sinn3r
4fb58202fa
Land #3529 - Handle Rex::AddressInUse exception
2014-07-16 13:57:41 -05:00
cdoughty-r7
1ad04eb2d9
Merge pull request #111 from rapid7/bug/MSP-10714-gem-version
...
Fix gem version to support rubygems < 2.1
2014-07-16 13:23:33 -05:00
Brandon Turner
e637237574
Use the Rubygems 2.2 version convention
...
Substitute version dashes with ".pre.".
MSP-10714
2014-07-16 11:13:14 -05:00
David Maloney
52a29856b3
Merge branch 'master' into staging/electro-release
...
Conflicts:
Gemfile
Gemfile.lock
2014-07-16 09:38:44 -05:00
Brandon Turner
044fdb8c55
Fix gem version to support rubygems < 2.1
...
MSP-10714
2014-07-15 19:02:39 -05:00
sinn3r
f8e47a5c61
Land #3524 - WPTouch fileupload exploit
2014-07-15 16:29:59 -05:00
David Maloney
ea57ad0126
fix connection error on base
...
missed a reference to connection_error on the
loginscanner base. this would prevent us from
bailing out early if we have too many connection errors
2014-07-15 16:21:13 -05:00
David Maloney
7ac6640cfd
Merge branch 'staging/electro-release' into feature/MSP-10711/login-status
...
Conflicts:
Gemfile
Gemfile.lock
modules/auxiliary/scanner/smb/smb_login.rb
2014-07-15 15:12:33 -05:00
dmaloney-r7
4d3bfcf9d0
Merge pull request #109 from rapid7/bug/MSP-10713/smb-error-code
...
Move error_name to InvalidPacket and check for nil
2014-07-15 15:10:37 -05:00
James Lee
51a9a763c0
Move error_name to InvalidPacket and check for nil
...
MSP-10713
2014-07-15 15:02:53 -05:00
David Maloney
34635ab968
module login status cleanup
...
cleanup several bruteforce module to
use the loginstatus constants for result status
2014-07-15 14:55:41 -05:00
David Maloney
9857bac6b1
add NO_AUTH_REQUIRED
2014-07-15 14:38:41 -05:00
Trevor Rosen
6a1149c1ed
Add missing origin
...
MSP-9948
2014-07-15 13:27:08 -05:00
David Maloney
939e585658
refactor all loginscanners
...
loginscanners now use LoginStatus constants
for the result statuses
2014-07-15 13:17:56 -05:00
David Maloney
846679bef9
change Result status
...
result bojects now use Login::status constants
for their status
2014-07-15 11:39:38 -05:00
jvazquez-r7
09619abe79
Catch AddressInUse when running commands from the meterpreter console
2014-07-15 11:15:10 -05:00
Christian Mehlmauer
29bb788d96
Better login detection for wordpress
2014-07-15 07:04:14 +02:00
Trevor Rosen
0966949203
Merge branch 'staging/electro-release' into feature/MSP-9948/update-db-import
...
Upstream merge
Conflicts:
Gemfile
Gemfile.lock
2014-07-14 17:59:54 -05:00
Trevor Rosen
aca627489e
Pass workspace down in import of creds dump
...
MSP-9948
2014-07-14 16:40:41 -05:00
James Lee
de22aeba41
Land #3481 , meterpreter bins
2014-07-14 15:57:52 -05:00
dmaloney-r7
f3ec386240
Merge pull request #106 from rapid7/feature/MSP-10686/stop-after-user-success
...
Feature/msp 10686/stop after user success
2014-07-14 14:56:23 -05:00
Christian Mehlmauer
144c6aecba
Added WPTouch fileupload exploit
2014-07-14 21:35:18 +02:00
dmaloney-r7
7184d2ed5e
Merge pull request #107 from rapid7/feature/MSP-9704/pop3-module-refactor
...
Refactor pop3_login
2014-07-14 13:27:11 -05:00
Tod Beardsley
96554a4967
Remove this errant test::unit test
2014-07-14 10:57:32 -05:00
Trevor Rosen
b05b2657bc
Now importing creds dumps inside msf zips
...
MSP-9948
2014-07-13 11:07:01 -05:00
James Lee
e68dcdbb06
Refactor pop3_login
...
Also adjusts timeout in the scanner class to account for Dovecot's
default "Authentication Penalty" delay.
See http://wiki2.dovecot.org/Authentication/Penalty
2014-07-11 17:26:49 -05:00
William Vu
79603c9a73
Land #3505 , a bunch o' Linux post module fixes
2014-07-11 12:39:31 -05:00
Trevor Rosen
cc93dbbe29
Merge pull request #102 from rapid7/feature/MSP-9707/smb-bruteforce-refactor
...
Feature/msp 9707/smb bruteforce refactor
MSP-9707 #land
2014-07-11 11:33:12 -05:00
James Lee
4b16985eb8
Stop trying more creds for a user after success
...
This is more like the behavior of the old AuthBrute mixin, where a
scanner module was expected to return :next_user in the block given to
each_user_pass when it successfully authenticated.
The advantage is a reduced number of attempts that are very unlikely to
be successful since we already know the password. However, note that
since we don't compare realms, this will cause a false negative in the
rare case where the same username exists with different realms on the
same service.
MSP-10686
2014-07-10 17:48:58 -05:00
Joshua Smith
dbe9b47937
lands 3469, fixes handler deadlock in corner cases
...
May affect the following RM issues which need to be retested:
https://dev.metasploit.com/redmine/issues/8407
https://dev.metasploit.com/redmine/issues/4314
https://dev.metasploit.com/redmine/issues/6829
2014-07-10 16:20:33 -05:00
James Lee
097d5d68ce
Display 'realm\user' for AD instead of 'user@realm'
2014-07-10 14:31:42 -05:00
James Lee
e4039c2382
Merge branch 'staging/electro-release' into feature/MSP-10679/refactor-invalidate-login
2014-07-10 14:00:28 -05:00
Tod Beardsley
688c31cc44
Switch to a space. It gets eaten anyway.
2014-07-10 13:59:30 -05:00
James Lee
147c6d8160
Merge branch 'feature/MSP-10660/realm_adjustments' into staging/electro-release
2014-07-10 13:52:21 -05:00
Tod Beardsley
5bb3c8a581
Make merged module descriptions more grammar.
2014-07-10 13:31:57 -05:00
David Maloney
818bd1946d
final tweak for the http case
...
the only scenario in our final else that
would have a realm in the credential is the
http case in which case we want the realm to be there
still. otherwise the credential in this case has no
realm anyways so there is no need to strip one off
2014-07-10 12:39:01 -05:00
David Maloney
7dc58d060e
make only one each method
...
made the one true enumerator of credentials
for the login_scanner.
also covered the wierd http case where it can have a realm key
but no default realm.
2014-07-10 12:35:09 -05:00
Samuel Huckins
5b1dc39caf
Filler task dropped, login results in task assoc
...
MSP-10683
* Task constraint now optional, so no need for filler
* Task ID now in service_data so it's passed to the core and the login
creation methods
2014-07-10 12:32:40 -05:00
David Maloney
a319d5270e
set default connection tiemouts
...
loginscanners should have a default connection timeout
2014-07-10 11:35:10 -05:00
David Maloney
87e6ede123
Merge branch 'master' into staging/electro-release
2014-07-10 08:44:12 -05:00
David Maloney
1a0200f711
one more strip
2014-07-09 17:50:28 -05:00
David Maloney
25ee278097
strip vestigial realms
...
in the cases where we don't want a realm we should be
stripping it from the credential so we can build accurate results
2014-07-09 17:46:56 -05:00
James Lee
bb3525419e
Rescue the right thing
...
MSP-9707
2014-07-09 17:44:53 -05:00
Tod Beardsley
038d1e210a
Merge upstream/master to deconflict.
...
Conflicts:
Gemfile.lock
2014-07-09 17:43:42 -05:00
Joshua Smith
3a41bd983e
changes 'module' back to 'script', makes more sense
2014-07-09 17:25:39 -05:00
Joshua Smith
a9e43c308e
removes lingering debug lines, changes word script to module
2014-07-09 17:05:35 -05:00
Joshua Smith
8bbaecc726
adds some additional protection against capilization issues
2014-07-09 16:46:28 -05:00
Joshua Smith
172bc450b3
adds TARGET to 'to_neuter' list
2014-07-09 16:46:28 -05:00
Joshua Smith
f4942eccd4
cleans up comments, line lengths, dup/clone
2014-07-09 16:46:28 -05:00
Joshua Smith
51db859432
uses exploit_type vs category, thx egypt
2014-07-09 16:46:28 -05:00
linuxchuck
ee56828bf7
New updates to scriptable.rb for payload/target
...
Additional w00t for your pwning pleasure.
2014-07-09 16:46:27 -05:00
Joshua Smith
62785784c6
adds explicit TARGET setting
2014-07-09 16:46:27 -05:00
Joshua Smith
cf595d6a10
fixes alias_method call
2014-07-09 16:46:27 -05:00
Joshua Smith
13f5450e53
uses clone instead of dup
2014-07-09 16:46:27 -05:00
Joshua Smith
bb13590f02
first shot at letting scriptable.rb handle local exploits
2014-07-09 16:46:27 -05:00
Joshua Smith
c957d0a1e7
adds category to msf/core/module.rb
2014-07-09 16:46:27 -05:00
David Maloney
0c4e53ce5a
fix up specs
...
a whole bunch of spec changes needed for
these changes.
alos the axis2 spec was actually testing the winrm
class due to copypasta error.
2014-07-09 16:32:59 -05:00
David Maloney
c7b37743ef
working realm coercion
...
LoginScanners will now figure out
the right thing to do about Realms
based on attributes of the Scanner itself
2014-07-09 15:56:39 -05:00
David Maloney
24fced822e
coerce realm_key when it exists
...
if the cred has a realm and the loginscanner
has a realm_key, make the credential use the
scanner's realm key
2014-07-09 14:58:20 -05:00
David Maloney
766b50b5e0
REALM_KEY not _TYPE
...
arg typos
2014-07-09 14:01:41 -05:00
James Lee
7d9c0da691
Record correct creds with non-success status
2014-07-09 13:26:49 -05:00
James Lee
afe36ab6ad
Merge branch 'staging/electro-release' into feature/MSP-9707/smb-bruteforce-refactor
...
Conflicts:
lib/metasploit/framework/login_scanner/smb.rb
2014-07-09 12:50:24 -05:00
David Maloney
7325cfec64
add default realm values
...
for the scanners that take a realm
we know what the default realm to try is
so the Scanner should hold that info
2014-07-09 11:19:25 -05:00
David Maloney
bc18ca5762
add REALM_KEY to each LoginScanner
...
each LoginScanner should now know
what kind of REALM it takes
2014-07-09 10:53:37 -05:00
Trevor Rosen
a27c1d7dcc
Importing old export, making new models
...
MSP-9948
2014-07-08 19:14:26 -05:00
jvazquez-r7
c19deddfb1
Delete debug messages
2014-07-08 16:24:45 -05:00
jvazquez-r7
c25c5f6806
Make linux gather post modules compatible with meterpreter
2014-07-08 16:23:57 -05:00
dmaloney-r7
b65989ff0c
Merge pull request #100 from rapid7/bug/MSP-10661/glob-rb-files
...
Use glob instead of entries
2014-07-08 14:29:24 -05:00
Trevor Rosen
79054fae20
Remove credentials exportation from XML
...
MSP-9948
2014-07-08 12:03:32 -05:00
William Vu
4eeab66ebe
Land #3497 , comma-separated get_cookies
2014-07-08 11:00:40 -05:00
James Lee
567435f508
Use glob instead of entries
...
Fixes the case where a non-ruby file exists in the login_scanner/
directory
2014-07-08 11:00:33 -05:00
Trevor Rosen
8436adb5f8
Make XML export work with new backend
...
MSP-9948
* XML data looks ok in spot check
2014-07-08 09:40:15 -05:00
AnwarMohamed
a513f403ba
fixing bugs
2014-07-08 10:58:48 +02:00
AnwarMohamed
ead7b35aa9
formating
2014-07-08 10:48:24 +02:00
AnwarMohamed
6e0bc763ff
formating
2014-07-08 10:46:16 +02:00
AnwarMohamed
656da8a63b
android extension
2014-07-08 04:56:04 +02:00
AnwarMohamed
34dcb609e2
android extension
2014-07-08 04:52:06 +02:00
David Maloney
38419dae83
fix to_credential on core
...
the Metasploit::Credential::Core to_credential
method now seats private_type and realm_key correctly
2014-07-07 18:05:04 -05:00
David Maloney
aeda74f394
Merge branch 'master' into staging/electro-release
...
Conflicts:
Gemfile
Gemfile.lock
2014-07-07 16:41:23 -05:00
David Maloney
2c13ff4038
Merge branch 'staging/electro-release' into feature/MSP-10656/unify-ssh-scanners
2014-07-07 16:32:39 -05:00
dmaloney-r7
db8b0c907b
Merge pull request #94 from rapid7/feature/MSP-10648/login-scanner-creation
...
Feature/msp 10648/login scanner creation
2014-07-07 16:04:09 -05:00
Trevor Rosen
1d7de8fef9
Mid-work commit
...
MSP-9848
2014-07-07 15:44:29 -05:00
dmaloney-r7
c4c7ff519f
Merge pull request #96 from rapid7/feature/MSP-10657/add-private-type
...
Add private_type and realm_key accessors to Framework::Credential
2014-07-07 15:43:18 -05:00
David Maloney
b52c13228c
make private_type validation conditional
...
there are times when this won't be filled in
but the credential is still valid
2014-07-07 15:40:52 -05:00
James Lee
2a9ac0a007
Axe SSHKey in favor of a unified SSH
2014-07-07 13:35:17 -05:00
James Lee
71cbbc5388
Merge branch 'feature/MSP-10648/login-scanner-creation' into feature/MSP-10656/unify-ssh-scanners
2014-07-07 13:19:34 -05:00
James Lee
b7cfc927c4
Add private_type and realm_key accessors
2014-07-07 13:07:28 -05:00
James Lee
5c406a2aa5
Remove successes and failures
...
No reason to store them and they could fill a ton of unnecessary memory.
2014-07-07 12:33:15 -05:00
James Lee
7035064f3d
Assignment alignment for Dave
2014-07-07 12:30:04 -05:00
OJ
bdf27b1834
Fix up the TLVs that are now QWORD values in MSF
...
Various values were adjusted to become QWORD values in MSF an windows
meterpreter, but the changes were not ported over to python, php and
java. This commit fixes this inconsistency.
2014-07-07 10:42:58 -05:00
James Lee
8df3ada087
Better docs
2014-07-07 10:18:42 -05:00
James Lee
325d2d25b9
Fix requires and derp typos
2014-07-07 10:09:45 -05:00
HD Moore
ab7848a895
Merge master for testing of #2809
2014-07-06 22:27:58 -05:00
jvazquez-r7
f51feb7f52
Modify get_cookies regular expression
2014-07-06 13:22:31 -05:00
HD Moore
43d65cc93a
Merge branch 'master' into feature/recog
...
Resolves conflicts:
Gemfile
data/js/detect/os.js
modules/exploits/android/browser/webview_addjavascriptinterface.rb
2014-07-06 09:17:44 -05:00
Brandon Perry
68a0e7c16e
Create sqlmap_session.rb
2014-07-04 10:53:37 -05:00
Brandon Perry
88c44bf4f5
Create sqlmap_manager.rb
2014-07-04 10:53:14 -05:00
Tod Beardsley
a471f298a5
Merge #3476 into #3481 for meterpreter smilies
...
This incoporates @OJ's fixes as a result of gemification.
2014-07-03 22:54:56 -05:00
James Lee
311f43f1e4
Constpocalypse
2014-07-03 18:49:46 -05:00
Trevor Rosen
c1fc68e1b1
Replace to_pwdump internals
...
MSP-9948
2014-07-03 15:41:26 -05:00
jvazquez-r7
405de05e4b
Add specs for module_flavors
2014-07-03 10:31:39 -05:00
Jon Hart
bc3ac1ee36
Correct private message format, update tests
2014-07-03 08:27:27 -07:00
Spencer McIntyre
d93bf55435
Add a module_flavors method for all available flavors
2014-07-03 11:01:21 -04:00
James Lee
b7a55d402d
Add likely service ports and names for HTTP
2014-07-02 23:41:31 -05:00
James Lee
9dde47a0bc
Add a simple classes_for_service method
2014-07-02 23:31:56 -05:00
Jon Hart
1830bdc7a5
Add rspec coverage for Rex::Proto::NTP
2014-07-01 12:29:47 -07:00
Jon Hart
bc274b358f
Move NTP message code to Rex::Proto::NTP, simplify option handling
2014-06-30 23:57:47 -07:00
Trevor Rosen
2da890810a
Make db_import use Metasploit Credential
...
MSP-9948
* Special-case the pwdump file to be IO
* Had to use lotsa shims
2014-06-30 13:32:59 -05:00
HD Moore
84c0504b1b
MSI sections actually need to be signed after all
2014-06-30 13:08:28 -05:00
Trevor Rosen
cf9c3caea3
Get the latest
...
Merge branch 'staging/electro-release' into feature/MSP-9848/db-export-refactor
2014-06-30 11:14:11 -05:00
HD Moore
c9b6c05eab
Fix improper use of host-endian or signed pack/unpack
...
Note that there are some cases of host-endian left, these
are intentional because they operate on host-local memory
or services.
When in doubt, please use:
```
ri pack
```
2014-06-30 02:50:10 -05:00
HD Moore
255e792ed3
Fix host-endian related pack errors. See below for details.
...
Ruby treats endianess in pack operators in the opposite way
of python. For example, using pack('<I') actually ignores the
endianess specifier. These need to be 'I<' or better yet, 'V'.
The endian specify must occur after the pack specifier and
multiple instances in meterpreter and exe generation were
broken in thier usage.
The summary:
Instead of I/L or I< use V
Instead of I/L or I> use N
For Q, you need to always use Q< (LE) or Q> (BE)
For c/s/l/i and other lowercase variants, you probably dont
need or want a *signed* value, so stick with vV nN and cC.
2014-06-30 02:46:36 -05:00
Tod Beardsley
8b63d3d467
Revert the revert of #3446
...
This reverts commit 9b35b0e13a
.
This should not land on master until the Metasploit Pro folks (@trosen-r7
and friends) get their Meterpreter path specifications working the
same way as Framework's does.
2014-06-29 17:22:21 -05:00
dmaloney-r7
0a6a5a0a12
Merge pull request #92 from rapid7/feature/MSP-9912/metamodule-refactor-ssh-key
...
Feature/msp 9912/metamodule refactor ssh key
2014-06-27 11:48:57 -05:00
Spencer McIntyre
ea077b2f12
Improve the guess_flavor logic to pull from module info
2014-06-27 08:34:57 -04:00
Spencer McIntyre
952c935730
Use a semi-intelligent OptEnum for CMDSTAGER::FLAVOR
2014-06-27 08:34:57 -04:00
Spencer McIntyre
219153c887
Raise NotImplementedError and let :flavor be guessed
2014-06-27 08:34:56 -04:00
jvazquez-r7
dcd0e77f9e
Change #compatible? method name because it's used by Module
2014-06-27 08:34:56 -04:00
jvazquez-r7
31acc4a528
Fix #compatible? method
2014-06-27 08:34:56 -04:00
jvazquez-r7
ddd1dd5155
The check for required decoder hasn't a lot of sense
2014-06-27 08:34:56 -04:00
jvazquez-r7
9c6a521b94
Fix select_decoder
2014-06-27 08:34:56 -04:00
jvazquez-r7
dad2c75592
Initialize opts arguments
2014-06-27 08:34:56 -04:00
jvazquez-r7
381dea94d0
Fix typo
2014-06-27 08:34:56 -04:00
jvazquez-r7
cbc1bd9966
Redesign constants
2014-06-27 08:34:56 -04:00
jvazquez-r7
160147b370
Make some methods not dependant of the instance flavor
2014-06-27 08:34:56 -04:00
jvazquez-r7
45248dcdec
Add YARD documentation for methods
2014-06-27 08:34:56 -04:00
jvazquez-r7
68938e3d7a
Add select_cmdstager
2014-06-27 08:34:56 -04:00
jvazquez-r7
35d035fa4e
Add YARD docu for execute_cmdstager
2014-06-27 08:34:56 -04:00
jvazquez-r7
e8f9dde50f
Allow datastore options and opts to use strings instead of sym
2014-06-27 08:34:56 -04:00
jvazquez-r7
870fa96bd4
Allow quotes in CmdStagerFlavor metadata
2014-06-27 08:34:56 -04:00
jvazquez-r7
37d0dd59e8
Clean up a little CMDStager methods
2014-06-27 08:34:56 -04:00
jvazquez-r7
8db7ec683f
Fix setup and teardown stager methods
2014-06-27 08:34:55 -04:00
jvazquez-r7
dd7b2fc541
Use constants
2014-06-27 08:34:55 -04:00
jvazquez-r7
778f34bab6
Allow targets and modules to define compatible stagers
2014-06-27 08:34:55 -04:00
jvazquez-r7
74a6de828a
Cannot delete @cmd_list, is used at least by one module
2014-06-27 08:34:55 -04:00
jvazquez-r7
7ced5927d8
Use One CMDStagermixin
2014-06-27 08:34:55 -04:00
jvazquez-r7
0a99b549d6
Change filenames
2014-06-27 08:34:55 -04:00
jvazquez-r7
cff580162b
Move stagers
2014-06-27 08:34:55 -04:00
Spencer McIntyre
9991316ae6
Minor code cleanup and honor the datastore decoder.
2014-06-27 08:34:55 -04:00
Spencer McIntyre
80bdf750e9
Multi-fy the new printf stager and add to sshexec.
2014-06-27 08:34:55 -04:00
Spencer McIntyre
ae25c300e5
Initial attempt to unify the command stagers.
2014-06-27 08:34:55 -04:00
Trevor Rosen
a86610dad5
Gut and delegate import_msf_pwdump
...
MSP-9848
2014-06-26 16:47:42 -05:00
David Maloney
56b94fea4f
pcap import now creates creds
...
refactored cred creation to use Metasploit::Credential
for captured HTTP basic auth credentials gatehered on the wire
2014-06-26 15:34:40 -05:00
Lance Sanchez
b5351eec2b
adding .to_credential
...
Metasploit::Framework::Credential and Metasploit::Credential::Core
need to be consumable by the login scanners. the easiest way to do this
was to create a shared to_credential method on both that return Metasploit::Framework::Credential
MSP-9912
2014-06-26 11:05:59 -05:00
David Maloney
9cec330f05
Merge branch 'master' into staging/electro-release
2014-06-26 10:22:30 -05:00
Matt Buck
27ef12bafe
Land #3478 , disallow port 0 for portspec
...
[Closes #3478 ]
2014-06-25 15:46:30 -05:00
Chris Doughty
9b35b0e13a
Revert "Land #3446 -- Meterpreter bins gem switch" due to build failures
...
This reverts commit bba8bd3498
, reversing
changes made to 002234993f
.
2014-06-25 13:24:07 -05:00
David Maloney
97d08a081a
reverting port 0 behaviour in portspec
...
a change was made to protspec that allowed port 0
when we explicitly dissallowed port 0. This change caused
other code that depended on this behaviour to break
2014-06-25 13:07:22 -05:00
James Lee
f225ac92ab
Refactor smb_login
...
Maintains the new admin check functionality added in
rapid7/metasploit-framework#3330
2014-06-25 04:13:37 -05:00
OJ
769f2e4936
Change elevator to 'elevator'
...
This would have made lots of people uhnappy.
2014-06-25 07:47:47 +10:00
OJ
ac03b7c96a
Use sorted sets extension lists
2014-06-25 03:26:25 +10:00
OJ
0fc4d10813
Fix indentation for case statements
2014-06-25 03:18:37 +10:00
OJ
bba8bd3498
Land #3446 -- Meterpreter bins gem switch
2014-06-25 03:00:11 +10:00
James Lee
85611702f9
Merge branch 'upstream-master' into feature/MSP-9707/smb-bruteforce-refactor
2014-06-23 23:58:47 -05:00
HD Moore
002234993f
SMB lib fixes, unattend.xml cred gathering
2014-06-23 20:08:42 -05:00
HD Moore
b872fa0f0d
Handle smb_recv corner case with a cache, clean up find_*, cosmetic
2014-06-23 16:14:18 -05:00
HD Moore
94388e3931
Fix typo in the constant name
2014-06-23 12:51:26 -05:00
HD Moore
d6a263d538
Identify the hung host in the thread info
2014-06-22 16:01:03 -05:00
HD Moore
538a520445
Remove redundant option (threads are always used in reverse_tcp_double)
2014-06-22 16:00:44 -05:00
HD Moore
b3d83720ca
Add ReverseListenerThreaded option to prevent deadlocks
...
JodaZ reported that the handle_connection() sock.put call can
result in the entire reverse_tcp stager hanging if the client
stops receiving or is on a very slow link. The solution emulates
what ReverseTcpDouble already does, which is stage each connection
in a new thread. However, given that a high number of threads
can be a problem on some operating systems (*ahem* win32) this
option is not enabled by default.
We should look into thread pooling and handle_connection() timeouts
as well as event-based polling of multiple clients as alternatives,
but this option will improve the situation for our existing users.
2014-06-22 15:55:20 -05:00
HD Moore
6e5f528332
Prevent stager deadlock if inp/out detection hangs for some reason
...
Even though there are calls to has_read_data(), it doesn't prevent
the put() call from blocking in a dead client or slowaris-like
situation. By moving the inp/out detection into the thread, we
allow the main handler to keep processing connections even if
a single connection hangs.
2014-06-22 15:25:19 -05:00
Spencer McIntyre
05d4a1ab2c
Land #3342 , Support negation in portspec
2014-06-21 18:14:50 -04:00
James Lee
35c0ef0c68
Merge branch 'feature/MSP-9716/mssql_crack' into staging/electro-release
2014-06-20 12:39:07 -05:00
Tod Beardsley
2626450c38
Fix indent per @jlee-r7'e eagle eye
2014-06-20 11:52:47 -05:00
David Maloney
99b1702559
Merge branch 'master' into staging/electro-release
...
Conflicts:
lib/msfenv.rb
2014-06-20 11:38:47 -05:00
jvazquez-r7
4203e75777
Land #3408 , @m-1-k-3's exploit for D-Link hedwig.cgi OSVDB 95950
2014-06-20 10:27:32 -05:00
Tod Beardsley
2a4ed0e651
Replace all the obvious path calls to Meterpreter
...
Unfortunately, though, there seems to be a stealthy set, somewhere, of
datastore['DLL']. Not sure where yet. The stack trace in the
framework.log is:
````
[06/19/2014 17:53:34] [i(0)] core: windows/meterpreter/reverse_http: iteration 1: Successfully encoded with encoder x86/fnstenv_mov (size is
366)
[06/19/2014 17:53:35] [e(0)] rex: Proc::on_request: Errno::ENOENT: No such file or directory -
/home/todb/git/rapid7/metasploit-framework/data/meterpreter/metsrv.x86.dll
/home/todb/git/rapid7/metasploit-framework/lib/msf/core/reflective_dll_loader.rb:26:in `initialize'
/home/todb/git/rapid7/metasploit-framework/lib/msf/core/reflective_dll_loader.rb:26:in `open'
/home/todb/git/rapid7/metasploit-framework/lib/msf/core/reflective_dll_loader.rb:26:in `load_rdi_dll'
/home/todb/git/rapid7/metasploit-framework/lib/msf/core/payload/windows/reflectivedllinject.rb:56:in `stage_payload'
/home/todb/git/rapid7/metasploit-framework/lib/msf/core/handler/reverse_http.rb:212:in `on_request'
/home/todb/git/rapid7/metasploit-framework/lib/msf/core/handler/reverse_http.rb:129:in `block in setup_handler'
/home/todb/git/rapid7/metasploit-framework/lib/rex/proto/http/handler/proc.rb:38:in `call'
/home/todb/git/rapid7/metasploit-framework/lib/rex/proto/http/handler/proc.rb:38:in `on_request'
/home/todb/git/rapid7/metasploit-framework/lib/rex/proto/http/server.rb:365:in `dispatch_request'
/home/todb/git/rapid7/metasploit-framework/lib/rex/proto/http/server.rb:299:in `on_client_data'
/home/todb/git/rapid7/metasploit-framework/lib/rex/proto/http/server.rb:158:in `block in start'
/home/todb/git/rapid7/metasploit-framework/lib/rex/io/stream_server.rb:48:in `call'
/home/todb/git/rapid7/metasploit-framework/lib/rex/io/stream_server.rb:48:in `on_client_data'
/home/todb/git/rapid7/metasploit-framework/lib/rex/io/stream_server.rb:192:in `block in monitor_clients'
/home/todb/git/rapid7/metasploit-framework/lib/rex/io/stream_server.rb:190:in `each'
/home/todb/git/rapid7/metasploit-framework/lib/rex/io/stream_server.rb:190:in `monitor_clients'
/home/todb/git/rapid7/metasploit-framework/lib/rex/io/stream_server.rb:73:in `block in start'
/home/todb/git/rapid7/metasploit-framework/lib/rex/thread_factory.rb:22:in `call'
/home/todb/git/rapid7/metasploit-framework/lib/rex/thread_factory.rb:22:in `block in spawn'
/home/todb/git/rapid7/metasploit-framework/lib/msf/core/thread_manager.rb💯 in `call'
/home/todb/git/rapid7/metasploit-framework/lib/msf/core/thread_manager.rb💯 in `block in spawn'
````
Still tracking this down.
2014-06-19 18:03:11 -05:00
David Maloney
3c85601426
not every version has dupe supression
2014-06-19 16:28:23 -05:00
jvazquez-r7
a0386f0797
Fix cmd_concat_operator
2014-06-19 15:52:55 -05:00
David Maloney
4453dcdc8e
some minor fixes
2014-06-19 15:45:24 -05:00
David Maloney
8de2109f97
Merge branch 'staging/electro-release' into feature/MSP-9696/http-bruteforce-refactor
2014-06-19 15:38:05 -05:00
James Lee
9421beedb3
Refactor http_login
2014-06-19 14:12:21 -05:00
David Maloney
0ff8708e6d
some minor fixes
2014-06-19 13:08:43 -05:00
Matt Buck
5815ec96df
Merge pull request #80 from rapid7/bug/MSP-10038/skip-ssh-passphrase
...
Backported net-ssh ask_passphrase functionality
MSP-10038
2014-06-19 12:53:43 -05:00
David Maloney
53352924d2
Merge branch 'staging/electro-release' into feature/MSP-9716/mssql_crack
...
Conflicts:
Gemfile
2014-06-19 12:45:53 -05:00
James Lee
b606448976
Merge branch 'feature/MSP-9689/jtr_cracker' into staging/electro-release
2014-06-19 10:14:57 -05:00
James Lee
2d9c6f832a
Moar parens!!1!!
2014-06-19 10:07:21 -05:00
James Lee
594923c790
Don't overwrite ENV if it's set
2014-06-18 14:53:41 -05:00
David Maloney
62f4054858
startring refactor on jtr_mssql
...
started work on the mssql hash cracker
fixed some minor bugs with the underlying mixin
crackers now runs. still have to have the cred objects created
2014-06-18 14:50:08 -05:00
James Lee
5beb43d200
Land #3022 , support Gemfile.local
2014-06-18 14:28:57 -05:00
David Maloney
fd0e24cdb2
moar docs!
2014-06-18 11:38:07 -05:00
David Maloney
4b4d9796c5
more minor cleanup
...
cleanup from code review
2014-06-18 11:24:55 -05:00
Fernando Arias
f24d665516
Backported net-ssh ask_passphrase functionality
...
MSP-10038
2014-06-18 11:21:17 -05:00
Michael Messner
86f523f00c
concator handling
2014-06-18 18:15:58 +02:00
David Maloney
9f11170c3b
some minor cleanup on jtr stuff
...
minor cleanup to code nstyling stuff
2014-06-18 10:57:41 -05:00
David Maloney
58b016202b
Merge branch 'staging/electro-release' into feature/MSP-9709/ssh-pubkey
2014-06-18 10:50:29 -05:00
David Maloney
2b0bb608b1
Merge branch 'master' into staging/electro-release
2014-06-18 10:49:58 -05:00
OJ
5879ca3340
Merge branch 'upstream/master' into meatballs x64_injection
2014-06-18 10:24:33 +10:00
David Maloney
34c0b00816
don't autload this mixin
...
causes laod order problems when we try to
autoload this mixin. We will just explicitly require
2014-06-17 16:10:09 -05:00
David Maloney
763f6f8d80
finish cleaning up jtr mixin
...
finish cleaning up the module mixin for jtr
2014-06-17 15:16:32 -05:00
David Maloney
432b88680b
start fixing jtr module mixin
2014-06-17 13:27:11 -05:00
David Maloney
d473d86ef0
use tr instead of gsub for mutation
...
this should be another slight performance
increase as straight up string replacement
should require less overhead then multiple
runs of regex replacement.
2014-06-17 10:29:09 -05:00
James Lee
6237d56398
Refactor ssh_login_pubkey
...
* Fix a bug in LoginScanner::SSHKey (which was copy-pasted from SSH)
where the ssh_socket accessor was not being set because of a
shadowing local var
* Fix a bug in the db command dispatcher where an extra column was
added to the table, causing an unhandled exception when running the
creds command
* Add a big, ugly, untested class for imitating
Metasploit::Framework::CredentialCollection for ssh keys. This class
continues the current behavoir of silently ignoring files that are a)
encrypted or b) not private keys.
* Remove unnecessary proof gathering in the module (it's already
handled by the LoginScanner class)
2014-06-16 18:38:20 -05:00
David Maloney
a81b0ed17b
rename method to_file
...
change method name from write to to_file
as it makes more sense for what it is is doing
and what it returns
2014-06-16 18:03:06 -05:00
David Maloney
95beaa4f7e
correct self-eating array nature
...
we never noticed we were modifying the array in place
because we were reculaculating. now with a memoized
version we would get decreasing results
2014-06-16 17:37:18 -05:00
David Maloney
a92a58417f
memoize the mutation keys
...
it was recalculating the mutation rules
everytime, and there is no reason to do this
2014-06-16 17:18:52 -05:00
David Maloney
f1a39ef973
enumerators all done with specs
...
the enumeration chains are now all complete with specs
so we can enumerate all the words generated by the given options.
2014-06-16 13:31:30 -05:00
David Maloney
9af811a2ed
we need to pass in a workspace
2014-06-15 15:52:57 -05:00
David Maloney
897b0b1ee5
wordlist enumerators with some specs
...
started the enumerators on the wordlist class
and began adding the specs for them
2014-06-15 13:37:50 -05:00
scriptjunkie
d38a95a352
Merge branch 'bugfixes/post-module-execution-causing-duplicate-search-results' of github.com:nstarke/metasploit-framework into nstarke-bugfixes/post-module-execution-causing-duplicate-search-results
2014-06-15 13:15:57 -05:00
David Maloney
a00ff5aeef
yield custom_wordlist words
2014-06-15 12:16:21 -05:00
David Maloney
41d6b326f2
specs for wordlist validations
...
added specs to cover the validations on
the JtR wordlist class.
2014-06-15 11:14:11 -05:00
David Maloney
a5fb898904
actually set max run time
...
make maxrutnime affect the crack command
2014-06-14 20:03:56 -05:00
David Maloney
33519b1fcd
cracker validations and specs
...
more validations and specs for the cracker class
2014-06-14 19:59:59 -05:00
David Maloney
10f3531bbb
add exectuable validator
...
like the filepath validator but also checks
to see if the file is exectuable by the current
users.
2014-06-14 18:01:24 -05:00
David Maloney
21f29c4da9
more filepath validators
...
added filepath validations to cracker
also made them all conditional validations
2014-06-14 17:54:37 -05:00
David Maloney
1dd69a5228
wordlist validators
...
added custom fielpath vaidator and
added validations to the wordlist class
2014-06-14 17:49:47 -05:00
David Maloney
466576d03f
jtr wordlist validations started
...
start adding validations and exceptions for the
JtR Wordlist class.
2014-06-14 16:16:30 -05:00
David Maloney
19231b7c8f
starting skeleton on wordlist class
...
start framing out JtR wordlist class that
will generate Wordlists to be passed to our
JtR cracker.
2014-06-14 15:48:25 -05:00
David Maloney
41f7bc1372
add common root words wordlist
...
this adds a new wordlist to the data directory.
This wordlist is compiled from statistical analysis of
common Numeric passwords and Common rootwords across
6 years of colleted password breach dumps. Every word in
this list has been seen thousands of times in password
breaches
2014-06-14 14:13:59 -05:00
David Maloney
873d6e5b99
add all the specs
2014-06-14 12:28:17 -05:00
Tim Wright
9b43749916
Land #3418 - android adobe reader addjisf pdf exploit
...
Merge branch 'landing-3418' into upstream-master
2014-06-14 11:25:29 +01:00
David Maloney
b784bea48e
slow roll of specs for jtr cracker
...
slowly adding spec coverage for the JtR cracker
2014-06-13 16:08:56 -05:00
David Maloney
7187138134
start injecting sanity
2014-06-13 14:53:56 -05:00
David Maloney
a9bcb8b3bd
add skeleton for JtR Cracker
...
starting work on creating the JtR Cracker class
2014-06-13 11:10:12 -05:00
Michael Messner
894af92b22
echo stager, arch_cmd
2014-06-13 11:40:50 +02:00
Samuel Huckins
f452652f54
Merge pull request #61 from rapid7/feature/MSP-9708/ssh-bruteforce
...
Functional steps updated and passing, along with specs. Proof being maintained seemed off, but it's not persisted, just used for setting platform.
MSP-9708 #land
2014-06-12 18:37:44 -05:00
Samuel Huckins
d215b8e5b2
Merge pull request #47 from rapid7/feature/MSP-9712/winrm-bruteforce
...
45 merged, steps passing.
MSP-9712 #land
2014-06-12 16:04:17 -05:00
Samuel Huckins
df705c2edc
Gotta keep 'em sepArated.
...
MSP-9712
2014-06-12 16:03:02 -05:00
Tod Beardsley
cbedea222f
Land #3416 again, now that the bins are available
...
This reverts commit 3d73414530
.
2014-06-12 14:53:03 -05:00
Tod Beardsley
3d73414530
Revert #3416 , needs the correct bins first
...
This was a whoops on my part. I will reland this when I have the
Meterpreter bins all sorted.
This reverts commit 40b5405053
, reversing
changes made to 86e4eaaaed
.
2014-06-12 14:20:06 -05:00
David Maloney
96e492f572
Merge branch 'master' into staging/electro-release
2014-06-12 14:02:27 -05:00
Tod Beardsley
40b5405053
Land #3416 , fix DWORD/QWORD bug
2014-06-12 13:59:34 -05:00
Samuel Huckins
fe33444858
Merge pull request #58 from rapid7/feature/MSP-9693/db2_auth
...
Errors resolved, cred created
MSP-9693 #land
2014-06-12 12:49:54 -05:00
David Maloney
5fd117a015
fix userpass file stack trace
...
if an improperly formated userpass file was
supplied it could cause a stack trace. add some guarding around it
2014-06-12 12:39:36 -05:00
dmaloney-r7
ed84336149
Merge pull request #60 from rapid7/feature/MSP-9992/creds-command
...
Refactor the creds command
2014-06-12 12:24:09 -05:00
joev
289bae88de
Remove lie in comment.
2014-06-12 10:02:29 -05:00
sinn3r
2a7227f443
Land #3427 - Adds webcam module for firefox privileged sessions on OSX
2014-06-11 22:27:25 -05:00
David Maloney
c074ebda7b
refactor telnet_login
2014-06-11 17:46:42 -05:00
James Lee
c8e1fab6ec
Merge branch 'staging/electro-release' into feature/MSP-9708/ssh-bruteforce
...
Conflicts:
lib/metasploit/framework/credential.rb
2014-06-11 16:28:01 -05:00
James Lee
b756395eaa
Merge branch 'staging/electro-release' into feature/MSP-9712/winrm-bruteforce
...
Conflicts:
lib/metasploit/framework/credential_collection.rb
spec/lib/metasploit/framework/credential_collection_spec.rb
2014-06-11 16:21:59 -05:00
dmaloney-r7
9affc753c0
Merge pull request #66 from rapid7/feature/cred-collection-prepend
...
Add ability to prepend creds to a collection
2014-06-11 14:34:54 -05:00
James Lee
3a8f6236ad
Add ability to prepend creds to a collection
2014-06-11 14:30:45 -05:00
Samuel Huckins
84aa0d42ed
Merge pull request #57 from rapid7/bug/MSP-10004/rubyzip
...
Trevor added a 0.4.1 tag right before this PR landed, making this unmergable. Pulled in staging/electro-release, specs passing.
2014-06-11 13:48:03 -05:00
Samuel Huckins
1903542683
Merge branch 'staging/electro-release' into bug/MSP-10004/rubyzip
...
Conflicts:
Gemfile
Gemfile.lock
2014-06-11 13:42:26 -05:00
Trevor Rosen
e8752f9c56
Point to correct creds version
2014-06-11 13:38:35 -05:00
David Maloney
9593422f9c
Merge branch 'master' into staging/electro-release
2014-06-11 10:23:56 -05:00
Tod Beardsley
4b8961a464
Land #3428 , deprecation warns for payloads
2014-06-11 09:57:07 -05:00
James Lee
fb8c1f4c4b
Refactor ssh_login to use LoginScanner stuffs
...
Also, Metasploit::Credential::Creation stuffs.
2014-06-10 17:30:06 -05:00
James Lee
c0c1bd40a9
Fix help spec
2014-06-10 17:28:55 -05:00
James Lee
82b2c1deae
Make creds command show Metasploit::Credentials
...
This attempts to change the output of the command as little as possible,
but removes the ability to add and delete for now. At some point, we'll
need to add that back in.
2014-06-10 15:03:03 -05:00
Tod Beardsley
b379dc014a
Avoid double-printing with setup and init_ui
2014-06-10 13:57:25 -05:00
Luke Imhoff
4d923a4809
Update to Rubyzip 1.X API
...
MSP-10004
`require 'zip'` instead of `'zip/zip'` and rename all classes to remove
redundant Zip prefix inside the Zip namespace.
2014-06-10 13:41:42 -05:00
Luke Imhoff
f37ce795a1
Remove lib/zip
...
MSP-10004
2014-06-10 13:39:05 -05:00
David Maloney
e9d9806408
invalidate_login
...
added invalidate_login call
also made to_s on credential drop the @
if there is no realm present
2014-06-10 11:07:15 -05:00
jvennix-r7
92414d3688
Merge pull request #53 from rapid7/bug/MSP-9994/framework-db-driver
...
Set `framework.db.driver` when connection already established.
2014-06-10 10:49:00 -05:00
Luke Imhoff
2cbbaad6b4
Set drivers and driver when connection already established
...
MSP-9994
3 database commands in msfconsole check for framework.db.driver to be
set, so driver must be set when the connection is already established by
the Rails initialization.
2014-06-09 14:26:59 -05:00
Luke Imhoff
1ee35ec68a
Handle unconnected config in connection_established?
...
MSP-9994
Rescue `ActiveRecord::ConnectionNotEstablished` in
`Msf::DBManager#connection_established?` in addition to
`PG::ConnectionBad` to handle when the connection has been removed.
2014-06-09 14:26:45 -05:00
David Maloney
482aa2ea08
Merge branch 'master' into staging/electro-release
2014-06-09 10:27:22 -05:00
Meatballs
bf1a665259
Land #2657 , Dynamic generation of windows service executable functions
...
Allows a user to specify non service executables as EXE::Template as
long as the file has enough size to store the payload.
2014-06-07 13:28:20 +01:00
Meatballs
897ad6f963
Some service yarddoc
2014-06-07 13:27:32 +01:00
Meatballs
5218ca4d89
Give warning on module load
2014-06-06 23:04:40 +01:00
joev
d990fb4999
Remove a number of stray edits and bs.
2014-06-06 16:24:45 -05:00
joev
4a9f50bb60
Clean up some dead code.
2014-06-06 16:20:40 -05:00
joev
7c762ad42c
Fix some minor bugs in webrtc stuff, inline API code.
2014-06-06 16:18:39 -05:00
Meatballs
4a699c2852
Merge remote-tracking branch 'upstream/pr/3416' into x64_injection
2014-06-06 20:37:12 +01:00
James Lee
552899ef13
Add a couple more specs for CredentialCollection
...
Also fixes some typos in docs
2014-06-06 12:12:32 -05:00
David Maloney
4d53c18ac4
fix version
2014-06-06 12:07:22 -05:00
dmaloney-r7
ff8e6d2c50
Merge pull request #45 from rapid7/feature/MSP-9988/credential-collection
...
Add a CredCollection class and refactor WinRM bruteforce module
2014-06-06 11:53:28 -05:00
Brandon Turner
bacf82acb1
Merge branch 'release' into 'master'
2014-06-06 09:59:00 -05:00
Brandon Turner
21be4f21a6
Bump version to 4.9.3
2014-06-06 09:52:01 -05:00
Luke Imhoff
f2a56c041b
Merge branch 'staging/electro-release' into feature/MSP-9653/use-metasploit-concern-in-pro
...
MSP-9653
Conflicts:
Gemfile
Gemfile.lock
2014-06-05 16:22:02 -05:00
David Maloney
c61b47063d
vnc add missing exception catch
...
linux throws a different exception than osx
when the vnc client fails to connect
this caused issues with the specs running. this now
catches that additional exception
2014-06-05 15:32:08 -05:00
James Lee
b1136752be
Add Credential#== to facilitate specs
2014-06-05 11:37:48 -05:00
James Lee
8b6e188ba8
Add support for realm in CredentialCollection
...
MSP-9988
2014-06-04 17:03:52 -05:00
James Lee
b1ff6b95b5
Better docs
2014-06-04 14:44:53 -05:00
James Lee
41644970bf
Add a CredentialCollection
...
Also moves Metasploit::Framework::LoginScanner::Credential to
Metasploit::Framework::Credential
2014-06-04 13:01:09 -05:00
David Maloney
28bf29980e
Merge branch 'master' into staging/electro-release
2014-06-04 10:21:08 -05:00
OJ
a53955adb7
Updated more UINT TLVs to QWORDS
...
All with the goal of removing more pointer truncation issues.
2014-06-04 20:55:20 +10:00
Trevor Rosen
ad15e6fe17
Merge pull request #35 from rapid7/feature/MSP-9678/pop3-login-scanner
...
Feature/msp 9678/pop3 login scanner
MSP-9678 #land
2014-06-03 12:11:17 -05:00
Lance Sanchez
edc9f94d41
fixing issues raised in code review
...
MSP-9678
2014-06-03 11:15:26 -05:00
joev
cf6b181959
Revert change to trailer(). Kill dead method.
...
* I verified that changes to PDF mixin do not affect any older modules that
generate PDF. I did this by (on each branch) running in irb, then
running the module and diffing the pdf's generated by each branch. There were
no changes.
2014-06-02 22:26:14 -05:00
joev
9f5dfab9ea
Add better interface for specifying custom #eol.
2014-06-02 22:26:11 -05:00
joev
09e965d54e
Remove extraneous method from pdf.rb
2014-06-02 22:26:03 -05:00
joev
feca6c4700
Add exploit for ajsif vuln in Adobe Reader.
...
* This refactors the logic of webview_addjavascriptinterface into a mixin (android.rb).
* Additionally, some behavior in pdf.rb had to be modified (in backwards-compatible ways).
Conflicts:
lib/msf/core/exploit/mixins.rb
2014-06-02 22:25:55 -05:00
Tod Beardsley
d0d389598a
Land #3086 , Android Java Meterpreter updates
...
w00t.
2014-06-02 17:28:38 -05:00
Lance Sanchez
15fffb1668
Adding in some tests
...
cleaning up the regex a bit
MSP-9678
2014-06-02 13:50:30 -05:00
Luke Imhoff
9e78509aac
Merge branch 'staging/electro-release' into feature/MSP-9653/use-metasploit-concern-in-pro
...
MSP-9653
Conflicts:
Gemfile
Gemfile.lock
2014-06-02 13:40:11 -05:00
Luke Imhoff
ebf61bef22
Metasploit::Framework::Engine
...
MSP-9653
Rails::Engine version of Metasploit::Framework::Application that can be
used by downstream projects, like Pro to get the shared behaviors, like
modules path adding, meterpreter extension merging, and binary default
encoding.
2014-06-02 13:00:22 -05:00
Luke Imhoff
9d326fcb24
Extra common engine and fix default encoding
...
MSP-9653
Extra config and initializers that can we shared between
Metasploit::Framework::Application and the future
Metasploit::Framework::Engine. Move the default encoding setup from
lib/msf/sanity.rb to a before_initialize callback for the shared config
so that gems, like gherkin that depend on the utf-8 default internal
encoding can be loaded.
2014-06-02 12:57:48 -05:00
Luke Imhoff
3ebe7dfbc8
Gem version
...
MSP-9653
Move version information to standard location for gems.
2014-06-02 12:54:46 -05:00
Luke Imhoff
21fad7163d
Msf::DBManager#connection_established?
...
MSP-9653
Calling `ActiveRecord::Base.establish_connection`, followed by
`ActiveRecord::Base.connected?` returns false unless some other code
requires a connection to be checked out first. The correct way to check
if the spec passed to `ActiveRecord::Base.establish_connection` is to
checkout a connection and then ask if it is active.
`Msf::DBManager#connection_established?` does the checkout, active check
and checkin, and should be used in place of
`ActiveRecord::Base.connected?` and
`ActiveRecord::Base.connection_pool.connected?`.
`Msf::DBManager#active` should still be used as it also checks for
adapter/driver usability and that migrations have run.
2014-06-02 12:49:09 -05:00
Luke Imhoff
b436aeff01
msfenv compatibility with Pro
...
MSP-9653
lib/msfenv.rb should only load the framework environment to initialize
Metasploit::Framework::Application if a Rails.application is not
defined, otherwise it will clash with the Rails application in prosvc.
2014-06-02 12:41:22 -05:00
Luke Imhoff
1055efbeaa
Add module paths from paths['modules'] from Rails app and engines
...
MSP-9653
Allow rails engines (and other applications, like
Metasploit::Pro::Engine::Application) to define their own module paths
using the paths['modules'] entry for Rails Applications/Engines.
2014-06-02 12:32:54 -05:00
Luke Imhoff
84f5a0d499
Explicitly require gem dependencies
...
MSP-9653
2014-06-02 12:27:15 -05:00
David Maloney
34004908bb
Merge branch 'master' into staging/electro-release
...
Conflicts:
.ruby-version
2014-06-02 11:10:33 -05:00
William Vu
bba741897e
Land #3413 , improved FileDropper cleanup message
2014-06-02 11:05:48 -05:00
Lance Sanchez
f2a2975bc1
Merge branch 'staging/electro-release' into feature/MSP-9678/pop3-login-scanner
2014-06-02 10:56:54 -05:00
Christian Mehlmauer
428df19739
Changed message
2014-06-02 17:28:09 +02:00
Meatballs
e3a20ae073
Merge remote-tracking branch 'upstream/pr/3416' into x64_injection
2014-06-01 16:10:53 +01:00
OJ
8346e20bf1
Change memory types from DWORD to QWORD
...
This was causing memory allocations to fail on x64 in cases where
the higher bits were set in addresses.
2014-06-01 21:27:07 +10:00
Meatballs
f0e9a9010e
Return nil if fail
2014-06-01 11:55:40 +01:00
Meatballs
a4ecd8e02d
Should return the thread object
2014-06-01 11:49:56 +01:00
Meatballs
58ee2ccd6e
Land #3390 , Fix have_powershell
2014-06-01 10:43:35 +01:00
Christian Mehlmauer
03b4a29662
Clarify filedropper error message
2014-05-31 22:17:32 +02:00
Trevor Rosen
dee4acdb2a
Merge pull request #27 from rapid7/feature/MSP-9725/windows_hashdump
...
Windows Hashdump post module refactor
MSP-9725 #land
2014-05-30 14:04:31 -05:00
Trevor Rosen
8bcd763039
Merge pull request #26 from rapid7/feature/MSP-9685/telnet_login_scanner
...
Feature/msp 9685/telnet login scanner
MSP-9685 #land
2014-05-30 13:40:18 -05:00
David Maloney
782c8bd172
Merge branch 'staging/electro-release' into feature/MSP-9725/windows_hashdump
2014-05-30 13:28:35 -05:00
David Maloney
ba525c7b78
use metasploit-credential creation methods
2014-05-30 13:07:11 -05:00
David Maloney
98a23881ee
remove cred creation methods
...
removed cred creation methods from framework
and include them from the metasploit-credential gem instead
2014-05-30 11:28:53 -05:00
David Maloney
e3c4745879
Windows Hashdump post module refactor
...
refactor the Hashdump post module for window
to use the new cred creation methods.
Also some extra methods to do db safe checks
for record ids that we need
2014-05-29 13:20:32 -05:00
dmaloney-r7
e669324366
Merge pull request #25 from rapid7/feature/MSP-9673/axis2-login-scanner
...
Add axis2 login scanner
2014-05-29 11:22:22 -05:00
David Maloney
2c6f89a58d
add sane default for connection timeout
2014-05-29 11:12:59 -05:00
David Maloney
eb04a3774a
fixes for telnet wierdness
...
had to work around the way the old
Auxiliary::Login mixin worked. Scanner
now works properly
2014-05-29 10:43:00 -05:00
Tom Sellers
aa85cb8195
Update powershell.rb
2014-05-29 05:46:32 -05:00
James Lee
572e4f2bdf
Fix dumb missing options and add spec
2014-05-28 16:32:38 -05:00
David Maloney
1bc2140fa6
Telnet LoginScanner basics
...
basic Telnet LoginScanner with shell
specs. Need to test functionality
and write additional specs
2014-05-28 14:47:58 -05:00
HD Moore
c7366b4361
Fix a small typo in the regex
2014-05-28 14:40:09 -05:00
HD Moore
583dab62b2
Introduce and use OS matching constants
2014-05-28 14:35:22 -05:00
Luke Imhoff
0e60f08e51
Don't re-establish connection
...
MSP-9653
If ActiveRecord::Base is already connected, then don't attempt to create
the database (as it involves establishing a new connection) or
establishing a new connection after the creation. Still run the
migrations as the normal Rails::Application.initialize! will result in
ActiveRecord::Base.connected? being true even if migrations are missing.
2014-05-28 14:34:36 -05:00
David Maloney
747395e383
create telnet clinet mixin
...
copy paste existing stuff repurposed for use
in a real class instead of a metasploit module
2014-05-28 13:53:50 -05:00
Lance Sanchez
07a61ae696
adding in changes from before my vacation..
...
MSP-9678
2014-05-28 13:18:28 -05:00
David Maloney
ca4c942ceb
Merge branch 'staging/electro-release' into feature/MSP-9640/cred_creation
2014-05-28 09:40:44 -05:00
David Maloney
967b0d49b1
Merge branch 'master' into staging/electro-release
...
Conflicts:
Gemfile
Gemfile.lock
2014-05-28 09:39:56 -05:00
David Maloney
deabd1c3b0
tidy the YARD
...
some more cleanup, in the YARD
docs this time.
2014-05-28 09:30:45 -05:00
James Lee
3ac2182984
First stab at axis2 login scanner
2014-05-27 23:53:04 -05:00
Tom Sellers
ae1b7e564b
Update powershell.rb
2014-05-27 05:18:00 -05:00
William Vu
704e4d78ca
Fix typo in client_request.rb comment
2014-05-26 23:55:48 -05:00
William Vu
0133e861f8
Fix typo
2014-05-26 23:55:20 -05:00
William Vu
352e14c21a
Land #3391 , all vars_get msftidy warning fixes
2014-05-26 23:41:46 -05:00
Meatballs
1914e0abd3
Land 3393, Add session and framework vars to irb
2014-05-26 18:50:20 +01:00
jvazquez-r7
994891e9c5
Land #3383 , @wchen-r7's [FixRM #8804 ] Fix / URIPATH for BrowserExploitServer
2014-05-25 19:51:30 -05:00
Spencer McIntyre
77e70d8bbe
Add 2 more variables for meterpreter irb
2014-05-25 16:28:40 -04:00
Christian Mehlmauer
da0a9f66ea
Resolved all msftidy vars_get warnings
2014-05-25 19:29:39 +02:00
Tom Sellers
42a17cc085
Update powershell.rb
...
To be clear, the shell that was tested with was 'windows/shell_reverse_tcp' delivered via 'exploit/windows/smb/psexec'
Additional changes required to fix regex to support the multiline output. Also, InstanceId uses a lower case 'D' on the platforms I tested - PowerShell 2.0 on Windows 2003, Windows 7, Windows 2008 R2 as well as PowerShell 4.0 on Windows 2012 R2.
This method doesn't appear to be used anywhere in the Metasploit codebase currently.
2014-05-25 08:59:42 -05:00
Tom Sellers
76b9273f10
Improve reliability of have_powershell
...
I have a case where on a Windows 2008 R2 host with PowerShell 2.0 the 'have_powershell' method times out. When I interactively run the command I find that the output stops after the PowerShell command and the token from 'cmd_exec' is NOT displayed. When I hit return the shell then processes the '&echo <randomstring>' and generates the token that 'cmd_exec' was looking for. I tried various versions of the PowerShell command string such as 'Get-Host;Exit(0)', '$PSVErsionTable.PSVersion', and '-Command Get-Host' but was unable to change the behavior. I found that adding 'echo. | ' simulated pressing enter and did not disrupt the results on this host or on another host where the 'have_powershell' method functioned as expected.
There may be a better solution, but this was the only one that I could find.
2014-05-25 08:07:38 -05:00
Lutz Wolf
fc5436417b
Simplification
2014-05-24 23:45:21 +02:00
Lutz Wolf
4fc6e402dc
Allow port 0
2014-05-24 23:44:50 +02:00
David Maloney
32b88c2db6
final fixes to login creation
2014-05-23 10:58:21 -05:00
joev
ae3c334232
Getting closer. Still something f'd with local answerer.html.
2014-05-22 17:14:35 -05:00
dmaloney-r7
85737d1235
Merge pull request #22 from rapid7/feature/MSP-9646/afp-loginscanner
...
AFP login scanner
2014-05-22 15:05:24 -05:00
dmaloney-r7
e062e88081
Merge pull request #23 from rapid7/feature/MSP-9671/tomcat-loginscanner
...
Add Tomcat login scanner
2014-05-22 15:01:47 -05:00
David Maloney
fbacf80839
Merge branch 'staging/electro-release' into feature/MSP-9640/cred_creation
2014-05-22 14:39:17 -05:00
David Maloney
75d19e198b
Merge branch 'staging/electro-release' of github.com:rapid7/metasploit-framework-private into staging/electro-release
2014-05-22 14:38:53 -05:00
David Maloney
dcc6ed5351
Merge branch 'master' into staging/electro-release
2014-05-22 14:37:09 -05:00
David Maloney
ac9af000af
full cred creation rotuine done
...
creating Logins as a seperate method, both
methods are done and fully documented.
2014-05-22 13:53:26 -05:00
sinn3r
1dbe972377
Fix URIPATH / for BrowserExploitServer
...
[SeeRM #8804 ] Fix URIPATH / for BrowserExploitServer
2014-05-22 12:18:49 -05:00
William Vu
d31908b72e
Land #3374 , RPC deadlock fix
...
[FixRM #8794 ]
2014-05-22 12:07:23 -05:00
David Maloney
19e36cccb3
Credential Core creation now complete
2014-05-21 16:37:13 -05:00
joev
14b796acbf
First stab at refactoring webrtc mixin.
2014-05-21 15:32:29 -05:00
James Lee
5d1a0397ed
Add Tomcat login scanner
2014-05-21 14:28:54 -05:00
David Maloney
3ea99a9d43
private creation w/ specs and docs
...
the private creation method is now done
with specs and YARD docs
2014-05-21 13:21:56 -05:00
David Maloney
2629549f6f
added realm creation
...
added method for creating credential realm
creation.
2014-05-21 11:22:22 -05:00
James Lee
8be35b90f4
Add some more specs for AFP login scanner
2014-05-20 17:44:41 -05:00
James Lee
d061d36229
Merge branch 'staging/electro-release' into feature/MSP-9646/afp-loginscanner
2014-05-20 17:25:42 -05:00
James Lee
21de14ac3d
Initial stab at AFP login scanner
2014-05-20 17:08:12 -05:00
Meatballs
92669cd4d6
Use parser
2014-05-20 22:26:13 +01:00
Meatballs
0a2b79ccd1
Tidyup parser
2014-05-20 22:04:59 +01:00
Meatballs
09af023a71
Merge in parser
2014-05-20 21:56:35 +01:00
Meatballs
15313a9ab1
Dont try to read 0 structs
2014-05-20 21:55:04 +01:00
Samuel Huckins
62bae8e23b
Merge pull request #21 from rapid7/feature/MSP-9687/winrm-loginscanner
...
Specs and functional steps passing.
MSP-9687 #land
2014-05-20 11:32:37 -05:00
David Maloney
ce69f742a4
add yarddocs to origin methods
...
added YARD docs to the creation methods for
Credential::Origins
2014-05-20 11:16:19 -05:00
Luke Imhoff
38fbbdc1b5
Print tm_call one caller per line
...
MSP-9653
The inspect format was difficult to read so convert to standard
backtrace format of one caller per line.
2014-05-20 10:59:29 -05:00
David Maloney
8a2f05b7d2
Merge branch 'staging/electro-release' into feature/MSP-9640/cred_creation
2014-05-20 10:28:33 -05:00
David Maloney
0b1d9d8cd0
Merge branch 'master' into staging/electro-release
2014-05-20 10:27:55 -05:00
David Maloney
9cdddb08d9
origin specs for realsies
...
final specs and fixes for the origin creation
methods
2014-05-20 10:19:03 -05:00
David Maloney
b84aaaad19
specs and fixes for origin creation
2014-05-20 09:59:15 -05:00
David Maloney
ddfa4f1ee7
some origin creation specs
...
started getting working specs
for the origin creation methods. feel
into the weeds for a bit, but making progress at last.
2014-05-19 15:16:02 -05:00
David Maloney
9efb97d465
origin creation method
...
added base behaviour for creating generic
credential origin objects from report
2014-05-19 10:00:19 -05:00
HD Moore
a8bf53479d
Fix a merge error
2014-05-18 11:08:04 -05:00
HD Moore
a844b5c30a
Merge branch 'master' of github.com:hmoore-r7/metasploit-framework into feature/recog
...
Conflicts:
Gemfile
Gemfile.lock
data/js/detect/os.js
lib/msf/core/exploit/remote/browser_exploit_server.rb
2014-05-18 10:50:32 -05:00
James Lee
d2ebab09aa
Add timeout for SSL renegotiation after migrating
...
[SeeRM #8794 ]
2014-05-16 15:42:46 -05:00
Samuel Huckins
d9687d87f9
Merge pull request #20 from rapid7/feature/MSP-9667/db2_login
...
Specs passing post update.
MSP-9667 #land
2014-05-16 11:29:31 -05:00
David Maloney
02a9d7f15d
minor cleanup
...
minor style changes found in code review
2014-05-16 11:20:04 -05:00
James Lee
9582d82fba
Merge remote-tracking branch 'private/staging/electro-release' into feature/MSP-9687/winrm-loginscanner
2014-05-15 13:59:48 -05:00
James Lee
efd0db9c39
Merge branch 'upstream-master' into HEAD
2014-05-15 13:53:16 -05:00
James Lee
472f029576
Fix random bug when workstation_name is < 6 chars
...
When the local workstation name is less than 6 characters, remote
authentication against a Windows 2008r2 WinRM service always fails. This
doesn't seem to affect authentication against IIS's negotiate
implementation.
2014-05-15 13:27:37 -05:00
nstarke
048aebbdf2
Search Result Uniqueness
...
SeeRM #8754
Cast the results of the query to an array and perform the uniq
function passing a block which provides uniqueness based
on the return value, which in this instance is ‘fullname’
This was done because the uniq function in AREL cannot take
a specific field for uniqueness, and the sophistication of the query
make grouping nearly impossible. Initial testing showed negligible
speed difference to the user.
2014-05-15 17:52:11 +00:00
nstarke
b85403ab8f
Revert "POST module duplicate search results"
...
This reverts commit 0bca3a2d54
.
2014-05-15 16:05:47 +00:00
James Lee
8a9abb90c0
Add specs for connection error conditions
2014-05-15 10:06:17 -05:00
Lance Sanchez
e9b3f10ba7
Drying up some of the status codes
...
MSP-9678
2014-05-14 17:02:26 -05:00
William Vu
773fd7a9cb
Fix up whitespace
2014-05-14 15:31:40 -05:00
William Vu
340956f294
Add a newline after DISCLOSURE_DATE_FORMAT
2014-05-14 15:28:07 -05:00
James Lee
59050d9bf1
Add specs for WinRM, improve those for HTTP
2014-05-14 15:13:29 -05:00
James Lee
99f8fbbc9c
Add WinRM login scanner
...
* Genericizes HTTP a bit to make these kinds of HTTP-based scanners
simpler and easier
* Adds support for default ports to HTTP. This should probably be
rafactored up into Base
* Removes spec that complains about port being unset (which now fails
because defaults ensure it's always set)
2014-05-14 14:35:49 -05:00
Christian Mehlmauer
dc7a8d32d8
Land #3324 , msfconsole search timestamp fixes
2014-05-14 21:30:02 +02:00
Luke Imhoff
82d32e39cc
Merge branch 'feature/MSP-9686/vnc_login' into staging/electro-release
...
MSP-9686
2014-05-14 13:24:13 -05:00
Luke Imhoff
a32152ecaa
Merge branch 'staging/electro-release' into feature/MSP-9686/vnc_login
...
MSP-9686
2014-05-14 13:22:41 -05:00
David Maloney
fb671c72a7
Merge branch 'master' into staging/electro-release
2014-05-14 13:00:37 -05:00
dmaloney-r7
acaf713229
Merge pull request #17 from rapid7/feature/MSP-9606/metasploit-credential
...
Run migrations from Metasploit::Credential and initialize its concerns which patch Mdm
2014-05-14 11:15:07 -05:00
nstarke
bb6201d66d
Fixing nil bug and making format constant
...
The date format has been moved into a constant variable.
Certain modules do not have a disclosure_date. For example,
‘checkvm’. This necessitated checking disclosure_date for nil
before attempting a format conversion. Also, there was an additional
location in core.rb that needed the formatting / nil check added. Specs
were also updated appropriately.
2014-05-14 15:51:42 +00:00
Lance Sanchez
6a029bee02
Merge branch 'staging/electro-release' into feature/MSP-9678/pop3-login-scanner
2014-05-14 10:13:46 -05:00
David Maloney
f34090946e
derp
2014-05-14 10:10:57 -05:00
Lance Sanchez
06796fb27c
returning the result class
...
MSP-9678
2014-05-14 10:09:52 -05:00
David Maloney
2faa015bf3
some minor cleanup
...
minor edits requested by kronicdeth during
code review
2014-05-14 10:09:26 -05:00
James Lee
8a9027b21d
Add better #inspect for Credential and Result
2014-05-14 10:04:40 -05:00
Lance Sanchez
3c0625e393
hacking on the pop3 login scanner
...
MSP-9678
2014-05-14 09:44:23 -05:00
William Vu
9fbda3eae0
Land #3183 , tab completion improvements
2014-05-14 02:20:12 -05:00
William Vu
fdbfaacdf6
Land #3313 , progress feedback for PASS_FILE
...
[FixRM #8704 ]
2014-05-14 02:03:39 -05:00
William Vu
1ada4831e0
Land #3293 , module deprecation constants
2014-05-14 01:37:29 -05:00
William Vu
de49241195
Land #3185 , regex option validation
2014-05-14 01:27:18 -05:00
David Maloney
72b3c4da35
working DB2 loginscanner
...
w00t
2014-05-13 14:41:15 -05:00
Samuel Huckins
162038bde4
Merge pull request #19 from rapid7/feature/login_scanner/smb
...
Specs all passing, functional steps working.
2014-05-13 14:37:13 -05:00
David Maloney
f5751d6a85
first pass at attempt_login for DB2
...
first pass through at the attempt_login method
for the DB2 LoginScanner. still adding specs
and possibly refactoring
2014-05-13 14:10:30 -05:00
James Lee
2d7e90d5df
Remove vestigal require
2014-05-13 13:39:40 -05:00
David Maloney
5dcf3efd1a
skeleton for DB2 loginscanner
...
add basic skeleton and specs for the DB2
LoginScanner class.
2014-05-13 13:16:56 -05:00
Luke Imhoff
91cc9dc2d6
Add missing Msf::DBManager#drivers initialization
...
MSP-9606
2014-05-13 13:01:59 -05:00
agix
1a3b319262
rebase to use the mixin psexec
2014-05-13 16:04:40 +02:00
agix
87be2e674a
Rebase on https://github.com/rapid7/metasploit-framework/pull/2831 and adapt to the new mixin
2014-05-13 16:04:40 +02:00
Florian Gaultier
808f87d213
SERVICE_DESCRIPTION doesn't concern this PR
2014-05-13 16:04:39 +02:00
Florian Gaultier
bb4e9e2d4d
correct error in block service_change_description
2014-05-13 16:04:39 +02:00
Florian Gaultier
6332957bd2
Try to add SERVICE_DESCRIPTION options to psexec, but it doesn't seem to work...
2014-05-13 16:04:39 +02:00
Florian Gaultier
bdbb70ab71
up block_service_stopped.asm
2014-05-13 16:04:39 +02:00
Florian Gaultier
94f97ab963
Prevent import table overwritting by shifting entry point
2014-05-13 16:04:39 +02:00
Florian Gaultier
e269c1e4f1
Improve service_block with service_stopped block to cleanly terminate service
2014-05-13 16:04:38 +02:00
Florian Gaultier
c43e3cf581
Improve block_create_remote_process to point on shellcode everytime
2014-05-13 16:04:38 +02:00
Florian Gaultier
25d48b7300
Add create_remote_process block, now used in exe_service generation
2014-05-13 16:04:38 +02:00
Florian Gaultier
5ecebc3427
Add options `SERVICE_NAME` and `SERVICE_DISPLAYNAME` to psexec and correct service payload generation
2014-05-13 16:04:37 +02:00
Florian Gaultier
0b462ceea6
refactor `to_winpe_only` code to be used by `to_win32pe_service`
2014-05-13 16:04:37 +02:00
Florian Gaultier
914d15c285
fix typo
2014-05-13 16:04:37 +02:00
Florian Gaultier
ca7a2c7a36
Add string_to_pushes to use non fixed size service_name
2014-05-13 16:04:37 +02:00
Florian Gaultier
b3fd21b98d
Change to try to follow ruby guidelines
2014-05-13 16:04:37 +02:00
Florian Gaultier
72a3e49fbb
fix typo
2014-05-13 16:04:36 +02:00
Florian Gaultier
513f3de0f8
new service exe creation refreshed
2014-05-13 16:04:36 +02:00
Luke Imhoff
b1598e83c3
Re-enable `bundle install --without db` support
...
MSP-9606
Catch LoadError in config/application.rb when trying to require
'active_record/railtie` so that end-users can run without any of the
database gems installed. NOTE: you can't run in the development or
test environment without the database because factory_girl needs
ActiveRecord.
2014-05-12 15:39:34 -05:00
Luke Imhoff
cea7b6cd77
Revert to production as default environment
...
MSP-9606
When switching to Rails.env to integrate better with railties for
Rails::Engines, I forgot that rails would default to development instead
of production.
2014-05-12 15:37:59 -05:00
Luke Imhoff
3370465d84
Use railties to load Metasploit::Credential correctly
...
MSP-9606
In order to support Metasploit::Credential correctly,
metasploit-framework needs to support Metasploit::Concern, which does
all its magic using a Rails::Engine initializer, so the easiest path is
to make metasploit-framework be able to use Rails::Engines. To make
Rails::Engine use Rails::Engine, make a dummy Rails::Application
subclass so that all the initializers will be run when anything requires
msfenv.
2014-05-12 15:03:51 -05:00
Jeff Jarmoc
2849a1bc0c
Update comment again
2014-05-12 13:10:20 -05:00
Jeff Jarmoc
a3cc499a17
Update comment w/ all modes
2014-05-12 13:02:54 -05:00
Jeff Jarmoc
d82bc11b7d
Add 'u-noslashes' and re-order cases for consistency.
2014-05-12 13:01:05 -05:00
David Maloney
57864cc6c9
Merge branch 'master' into staging/electro_release
2014-05-12 11:38:14 -05:00
Jeff Jarmoc
5f523e8a04
Rex::Text::uri_encode - make 'hex-all' really mean all.
...
'hex-all' encoding was previously ignoring slashes.
This pull adds 'hex-noslashes' mode which carries forward the previous functionality, and replaces all existing references to 'hex-all' with 'hex-noslashes' It then adds a replacement 'hex-all' mode, which really encodes *ALL* characters.
2014-05-12 11:26:27 -05:00
David Maloney
f84d763382
refactoring conditional logic
...
the class works but the conditional logic needs
refactoring to be smoothed out more.
2014-05-12 11:10:36 -05:00
James Lee
fe3acf08f5
Handle exceptions without error_code
...
Also sets smb_direct in attempt_login, which makes this work correctly
when port wasn't set in the constructor.
2014-05-12 10:31:11 -05:00
Luke Imhoff
c70ef2afbd
Make fastlib compatible with Pathnames
...
MSP-9606
2014-05-12 10:16:39 -05:00
Luke Imhoff
f83e8a4a4f
Add missing requires
...
MSP-9606
require 'msf/base/config' when required directly was not working.
2014-05-12 10:16:10 -05:00
James Lee
3831042dca
Add specs, validations for LoginScanner::SMB
2014-05-09 18:58:49 -05:00
James Lee
ee6a9f99b3
Add require for active_model
...
Having proper requires allows loading scanners in IRB without msfconsole
2014-05-09 18:16:19 -05:00
William Vu
453851277f
Fix missing space in prompt for back and grep
2014-05-09 17:08:45 -05:00
William Vu
4b47a9a297
Land #3339 , banner updates for Pro free trial
2014-05-09 15:25:09 -05:00
David Maloney
4e76330643
Add skeleton for VNC lgoinscanner
...
Add skeleton and specs for the VNC Loginscanner
MSP-9686
2014-05-09 11:55:15 -05:00
David Maloney
8b937b7c35
Merge branch 'master' into staging/electro_release
2014-05-09 11:46:08 -05:00
nstarke
a71be33091
Adjusting status message to be based on time
...
Previously the status message timing was determined by the number of
pairs left to process. I have adjusted the code to rely on Time.now
in order to consistently print a message out every 60 seconds.
2014-05-09 14:39:34 +00:00
Trevor Rosen
c77412d373
Merge pull request #13 from rapid7/feature/login_scanner/mysql
...
Add LoginScanner for MySQL
MSP-9676 #land
2014-05-08 15:05:24 -05:00
Trevor Rosen
894ecaafb4
Merge pull request #12 from rapid7/feature/login_scanner/pg
...
Add Postgres LoginScanner class
MSP-9679 #land
2014-05-08 14:38:56 -05:00
Lutz Wolf
66252ba9e5
support negation in portspec
2014-05-08 21:35:35 +02:00
David Maloney
42de1ab1f1
whitespace removal
2014-05-08 14:18:06 -05:00
David Maloney
d16a4a4c1d
add sane defaults to MySQl
...
MySQL LoginScanner now with sane defaults
for TCP evasion stuff
2014-05-08 13:57:58 -05:00
David Maloney
cfb13ed1bd
Merge branch 'staging/electro_release' into feature/login_scanner/mysql
2014-05-08 13:55:09 -05:00
James Lee
2d2b5ea9e4
Merge remote-tracking branch 'private/feature/login_scanner/mssql' into feature/login_scanner/smb
2014-05-08 13:45:06 -05:00
David Maloney
e0c6e90ae8
trivial cleanup work
...
whitespace and alignment stuff
2014-05-08 13:42:52 -05:00
James Lee
13fe8c0869
Default Credential#paired to true
2014-05-08 13:34:31 -05:00
David Maloney
20edabb0f5
mySQL Loginscanner with specs to match
...
This season's colours for Loginscanner is MySQL
with Unit Test Coverage applied to match.
2014-05-08 13:16:12 -05:00
William Vu
ee303aa34e
Add missing formats in lib/msf/core/db.rb comment
...
Found outside big if block. Ugh.
2014-05-08 10:27:38 -05:00
Tod Beardsley
281b000805
Typo fix for #3339
2014-05-08 10:18:19 -05:00
William Vu
b50b3820a0
Update core/db.rb comments 'n' stuff
2014-05-08 02:53:02 -05:00
William Vu
7da6a2c84c
Update db_import help with authoritative formats
...
Taken from import_filetype_detect in lib/msf/core/db.rb.
[SeeRM #8799 ]
2014-05-08 02:30:29 -05:00
David Maloney
b72f0f8ffc
try to fix bad push/revert mess
2014-05-07 18:43:37 -05:00
David Maloney
9919d54116
Revert "final touches and specs"
...
This reverts commit e025fa1791
.
2014-05-07 18:34:34 -05:00
David Maloney
e025fa1791
final touches and specs
...
add finishing touches to postgres
Loginscanner and add specs to cover
the behaviour
2014-05-07 18:32:36 -05:00