
return are using a valid domain username. This methodology does not work when
|
||||
passing a full email address (user@domain.com). Full email addresses will not
|
||||
be saved as potentially valid usernames unless we get a successful login.
|
||||
|
||||
## Verification Steps
|
||||
|
||||
1. Do: ```use auxiliary/scanner/http/owa_login```
|
||||
2. Do: ```set RHOSTS [IP]```
|
||||
3. Configure a user and password list by setting either `USERNAME`, `PASSWORD`, `USER_FILE`, or `PASS_FILE`.
|
||||
4. Do: ```run```
|
||||
|
||||
## Scenarios
|
||||
|
||||
```
|
||||
msf5 auxiliary(scanner/http/owa_login) > run
|
||||
|
||||
[*] webmail.hostingcloudapp.com:443 OWA - Testing version OWA_2013
|
||||
[+] Found target domain: HOSTINGCLOUDAPP
|
||||
[*] webmail.hostingcloudapp.com:443 OWA - Trying administrator : password
|
||||
[*] webmail.hostingcloudapp.com:443 OWA - Resolved hostname 'webmail.hostingcloudapp.com' to address 38.126.136.24
|
||||
[+] server type: EXCH2016MBX02
|
||||
[*] webmail.hostingcloudapp.com:443 OWA - FAILED LOGIN, BUT USERNAME IS VALID. 0.267791 'HOSTINGCLOUDAPP\administrator' : 'password': SAVING TO CREDS
|
||||
[*] webmail.hostingcloudapp.com:443 OWA - Trying administrator : password1
|
||||
[*] webmail.hostingcloudapp.com:443 OWA - Resolved hostname 'webmail.hostingcloudapp.com' to address 38.126.136.24
|
||||
[+] server type: EXCH2016MBX02
|
||||
[*] webmail.hostingcloudapp.com:443 OWA - FAILED LOGIN, BUT USERNAME IS VALID. 0.273841 'HOSTINGCLOUDAPP\administrator' : 'password1': SAVING TO CREDS
|
||||
[*] webmail.hostingcloudapp.com:443 OWA - Trying administrator : fido
|
||||
[*] webmail.hostingcloudapp.com:443 OWA - Resolved hostname 'webmail.hostingcloudapp.com' to address 38.126.136.22
|
||||
[+] server type: EXCH2016MBX01
|
||||
[*] webmail.hostingcloudapp.com:443 OWA - FAILED LOGIN, BUT USERNAME IS VALID. 0.270796 'HOSTINGCLOUDAPP\administrator' : 'fido': SAVING TO CREDS
|
||||
[*] webmail.hostingcloudapp.com:443 OWA - Trying johndoe : password
|
||||
[*] webmail.hostingcloudapp.com:443 OWA - Resolved hostname 'webmail.hostingcloudapp.com' to address 38.126.136.22
|
||||
[+] server type: EXCH2016MBX01
|
||||
[-] webmail.hostingcloudapp.com:443 OWA - FAILED LOGIN. 2.046935 'HOSTINGCLOUDAPP\johndoe' : 'password' (HTTP redirect with reason 2)
|
||||
[*] webmail.hostingcloudapp.com:443 OWA - Trying johndoe : password1
|
||||
[*] webmail.hostingcloudapp.com:443 OWA - Resolved hostname 'webmail.hostingcloudapp.com' to address 38.126.136.24
|
||||
[+] server type: EXCH2016MBX02
|
||||
[-] webmail.hostingcloudapp.com:443 OWA - FAILED LOGIN. 2.073391 'HOSTINGCLOUDAPP\johndoe' : 'password1' (HTTP redirect with reason 2)
|
||||
[*] webmail.hostingcloudapp.com:443 OWA - Trying johndoe : fido
|
||||
[*] webmail.hostingcloudapp.com:443 OWA - Resolved hostname 'webmail.hostingcloudapp.com' to address 38.126.136.24
|
||||
[+] server type: EXCH2016MBX02
|
||||
[-] webmail.hostingcloudapp.com:443 OWA - FAILED LOGIN. 2.038717 'HOSTINGCLOUDAPP\johndoe' : 'fido' (HTTP redirect with reason 2)
|
||||
[*] webmail.hostingcloudapp.com:443 OWA - Trying bob : password
|
||||
[*] webmail.hostingcloudapp.com:443 OWA - Resolved hostname 'webmail.hostingcloudapp.com' to address 38.126.136.24
|
||||
[+] server type: EXCH2016MBX02
|
||||
[*] webmail.hostingcloudapp.com:443 OWA - FAILED LOGIN, BUT USERNAME IS VALID. 0.289186 'HOSTINGCLOUDAPP\bob' : 'password': SAVING TO CREDS
|
||||
[*] webmail.hostingcloudapp.com:443 OWA - Trying bob : password1
|
||||
[*] webmail.hostingcloudapp.com:443 OWA - Resolved hostname 'webmail.hostingcloudapp.com' to address 38.126.136.24
|
||||
[+] server type: EXCH2016MBX02
|
||||
[*] webmail.hostingcloudapp.com:443 OWA - FAILED LOGIN, BUT USERNAME IS VALID. 0.270616 'HOSTINGCLOUDAPP\bob' : 'password1': SAVING TO CREDS
|
||||
[*] webmail.hostingcloudapp.com:443 OWA - Trying bob : fido
|
||||
[*] webmail.hostingcloudapp.com:443 OWA - Resolved hostname 'webmail.hostingcloudapp.com' to address 38.126.136.24
|
||||
[+] server type: EXCH2016MBX02
|
||||
[*] webmail.hostingcloudapp.com:443 OWA - FAILED LOGIN, BUT USERNAME IS VALID. 0.275251 'HOSTINGCLOUDAPP\bob' : 'fido': SAVING TO CREDS
|
||||
[*] Auxiliary module execution completed
|
||||
|
||||
```
|
|
@ -44,11 +44,7 @@ class Metasploit::Framework::Command::Base
|
|||
#
|
||||
# @return (see parsed_options)
|
||||
def self.require_environment!
|
||||
# TODO: Look into removing Rails.application (save ~20mb)
|
||||
# return self.parsed_options if ( self.parsed_options.options.database.remote_process)
|
||||
|
||||
parsed_options = self.parsed_options
|
||||
|
||||
# RAILS_ENV must be set before requiring 'config/application.rb'
|
||||
parsed_options.environment!
|
||||
ARGV.replace(parsed_options.positional)
|
||||
|
@ -83,9 +79,7 @@ class Metasploit::Framework::Command::Base
|
|||
|
||||
def self.start
|
||||
parsed_options = require_environment!
|
||||
is_db_remote = false # parsed_options.options.database.remote_process
|
||||
application = is_db_remote ? nil : Rails.application
|
||||
new(application: application, parsed_options: parsed_options).start
|
||||
new(application: Rails.application, parsed_options: parsed_options).start
|
||||
end
|
||||
|
||||
#
|
||||
|
|
|
@ -12,28 +12,20 @@ module Msf
|
|||
return
|
||||
end
|
||||
|
||||
#is_remote_db = opts.delete(:is_remote_database)
|
||||
allowed_module_paths = []
|
||||
|
||||
#if (!is_remote_db)
|
||||
extract_engine_module_paths(Rails.application).each do |path|
|
||||
allowed_module_paths << path
|
||||
end
|
||||
#else
|
||||
# allowed_module_paths << "/home/chlee/rapid7/metasploit-framework/modules"
|
||||
#end
|
||||
extract_engine_module_paths(Rails.application).each do |path|
|
||||
allowed_module_paths << path
|
||||
end
|
||||
|
||||
if Msf::Config.user_module_directory
|
||||
allowed_module_paths << Msf::Config.user_module_directory
|
||||
end
|
||||
|
||||
#unless (is_remote_db)
|
||||
::Rails::Engine.subclasses.map(&:instance).each do |engine|
|
||||
extract_engine_module_paths(engine).each do |path|
|
||||
allowed_module_paths << path
|
||||
end
|
||||
::Rails::Engine.subclasses.map(&:instance).each do |engine|
|
||||
extract_engine_module_paths(engine).each do |path|
|
||||
allowed_module_paths << path
|
||||
end
|
||||
# end
|
||||
end
|
||||
|
||||
# If additional module paths have been defined globally, then load them.
|
||||
# They should be separated by semi-colons.
|
||||
|
|
|
@ -94,7 +94,6 @@ class Msf::DBManager
|
|||
include Msf::DBManager::Web
|
||||
include Msf::DBManager::Workspace
|
||||
|
||||
|
||||
# Provides :framework and other accessors
|
||||
include Msf::Framework::Offspring
|
||||
|
||||
|
|
|
@ -113,16 +113,14 @@ class SessionManager < Hash
|
|||
|
||||
last_seen_timer = Time.now.utc
|
||||
|
||||
if framework.db.active
|
||||
::ActiveRecord::Base.connection_pool.with_connection do
|
||||
values.each do |s|
|
||||
# Update the database entry on a regular basis, marking alive threads
|
||||
# as recently seen. This notifies other framework instances that this
|
||||
# session is being maintained.
|
||||
if s.db_record
|
||||
s.db_record.last_seen = Time.now.utc
|
||||
s.db_record.save
|
||||
end
|
||||
::ActiveRecord::Base.connection_pool.with_connection do
|
||||
values.each do |s|
|
||||
# Update the database entry on a regular basis, marking alive threads
|
||||
# as recently seen. This notifies other framework instances that this
|
||||
# session is being maintained.
|
||||
if s.db_record
|
||||
s.db_record.last_seen = Time.now.utc
|
||||
s.db_record.save
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
File diff suppressed because it is too large
Load Diff
|
@ -122,7 +122,7 @@ class Driver < Msf::Ui::Driver
|
|||
enstack_dispatcher(dispatcher)
|
||||
end
|
||||
|
||||
if (framework.db.active)
|
||||
if framework.db && framework.db.active
|
||||
require 'msf/ui/console/command_dispatcher/db'
|
||||
enstack_dispatcher(CommandDispatcher::Db)
|
||||
require 'msf/ui/console/command_dispatcher/creds'
|
||||
|
@ -195,7 +195,7 @@ class Driver < Msf::Ui::Driver
|
|||
self.framework.init_module_paths(module_paths: opts['ModulePath'])
|
||||
end
|
||||
|
||||
if framework.db.active && framework.db.is_local? && !opts['DeferModuleLoads']
|
||||
if framework.db && framework.db.active && framework.db.is_local? && !opts['DeferModuleLoads']
|
||||
framework.threads.spawn("ModuleCacheRebuild", true) do
|
||||
framework.modules.refresh_cache_from_module_files
|
||||
end
|
||||
|
|
|
@ -100,6 +100,9 @@ Gem::Specification.new do |spec|
|
|||
spec.add_runtime_dependency 'redcarpet'
|
||||
# Needed for Microsoft patch finding tool (msu_finder)
|
||||
spec.add_runtime_dependency 'patch_finder'
|
||||
# Required for msfdb_ws (Metasploit data base as a webservice)
|
||||
spec.add_runtime_dependency 'thin'
|
||||
spec.add_runtime_dependency 'sinatra'
|
||||
# TimeZone info
|
||||
spec.add_runtime_dependency 'tzinfo-data'
|
||||
# Gem for dealing with SSHKeys
|
||||
|
|
|
@ -254,18 +254,14 @@ class MetasploitModule < Msf::Auxiliary
|
|||
else
|
||||
# Login didn't work. no point in going on, however, check if valid domain account by response time.
|
||||
if elapsed_time <= 1
|
||||
# This timing trick doesn't work when an email address is passed, only usernames.
|
||||
# Don't save it as potentially valid in this case.
|
||||
unless user =~ /@\w+\.\w+/
|
||||
report_cred(
|
||||
ip: res.peerinfo['addr'],
|
||||
port: datastore['RPORT'],
|
||||
service_name: 'owa',
|
||||
user: user
|
||||
)
|
||||
print_status("#{msg} FAILED LOGIN, BUT USERNAME IS VALID. #{elapsed_time} '#{user}' : '#{pass}': SAVING TO CREDS")
|
||||
return :Skip_pass
|
||||
end
|
||||
report_cred(
|
||||
ip: res.peerinfo['addr'],
|
||||
port: datastore['RPORT'],
|
||||
service_name: 'owa',
|
||||
user: user
|
||||
)
|
||||
print_status("#{msg} FAILED LOGIN, BUT USERNAME IS VALID. #{elapsed_time} '#{user}' : '#{pass}': SAVING TO CREDS")
|
||||
return :Skip_pass
|
||||
else
|
||||
vprint_error("#{msg} FAILED LOGIN. #{elapsed_time} '#{user}' : '#{pass}' (HTTP redirect with reason #{reason})")
|
||||
return :Skip_pass
|
||||
|
|
Loading…
Reference in New Issue