939e585658
refactor all loginscanners
...
loginscanners now use LoginStatus constants
for the result statuses
2014-07-15 13:17:56 -05:00
846679bef9
change Result status
...
result bojects now use Login::status constants
for their status
2014-07-15 11:39:38 -05:00
4b16985eb8
Stop trying more creds for a user after success
...
This is more like the behavior of the old AuthBrute mixin, where a
scanner module was expected to return :next_user in the block given to
each_user_pass when it successfully authenticated.
The advantage is a reduced number of attempts that are very unlikely to
be successful since we already know the password. However, note that
since we don't compare realms, this will cause a false negative in the
rare case where the same username exists with different realms on the
same service.
MSP-10686
2014-07-10 17:48:58 -05:00
8833429987
make shared example usage more readable
...
this seems less obtuse
2014-07-10 12:58:13 -05:00
7dc58d060e
make only one each method
...
made the one true enumerator of credentials
for the login_scanner.
also covered the wierd http case where it can have a realm key
but no default realm.
2014-07-10 12:35:09 -05:00
25ee278097
strip vestigial realms
...
in the cases where we don't want a realm we should be
stripping it from the credential so we can build accurate results
2014-07-09 17:46:56 -05:00
c7b37743ef
working realm coercion
...
LoginScanners will now figure out
the right thing to do about Realms
based on attributes of the Scanner itself
2014-07-09 15:56:39 -05:00
24fced822e
coerce realm_key when it exists
...
if the cred has a realm and the loginscanner
has a realm_key, make the credential use the
scanner's realm key
2014-07-09 14:58:20 -05:00
766b50b5e0
REALM_KEY not _TYPE
...
arg typos
2014-07-09 14:01:41 -05:00
cff2e1a1c1
And remove specs referencing obsolete accessors
2014-07-07 12:37:14 -05:00
c1877cfba2
fixing the broken to_credential test
...
MSP-9912
2014-06-27 10:06:38 -05:00
b5351eec2b
adding .to_credential
...
Metasploit::Framework::Credential and Metasploit::Credential::Core
need to be consumable by the login scanners. the easiest way to do this
was to create a shared to_credential method on both that return Metasploit::Framework::Credential
MSP-9912
2014-06-26 11:05:59 -05:00
07d548caeb
dropping lib from shared examples
...
MSP-9912
2014-06-25 14:32:43 -05:00
af99c0c01e
Remove `should_receive(:with_connection)` from specs
...
MSP-10127
Causes specs to randomly fail when with_connection calls from
before(:each) or after(:each) are intercepted by the should_receive
call.
2014-06-19 16:24:53 -05:00
ff8e6d2c50
Merge pull request #45 from rapid7/feature/MSP-9988/credential-collection
...
Add a CredCollection class and refactor WinRM bruteforce module
2014-06-06 11:53:28 -05:00
90b52814b1
fix some spec issues for recent changes
2014-06-06 11:52:49 -05:00
5ae5448005
Join killed threads to ensure cleanup
...
MSP-9653
2014-06-05 12:40:24 -05:00
ca63d2201e
Update init_module_paths spec to match Rails::Engine behavior
...
MSP-9653
2014-06-02 14:26:35 -05:00
5d1a0397ed
Add Tomcat login scanner
2014-05-21 14:28:54 -05:00
9582d82fba
Merge remote-tracking branch 'private/staging/electro-release' into feature/MSP-9687/winrm-loginscanner
2014-05-15 13:59:48 -05:00
99f8fbbc9c
Add WinRM login scanner
...
* Genericizes HTTP a bit to make these kinds of HTTP-based scanners
simpler and easier
* Adds support for default ports to HTTP. This should probably be
rafactored up into Base
* Removes spec that complains about port being unset (which now fails
because defaults ensure it's always set)
2014-05-14 14:35:49 -05:00
acaf713229
Merge pull request #17 from rapid7/feature/MSP-9606/metasploit-credential
...
Run migrations from Metasploit::Credential and initialize its concerns which patch Mdm
2014-05-14 11:15:07 -05:00
08a7acef3f
Make sure fail case is correct
...
`rand(1000)` would return 0 one in a thousand times, causing this test to
randomly fail at that interval
2014-05-14 10:22:47 -05:00
3370465d84
Use railties to load Metasploit::Credential correctly
...
MSP-9606
In order to support Metasploit::Credential correctly,
metasploit-framework needs to support Metasploit::Concern, which does
all its magic using a Rails::Engine initializer, so the easiest path is
to make metasploit-framework be able to use Rails::Engines. To make
Rails::Engine use Rails::Engine, make a dummy Rails::Application
subclass so that all the initializers will be run when anything requires
msfenv.
2014-05-12 15:03:51 -05:00
3831042dca
Add specs, validations for LoginScanner::SMB
2014-05-09 18:58:49 -05:00
acbff23c32
final wrap-up specs
...
successkid.jpg
2014-05-07 16:07:18 -05:00
ec974535ac
create base object for mssql scanner
...
created skeleton for MSSQL Loginscanner
included concerns.
also added an NTLM concern and shared example group
2014-05-07 14:43:15 -05:00
507fe566a4
Merge branch 'master' into staging/electro_release
2014-05-06 11:36:19 -05:00
5e6f57f711
fix up some more specs
...
some spec cleanup and added basic specs
to the HTTP LoginScanner
2014-05-01 12:10:51 -05:00
0dd22395eb
use credential objects inside results
...
altered results to just hold a credential
object instead of duplicating attributes
2014-04-30 17:17:57 -05:00
4995fcdced
Shared Examples for RexSocket mixin
...
shared example group for the Loginscanner RexSocket
mixin. Pretty simple stuff, just trying to keep it
DRY.
2014-04-30 15:47:52 -05:00
1cd3f3f0da
finished first shared example group
...
base behaviour is now defined in shared
example group and the specs all use that
shared example group
2014-04-30 14:40:37 -05:00
a4cc311106
test base behaviour in shared examples
...
start moving specs to a shared example group
for all behaviour defined by the LoginScanner
Base
2014-04-30 14:35:29 -05:00
f35314b9f0
adjust Msf::Util::EXE for newer file output
...
Newer releases of File have a much different output when given a jar
file. Adjust regex per egyp7's suggestion to close bug 8792 on redmine.
Failure/Error: verify_bin_fingerprint(format_hash, bin)
expected: /zip/i
got: "/dev/stdin: Java archive data (JAR)\n" (using =~)
Tested and confirmed working with file 5.17 on Gentoo Linux.
2014-04-22 02:21:09 -05:00
cce354762d
Altered case by request
2013-12-31 16:09:11 -08:00
fc792bdaae
Fix for Rspec failure in Msf::Util::EXE
...
[FixRM #8723 ]
2013-12-21 02:49:44 -07:00
8ab7964aa7
improve regex
2013-11-11 15:29:34 -06:00
9b3211af6b
Add regex patterns for OSX files
2013-11-11 15:20:00 -06:00
2e8d19edcf
Retab all the things (except external/)
2013-09-30 13:47:53 -05:00
8a9843cca6
Merge upstream/master
2013-09-27 20:02:23 +01:00
695fdf836c
Generate NonUAC MSIs
2013-09-21 13:13:18 +01:00
85ea9ca05a
Merge branch 'master' of github.com:rapid7/metasploit-framework into msi_payload
2013-09-21 12:49:38 +01:00
11bdf5d332
New pull
2013-09-19 19:57:38 +01:00
35ec21cc97
Update test gems
...
This should not affect core Metasploit Framework as it only updates gems
in the test group (and dependencies of those gems).
2013-09-06 09:34:05 -05:00
4760000bca
Replace mock with double in specs
...
mock is deprecated - https://www.relishapp.com/rspec/rspec-mocks/docs
2013-09-06 09:34:05 -05:00
53c3f6b2db
Deconflict
2013-08-30 10:52:42 +01:00
eba6762977
Land #2270 , Util::EXE refactor
...
With a minor rebase to fix a commit message
[Closes #2270 ]
Conflicts:
spec/support/shared/contexts/msf/util/exe.rb
2013-08-28 21:49:59 -05:00
fbbfb0a26d
Merge and rescue ex correctly
2013-08-28 21:39:56 -05:00
239fd4840e
Update spec
2013-08-25 19:21:05 +01:00
9ea17ef1e1
Merge upstream
2013-08-24 03:34:02 +01:00
David Maloney
James Lee
Lance Sanchez
Luke Imhoff
Rick Farina (Zero_Chaos)
Timothy Swartz
sinn3r
Tab Assassin
Meatballs
Brandon Turner