Commit Graph

27068 Commits (10d50e77eb73892fee821f925aec9f7e4e354530)

Author SHA1 Message Date
Luke Imhoff 20177c7c23
Restore backup database.yml when retesting after interrupt
MSP-11153

Restore the config/database.yml backed up to
config/database.yml.cucumber.bak in the db:config:restore task, which is
made a dependency of the environment rake task so that
config/database.yml is restored before Rails tries to use it in the
environment task.  This specifically, allows for rake cucumber to be
interrupted when the config/database.yml has been moved to
config/database.yml.cucumber.bak and a subsequence rake cucumber to
succeed and restore config/database.yml, but any task that depends on
environment will restore the config/database.yml.
2014-08-28 15:20:53 -05:00
nnam 02bbd53b82 Fix failure messages for check(). 2014-08-28 12:09:35 -07:00
Luke Imhoff 7a8d7a38d1
Remove debugging 'puts'
MSP-11153
2014-08-28 13:48:46 -05:00
Nicholas Nam 6c90a50e47 Handle res.nil case in check(). Revert check for res.nil in
execute_command() because it was failing prior to the reverse_shell
connecting.
2014-08-28 10:57:52 -07:00
Nicholas Nam 0788ce9745 Removed unused require and import. Handle the res.nil case in
execute_command() and authenticate().
2014-08-28 10:30:30 -07:00
sinn3r f097ef96e0 Use && 2014-08-28 12:13:03 -05:00
sinn3r d0d9949d91 Do SSL options correctly 2014-08-28 12:04:14 -05:00
Luke Imhoff 5ab8fcd026
Remove realpath call from expected user_configurations_pathname
MSP-11153

realpath is not used in the actual code anymore because it doesn't work
for non-existent paths.
2014-08-28 11:51:25 -05:00
jvazquez-r7 58091b9e2b
Land #3708, @pedrib fix for manage_engine_dc_pmp_sqli 2014-08-28 10:47:03 -05:00
jvazquez-r7 d8c15766bd
Land #3567 @OJ's fixes to the MQAC local exploit solving conflicts 2014-08-28 10:19:47 -05:00
jvazquez-r7 9d3d25a3b3 Solve conflicts 2014-08-28 10:19:12 -05:00
Spencer McIntyre dd8690323a
Land #3722, fix typos in openssl ccs scanner 2014-08-28 10:50:18 -04:00
Matt Andreko 784ece574e Found additional typos. 2014-08-28 09:03:19 -05:00
Matt Andreko cb634cfef3 Fixed annoying typo that shows up in validation screenshots 2014-08-28 08:50:30 -05:00
Luke Imhoff 188f5d012a
Add scenario for no database.yml
MSP-11153
2014-08-27 22:02:16 -05:00
Luke Imhoff 7453f6fa3a
Project "database.yml" scenario
MSP-11153
2014-08-27 21:47:31 -05:00
Luke Imhoff e6750b985c
Add 'the' to make steps read better
MSP-11153
2014-08-27 21:38:46 -05:00
Luke Imhoff 972470c241
Ensure a fake project database.yml is used for scenarios
MSP-11153

Ensures that cucumber still works if config/database.yml is not set and
so other location is being used to run cucumber.
2014-08-27 21:36:23 -05:00
Luke Imhoff 496865e591
Order database.yml definitions to match precedence
MSP-11153
2014-08-27 21:15:00 -05:00
Luke Imhoff d752cdccf6
Remove unneeded command_line.yml
MSP-11153

Remove definition of command_line.yml in scenarios that don't use --yaml
flag.
2014-08-27 21:09:49 -05:00
Luke Imhoff b701ba5dcf
~/.msf4/database.yml scenario
MSP-11153
2014-08-27 20:57:08 -05:00
Luke Imhoff b1e745aa16
MSF_DATABASE_CONFIG scenario
MSP-11153
2014-08-27 20:33:52 -05:00
Tod Beardsley 6d45f75b47
Land #3690, credential_collect refactor
@TomSellers strikes again!
2014-08-27 18:31:59 -05:00
Tom Sellers 9b0c5dfb0c Minor fix 2014-08-27 18:31:13 -05:00
sinn3r 0ba2f1e457 Leave a note about the old empty password issue 2014-08-27 17:06:11 -05:00
Luke Imhoff 275fa5cb50
Remove unnecessary return
MSP-11153

Leftover from earlier design.
2014-08-27 16:58:45 -05:00
Luke Imhoff 83b6f268b4
Remove unnecessary realpath
MSP-11153

Causes errors on machines that don't have ~/.msf4 like travis-ci.
2014-08-27 16:58:05 -05:00
sinn3r d5b70cca24 "Auth bypass" does not really describe what the feature actually does 2014-08-27 16:56:07 -05:00
Luke Imhoff 2b2d9085d3
Add cucumber to test matrix
MSP-11153
2014-08-27 16:50:25 -05:00
Luke Imhoff bfc509c18a
Add feature that tests --yaml is favored over others
MSP-11153
2014-08-27 16:46:23 -05:00
sinn3r df215a380d Do not send 2 content-length headers 2014-08-27 16:05:08 -05:00
sinn3r a32ffc4c26 Add the final portion for Glassfish login module 2014-08-27 15:09:11 -05:00
Luke Imhoff 1857c6ae39
Add aruba
MSP-11153

aruba adds steps for testing commandline applications with cucumber.
2014-08-27 14:22:20 -05:00
Luke Imhoff 2f48f7c48c
rails generate cucumber:install
MSP-11153

Add cucumber-rails for testing msfconsole's loading of database.yml from
different paths.
2014-08-27 14:10:04 -05:00
Luke Imhoff 951ce15b44
Move database.yml selection to Metasploit::Framework::Database
MSP-11153

Test the following paths in order and only return them if the path
exists:

1. MSF_DATABASE_CONFIG environment variable
2. ~/.msf4/database.yml
3. <project>/config/database.yml
2014-08-27 12:01:43 -05:00
sinn3r 633eaab466
Land #3714 - Firefox 22-27 WebIDL Privileged Javascript Injection 2014-08-27 01:45:18 -05:00
sinn3r 5d8cbe0544 Early version of Glassfish using LoginScanner 2014-08-27 01:23:02 -05:00
Joe Vennix 26cfed6c6a
Rename exploit module. 2014-08-26 23:05:41 -05:00
Tod Beardsley bf2c390ff4
Land fix for #3712 typo 2014-08-26 20:38:00 -05:00
Joe Vennix 96276aa6fa
Get the disclosure date right. 2014-08-26 20:36:58 -05:00
Tod Beardsley c045c9606c
Fix typo in PR #3712
Fixes the typo pointed out in
rapid7#3712#discussion_r16750554

Derp
2014-08-26 20:36:28 -05:00
Joe Vennix 52f33128cd
Add Firefox WebIDL Javascript exploit.
Also removes an incorrect reference from another FF exploit.
2014-08-26 20:35:17 -05:00
Jon Hart 1f35c0ff1c
Merge #3713, @hmoore-r7's SIP cleanup of my SIP cleanup 2014-08-26 17:52:35 -07:00
Jon Hart 316a952e9c
Make SIP note, service and print output more similar 2014-08-26 17:47:31 -07:00
dmaloney-r7 8d26b66e2f Merge pull request #3689 from TomSellers/loginpalooza/vmauthd-creds-update
Credential Gem: LoginScanner - vmauthd_login ( Rebase of PR 3608)
2014-08-26 18:43:12 -05:00
Tom Sellers 4a1b037af0 Remaining files.. 2014-08-26 18:15:58 -05:00
Tom Sellers d5e39ae284 Adjustments for new LoginScanner code 2014-08-26 18:13:00 -05:00
jvazquez-r7 b37e1a5421 Solve conflicts 2014-08-26 17:51:37 -05:00
Tod Beardsley fe99f4b6e7
Land #3712, a nicer exploit-checker for msftidy 2014-08-26 16:59:56 -05:00
jvazquez-r7 0d9d722525 skip examples pending of pivotaltracker 38730815 2014-08-26 16:49:13 -05:00