Luke Imhoff
1055efbeaa
Add module paths from paths['modules'] from Rails app and engines
...
MSP-9653
Allow rails engines (and other applications, like
Metasploit::Pro::Engine::Application) to define their own module paths
using the paths['modules'] entry for Rails Applications/Engines.
2014-06-02 12:32:54 -05:00
Luke Imhoff
84f5a0d499
Explicitly require gem dependencies
...
MSP-9653
2014-06-02 12:27:15 -05:00
Luke Imhoff
0e60f08e51
Don't re-establish connection
...
MSP-9653
If ActiveRecord::Base is already connected, then don't attempt to create
the database (as it involves establishing a new connection) or
establishing a new connection after the creation. Still run the
migrations as the normal Rails::Application.initialize! will result in
ActiveRecord::Base.connected? being true even if migrations are missing.
2014-05-28 14:34:36 -05:00
Luke Imhoff
38fbbdc1b5
Print tm_call one caller per line
...
MSP-9653
The inspect format was difficult to read so convert to standard
backtrace format of one caller per line.
2014-05-20 10:59:29 -05:00
Luke Imhoff
91cc9dc2d6
Add missing Msf::DBManager#drivers initialization
...
MSP-9606
2014-05-13 13:01:59 -05:00
Luke Imhoff
3448b601ee
Remove old, unused cucumber features
...
MSP-9606
2014-05-13 09:26:16 -05:00
Luke Imhoff
14cf51db91
Remove unused DatabaseCleaner
...
MSP-9606
DatabaseCleaner is no longer used in the specs since the use of railties
allowed the use of transactional fixtures.
2014-05-13 09:13:47 -05:00
Luke Imhoff
b1598e83c3
Re-enable `bundle install --without db` support
...
MSP-9606
Catch LoadError in config/application.rb when trying to require
'active_record/railtie` so that end-users can run without any of the
database gems installed. NOTE: you can't run in the development or
test environment without the database because factory_girl needs
ActiveRecord.
2014-05-12 15:39:34 -05:00
Luke Imhoff
cea7b6cd77
Revert to production as default environment
...
MSP-9606
When switching to Rails.env to integrate better with railties for
Rails::Engines, I forgot that rails would default to development instead
of production.
2014-05-12 15:37:59 -05:00
Luke Imhoff
3370465d84
Use railties to load Metasploit::Credential correctly
...
MSP-9606
In order to support Metasploit::Credential correctly,
metasploit-framework needs to support Metasploit::Concern, which does
all its magic using a Rails::Engine initializer, so the easiest path is
to make metasploit-framework be able to use Rails::Engines. To make
Rails::Engine use Rails::Engine, make a dummy Rails::Application
subclass so that all the initializers will be run when anything requires
msfenv.
2014-05-12 15:03:51 -05:00
Luke Imhoff
c70ef2afbd
Make fastlib compatible with Pathnames
...
MSP-9606
2014-05-12 10:16:39 -05:00
Luke Imhoff
f83e8a4a4f
Add missing requires
...
MSP-9606
require 'msf/base/config' when required directly was not working.
2014-05-12 10:16:10 -05:00
Luke Imhoff
cadc2dd81f
Order Gemfile
...
MSP-9606
2014-05-09 13:47:00 -05:00
Trevor Rosen
894ecaafb4
Merge pull request #12 from rapid7/feature/login_scanner/pg
...
Add Postgres LoginScanner class
MSP-9679 #land
2014-05-08 14:38:56 -05:00
David Maloney
cace6581ce
Merge branch 'master' into staging/electro_release
2014-05-08 14:34:19 -05:00
David Maloney
42de1ab1f1
whitespace removal
2014-05-08 14:18:06 -05:00
Trevor Rosen
d0d9100802
Merge pull request #11 from rapid7/feature/login_scanner/mssql
...
Add the MSSQL LoginScanner class
MSP-9679 #land
2014-05-08 13:52:09 -05:00
David Maloney
a9df810072
Merge branch 'feature/login_scanner/mssql' of github.com:rapid7/metasploit-framework-private into feature/login_scanner/mssql
2014-05-08 13:44:52 -05:00
David Maloney
e0c6e90ae8
trivial cleanup work
...
whitespace and alignment stuff
2014-05-08 13:42:52 -05:00
Trevor Rosen
cf58f214a9
New-style RVM stuff now in .gitignore
2014-05-08 13:26:08 -05:00
jvazquez-r7
8c55858eae
Land #3309 , @arnaudsoullie's changes for modblusclient
2014-05-08 10:45:19 -05:00
jvazquez-r7
25f13eac37
Clean a little response parsing
2014-05-08 10:44:53 -05:00
David Maloney
b72f0f8ffc
try to fix bad push/revert mess
2014-05-07 18:43:37 -05:00
David Maloney
9919d54116
Revert "final touches and specs"
...
This reverts commit e025fa1791
.
2014-05-07 18:34:34 -05:00
David Maloney
e025fa1791
final touches and specs
...
add finishing touches to postgres
Loginscanner and add specs to cover
the behaviour
2014-05-07 18:32:36 -05:00
David Maloney
acbff23c32
final wrap-up specs
...
successkid.jpg
2014-05-07 16:07:18 -05:00
David Maloney
7a476dc21a
fully operational lgoinscanner
...
Now you will witness the power of this fully operational
LoginScanner. fire at will, Commander!
2014-05-07 15:57:06 -05:00
David Maloney
ec974535ac
create base object for mssql scanner
...
created skeleton for MSSQL Loginscanner
included concerns.
also added an NTLM concern and shared example group
2014-05-07 14:43:15 -05:00
David Maloney
234e129523
add NTLM concern for loginscanners
...
add a new concern for LoginScanners
that provides the basic accessors and validations
for anything requiring NTLM
2014-05-07 14:28:10 -05:00
David Maloney
e6b15541ff
replace datastore calls
...
replace datastore calls with stub
methods that will be implmeneted by the loginscanner
2014-05-07 11:41:49 -05:00
David Maloney
6077135782
extract login neccisary methods
...
create new mssql mixin. extract only the methods
required for mssql_login to work and copy them
into this mixin.
2014-05-06 11:59:21 -05:00
David Maloney
507fe566a4
Merge branch 'master' into staging/electro_release
2014-05-06 11:36:19 -05:00
Arnaud SOULLIE
1f3466a3a3
Added Modbus error handling.
...
It now checks for error and displays the appropriate error message.
The only error simulated was "ILLEGAL ADDRESS", don't know how
to test for others.
2014-05-05 23:21:54 +02:00
Tod Beardsley
a8e7dc8ec5
Land #3338 for real (see 3542f85
)
...
The other commit ended up having a changed hash. This is a nop for
mostly accounting purposes.
2014-05-05 16:07:42 -05:00
Christian Mehlmauer
7f9a460c20
Land #3338 , yardoc fixes
2014-05-05 22:46:17 +02:00
Meatballs
3542f851bf
Fix some yarddoc issues
2014-05-05 22:45:41 +02:00
Meatballs
57df34b54f
Fix some yarddoc issues
2014-05-05 21:18:48 +01:00
William Vu
e8bc89af30
Land #3337 , release fixes
2014-05-05 14:03:48 -05:00
Trevor Rosen
5fd4151004
Merge pull request #10 from rapid7/feature/login_scanners/mixin_refactor
...
LoginScanner refactor
2014-05-05 13:50:42 -05:00
Tod Beardsley
c97c827140
Adjust desc and ranking on ms13-053
...
Since it's likely to crash winlogin.exe in the normal use case
(eventually), I've kicked this down to Average ranking.
2014-05-05 13:46:19 -05:00
Tod Beardsley
3536ec9a74
Description update
2014-05-05 13:43:44 -05:00
jvazquez-r7
b81f94a229
Land #3336 , @todb-r7's CVEs addition
2014-05-05 13:43:04 -05:00
Tod Beardsley
c6affcd6d3
Fix caps, description on F5 module
...
The product name isn't "Load Balancer" as far as I can tell.
2014-05-05 13:38:53 -05:00
William Vu
353a50cdd0
Land #3316 , Content-Length fix for http_ntlmrelay
2014-05-05 13:38:36 -05:00
Tod Beardsley
3072c2f08a
Update CVEs for RootedCon Yokogawa modules
...
Noticed they were nicely documented at
http://chemical-facility-security-news.blogspot.com/2014/03/ics-cert-publishes-yokogawa-advisory.html
We apparently never updated with CVE numbers.
2014-05-05 13:25:55 -05:00
sinn3r
6bfc9a8aa0
Land #3333 - Adobe Flash Player Integer Underflow Remote Code Execution
2014-05-05 10:39:26 -05:00
joev
b67418e7f1
Merge #3335 , @bcoles's fixes to FF JS payloads for single-line payloads.
2014-05-05 08:12:39 -05:00
Brendan Coles
cc8ab9bcba
Support one line js payload
...
Add missing ';' in `run_cmd_source`
2014-05-05 18:57:15 +10:00
William Vu
a8915f0ed8
Land #3310 , OpenSSH timing attack improvements
2014-05-04 19:47:51 -05:00
Tod Beardsley
8ae5dfea23
Land todb-r7#7, fix indents and grammar
2014-05-04 19:33:40 -05:00