Luke Imhoff
4858ae63bd
Thread class name for debugger has changed, so add new name
...
MSP-13484
2015-12-10 21:47:22 -06:00
wchen-r7
b1abfe898d
Update wordpress_xmlrpc_login
...
Replace the wordpress_xmlrpc_login code with
wordpress_xmlrpc_massive_bruteforce.rb, which should run a lot
faster.
2015-11-24 16:30:34 -06:00
Chris Doughty
f8a215e3cd
Adding changes to allow for easier version bumping
2015-11-09 15:56:03 -06:00
Brent Cook
be23da1c1f
Merge branch 'upstream-master' into land-6120-python-stageless
2015-10-30 17:26:26 -05:00
Samuel Huckins
f064fec0f1
Bumped version to 4.11.5
...
MSP-13377
2015-10-30 09:37:00 -05:00
Spencer McIntyre
810665847b
Add stageless python meterpreter to the payloads spec
2015-10-22 08:40:50 -04:00
William Vu
bd96e0ded2
Improve get_hash for Framework version
2015-10-15 16:22:45 -05:00
jvazquez-r7
3dd7fdfd95
Land #6055 , @wvu-r7's -q option for msfd
...
* Fixes #5770
2015-10-08 14:10:27 -05:00
William Vu
77fae28cd4
Add -q option to msfd to disable banner
2015-10-07 01:57:58 -05:00
jvazquez-r7
50249bd640
Update Metasploit::Framework::Tcp::Client to have SSLVerifyMode and SSLCipher into account
2015-09-28 13:57:08 -05:00
jvazquez-r7
1e4e5c5bae
Update ACPP login scanner to have into account advanced options
2015-09-28 13:50:20 -05:00
jvazquez-r7
3529cdad7b
Add attributes
2015-09-28 13:30:10 -05:00
Jon Hart
0bb9324c8d
Pass HTTP::version_random_valid and HTTP::version_random_invalid
...
Fixes #5871
2015-08-20 10:05:42 -07:00
Brent Cook
0b6a52e162
bump metasploit-framework gemspec version to match pro
2015-08-04 14:25:44 -05:00
Brent Cook
e53419a911
use password_prompt? not @password_prompt
2015-07-27 19:21:59 -05:00
Brent Cook
8349a274ea
use and include git hash of Framework as part of the version
...
Because we do not always update the version number, multiple releases have
shown version string, which is not useful for helping debug issues, or for
knowing what features are enabled.
This adds the git hash or reads from a file a copy of the git hash (useful for
doing packaged builds without git) so that it is clear the origin of a
particular metasploit-framework version.
2015-07-10 18:03:37 -05:00
Samuel Huckins
174c90ccde
Updating version to match current
...
* This will be changed to the most recent git hash for next round,
at least making accurate for now.
2015-07-06 10:28:34 -05:00
wchen-r7
b4656f43a4
Fix #5616 , Save username before stop_on_success breaks the task
...
Fix #5616
2015-06-26 18:04:18 -05:00
wchen-r7
da779b1101
Fix login for 9.1
2015-06-26 13:52:44 -05:00
wchen-r7
8e4fa80728
This looks good so far
2015-06-24 19:30:02 -05:00
wchen-r7
d59c418df6
Fix #5591
...
Fix #5591
2015-06-23 19:10:14 -05:00
wchen-r7
1af12fd11f
Glassfish version 9
2015-06-23 19:09:14 -05:00
Brent Cook
e696d2f3dc
Merge branch 'master' into land-5348-ntds
2015-06-22 17:18:13 -05:00
Brent Cook
732192aeaf
move ntds from priv to extapi
2015-06-22 09:04:08 -05:00
wchen-r7
0b0cc3631b
Land #5569 , Correct service name for mssql for scanner detection
2015-06-19 15:33:05 -05:00
wchen-r7
bd097e3264
Land #5497 , Refactor LoginScanner::SNMP to be fast and less buggy
2015-06-19 14:57:36 -05:00
Greg Mikeska
d672ac1601
Correct service name for mssql for scanner detection
2015-06-19 13:54:31 -05:00
Brent Cook
7f27fd0cf2
adjust for user name size changes
2015-06-18 11:17:08 -05:00
HD Moore
7c91aee7a8
Dont use a "connected" to keep compat with BSD
2015-06-09 20:33:46 -05:00
David Maloney
2a474c8375
Merge branch 'master' into feature/MSP-12358/ntds-dump-module
2015-06-08 11:42:03 -05:00
HD Moore
fe09d9888e
Small rework of the spinners, clear the line when done
2015-06-06 14:30:42 -05:00
HD Moore
cec20ec5d9
Handle a rare corner case
2015-06-06 11:46:19 -05:00
HD Moore
6b05302059
Fixes #5459 , refactors LoginScanner::SNMP
2015-06-06 00:50:55 -05:00
David Maloney
5d68a8167b
handle unicode changes
...
changed everything to utf-8 , so several sizes
on the ruby side needed to be changed to account for this
MSP-12358
2015-06-02 12:46:21 -05:00
Samuel Huckins
4890882beb
Merge branch 'master' of git://github.com/rapid7/metasploit-framework
2015-05-21 15:03:17 -05:00
Samuel Huckins
e2c6742c1b
Merge branch 'master' of git://github.com/rapid7/metasploit-framework
2015-05-18 13:44:01 -05:00
David Maloney
7376d4d94e
account for public only credentials in #to_s
...
SNMP in particular will only have a public, so we need
to account for this so we don't output poorly formed text
with a trailing ':' char
5266
2015-05-18 13:42:15 -05:00
jvazquez-r7
d05cae5faf
Land #5329 , @wchen-r7's add configurable options to jenkins_login
2015-05-15 11:38:21 -05:00
David Maloney
ac04b8d1e7
a little bit of cleanup
...
constantise some of the magic numbers in
the NTDS Account class
MSP-12358
2015-05-15 10:47:31 -05:00
David Maloney
724b7c6f16
save the ntlm hases as creds
...
the last step is now complete. the current and historical
hashes are all saved to the database for cracking and/or
replay
MSP-12358
2015-05-14 13:52:11 -05:00
David Maloney
6e813f6abd
Merge branch 'master' into feature/MSP-12357/meterp-ntds
2015-05-14 10:30:48 -05:00
Samuel Huckins
9fafb645dd
Updating Rails version comment
2015-05-13 09:37:32 -05:00
Brent Cook
9549d572cc
Land #5280 , update to Ruby on Rails 4.0
...
This upgrades a number of other gems as a side-effect.
2015-05-12 16:48:49 -05:00
David Maloney
f3effe5fbb
some minor cleanup
...
cleanup based on feedback from Kronicdeth
MSP-12357
2015-05-11 11:17:58 -05:00
wchen-r7
1cc44cfc31
An alternative for normalize_uri
...
normalize_uri doesn't seem to work very well in our case, so
we do our own thing here.
2015-05-11 10:42:26 -05:00
wchen-r7
10982f0a1a
Login url should normalize too
2015-05-11 10:18:09 -05:00
wchen-r7
d8cc2c19d3
Fix #5315 , User configurable options for jenkins_login
...
Fix #5315 . This patch allows the user to configure the HTTP method
for the login, as well as the URL.
2015-05-11 10:15:49 -05:00
William Vu
508574970c
Land #5307 , Brocade login scanner resurrection
2015-05-07 22:43:39 -05:00
William Vu
8d3737d13c
Fix some stylistic issues
2015-05-07 22:43:23 -05:00
William Vu
669df591f2
Pull default connection_timeout into constant
2015-05-06 13:18:00 -05:00
William Vu
d4aed08260
Fix typo
2015-05-06 13:17:58 -05:00
William Vu
0939bbc710
Set default retries/version for SNMP LoginScanner
...
Set in snmp_login but missed in the LoginScanner.
MSP-12668
2015-05-06 13:17:40 -05:00
Brent Cook
93c785560b
remove brocade_telnet scanner, extend telnet
...
Rather than duplicate the entire telnet scanner, add a pre-login hook that a
module can use to extend the behavior on connect. This also adds a local
pass-through print_error method like http has.
2015-05-05 21:19:46 -05:00
root
6b5aaa5479
brocade enable command bruteforcer
2015-05-05 21:16:23 -05:00
David Maloney
1a8e8c624c
Merge branch 'master' into feature/MSP-12357/meterp-ntds
2015-05-05 11:07:36 -05:00
darkbushido
26e7fe15f9
Merge branch 'upstream' into staging/rails-4.0
...
Conflicts:
Gemfile.lock
2015-05-05 11:00:38 -05:00
jvazquez-r7
c6806b4e5f
Land #5102 , @wchen-r7's ManageEngine Desktop Central Login Utility
2015-05-01 15:20:21 -05:00
jvazquez-r7
3e7c790db8
Use constants
2015-05-01 15:15:18 -05:00
darkbushido
0b608e139a
Merge branch 'upstream' into staging/rails-4.0
2015-05-01 11:26:24 -05:00
David Maloney
2bbae6b9c2
add #to_s to ntds account
...
added to_s method to the NTDS account
for easy output
MSP-12357
2015-05-01 11:24:23 -05:00
David Maloney
acb833bd09
NTDS::Parser class built out
...
the NTDS Parser class will take a meterpreter
client and a fielpath and provide an enumerator for reading
out the user accounts as ruby objects
MSP-12357
2015-04-30 14:57:30 -05:00
Brent Cook
4c9f44b00c
Revert "Land #4888 , @h00die's brocade credential bruteforcer"
...
There were some issues with this module that caused backtraces when run outside
of msfconsole. Reverting it for now so we can add some specs and ensure that it
works like the other login scanners.
2015-04-29 15:36:03 -05:00
David Maloney
2847bc8a6b
a little more yard
2015-04-29 14:53:08 -05:00
David Maloney
1f66840533
add YARD docs to NTDS Account
...
added yard around the attrs for the NTDS::Account
class
MSP-12357
2015-04-29 12:53:54 -05:00
Matt Buck
8163c3cdda
Merge branch 'master' into staging/rails-4.0
...
Conflicts:
Gemfile.lock
plugins/nessus.rb
2015-04-28 15:33:46 -05:00
David Maloney
6c77c4bb52
opening groundwork
...
added a priv extension method to open
a stream channel to read ntdsaccounts from
and an NTDS account class to accept the
data and parse it into a useable structure
MSP-12357
2015-04-24 15:50:12 -05:00
Brent Cook
3963289519
Land #4888 , @h00die's brocade credential bruteforcer
2015-04-21 18:27:03 -05:00
Brent Cook
8aca4539c9
Land #5152 , undefined var in WinRM_Login
2015-04-20 23:01:11 -05:00
William Vu
2bdcc178ef
Remove extraneous addition
2015-04-16 02:30:09 -05:00
William Vu
42ff0decc7
Land #4722 , timing options for snmp_login
2015-04-16 02:25:29 -05:00
William Vu
88062a578d
Clean up PR
2015-04-16 02:25:06 -05:00
Matt Buck
e82fb5f836
Merge branch 'master' into staging/rails-4.0
...
Conflicts:
Gemfile.lock
lib/msf/ui/console/command_dispatcher/db.rb
metasploit-framework-db.gemspec
metasploit-framework.gemspec
2015-04-15 14:04:35 -05:00
Meatballs
926db59a8c
credential doesn't exist in this context
2015-04-15 15:48:21 +01:00
Luke Imhoff
c971bc930c
Mark app/concerns as autoload
...
To work with metasploit-concern 0.4.0 prerelease not deriving
app/concerns from root and to ensure it is does not inherit eager_load
from app.
2015-04-14 15:06:59 -05:00
Luke Imhoff
4c407ce962
Merge branch 'bug/MSP-12529/missing-require-metasploit-credential' into bug/MSP-12550/app-concerns-eager-load
...
MSP-12550
2015-04-14 14:42:54 -05:00
root
19fe226b30
Correct a minor typo
2015-04-10 22:37:14 +05:00
sinn3r
90d525088c
Green rspec
2015-04-10 11:36:23 -05:00
root
8c0d5d66d0
Add spec file
2015-04-10 15:32:03 +05:00
Luke Imhoff
8b56286e66
Try to require 'metasploit/credential' when including Metasploit::Credential::Creation
...
MSP-12529
By convention, the top-level require of any gem should always be
required before trying to use any inner require.
2015-04-09 09:05:38 -05:00
root
b6e750d7eb
Nessus auxiliary scanner for updated REST API
2015-04-09 11:36:17 +05:00
sinn3r
59d89f4846
rm junk comments
2015-04-09 00:59:14 -05:00
sinn3r
f51eaef765
Add rspec
2015-04-08 02:33:27 -05:00
sinn3r
5f389cf3c2
Add ManageEngine Desktop Central Login Utility
2015-04-08 02:05:56 -05:00
Matt Buck
5e2d6c27c3
Merge branch 'master' into staging/rails-4.0
...
Conflicts:
Gemfile.lock
db/schema.rb
lib/msf/core/db_manager/session.rb
metasploit-framework-db.gemspec
2015-04-06 11:27:00 -05:00
jvazquez-r7
6c36a82f78
Land #5059 , @void-in's documentation clean up
2015-04-03 14:16:34 -05:00
jvazquez-r7
fe5ddc01ad
Fix return documentation
2015-04-03 14:16:06 -05:00
Fernando Arias
6455862484
Merge branch 'staging/rails-4.0' of github.com:rapid7/metasploit-framework into staging/rails-4.0
...
Conflicts:
Gemfile.lock
metasploit-framework.gemspec
2015-04-03 13:56:38 -05:00
root
0dd987d873
Updated as per jlee-r7 feedback
2015-04-03 10:17:54 +05:00
David Maloney
1684bfec9e
add missing data to loginscanner results
...
the chef web ui and symantec web gateway
loginscanners do not save the target(host/port/proto) info
in the Result object. This can cause modules to break as they
expected the Result to contain that information
MSP-12499
2015-04-02 13:53:45 -05:00
root
4ba761986f
Correct YARD doc comments
2015-04-02 16:14:25 +05:00
David Maloney
103373a7eb
add back accidentally remvoed error
...
accidentally dropped Errno::ETIMEDOUT from the exception
handling
MSP-12389
2015-03-30 11:19:28 -05:00
David Maloney
441feec360
fix missing exception handling
...
a few of our http login scanners needed to
handle a couple of other exception classes
for when network communication errors occur
MSP-12389
2015-03-27 12:31:14 -05:00
sinn3r
6e3e696262
Use symantec_web_gateway as an example of using send_request
2015-03-25 10:55:46 -05:00
sinn3r
60f1d9c961
More yard doc
2015-03-25 10:50:11 -05:00
sinn3r
9b9e157e84
More yard doc
2015-03-25 02:26:06 -05:00
sinn3r
ded500a9ae
Use send_request
2015-03-25 02:13:40 -05:00
sinn3r
6984e5234e
Fix a typo
2015-03-25 02:01:25 -05:00
sinn3r
8a8d6fb5ab
Some more changes
2015-03-25 02:00:23 -05:00
sinn3r
855cadc6b1
Rescue more exceptions
...
The attempt_login method is rescuing these exceptions, so maybe
I should do the same.
2015-03-25 01:48:37 -05:00
sinn3r
8f95624bf7
Add #send_request to Metasploit::Framework::LoginScanner::HTTP
2015-03-25 01:40:02 -05:00