4ef3de84f3
get some more test cases
2014-08-01 14:34:17 +01:00
1fb4216d6d
Update spec
2014-08-01 12:08:03 +01:00
374c6532fa
add to_hash to Credential
...
begining of the chain to DRYing up
credential reporting in the loginscanner
2014-07-31 18:10:48 -05:00
ad6eed01a2
.to_credential now assigns a parent
...
Metasploit::Credential::Core#to_credential will set the parent to the original core objext
Metasploit::Framework::Credential#to_credential also sets the parent to itself.
2014-07-31 14:52:27 -05:00
53b66f3b4a
Land #2075 , Powershell Improvements
2014-07-31 00:49:39 +01:00
77d99b7374
Land #3586 , fix msfconsole when running without db
...
Conflicts:
Gemfile.lock
metasploit-framework.gemspec
2014-07-30 17:24:21 -05:00
ef59d88f64
Fix spec failure due to workspace mismatch
...
Also fixes intermittent failure from FactoryGirl picking a heinous
Origin type.
2014-07-30 11:26:35 -05:00
e4f665fe72
Require 'active_record/railtie' for specs
...
MSP-10905
2014-07-30 11:10:02 -05:00
2efeb850ee
Added spec to lib/msf/http/jboss
2014-07-29 02:04:57 +02:00
9e9244830a
Added spec for lib/msf/http/jboss
...
Also renamed get_undeploy_bsh and get_undeploy_stager to
gen_undeploy_bsh and gen_undeploy_stager to be consistent
with the other functions
2014-07-29 01:57:04 +02:00
79fe342688
Land #3558 , @FireFart's improvements to wordpress mixin
2014-07-28 09:52:20 -05:00
c65db18090
Add rudimentary specs and fix some help wording
2014-07-28 09:19:09 -05:00
064d624322
changing Credential == operator
...
it should no longer raise no method errors when comparing a credential to
an object that doesnt respond to public, private, or realm
2014-07-23 16:17:09 -05:00
baff003ecc
extracted check version to module
...
also added some wordpress specs and applied
rubocop
2014-07-22 17:02:35 +02:00
14fa49cdeb
Update spec to handle Mdm::Service#proto sequence
...
MSP-10029
Mdm::Service factories were changed in metasploit_data_models 0.19.0 to
use a sequence that cycles between 'tcp' and 'udp'. To make the spec
clearer, just hard-code the protos under test instead of relying on
default behavior.
2014-07-22 09:47:35 -05:00
ef12a632f6
Change filename
2014-07-22 08:20:32 -05:00
72c2c07495
Add the specs, really
2014-07-21 17:39:51 -05:00
ffafd4c01f
Add NTP fuzzer from @jhart-r7
...
Looks good to me!
2014-07-21 12:38:12 -05:00
474ee81807
Merge remote-tracking branch 'upstream/master' into pr2075
2014-07-20 21:01:54 +01:00
b28343842f
Address @jhart-r7's comments
2014-07-20 21:00:34 +01:00
8fe508207c
Merge Meatballs' gpp_again pull into new branch
2014-07-19 11:10:14 -05:00
25f74b79b8
Land #3484 , bad pack/unpack specifier fix
2014-07-16 14:52:23 -05:00
7583ed4950
Merge remote-tracking branch 'upstream/master' into pr2075
2014-07-16 20:34:34 +01:00
4fb58202fa
Land #3529 - Handle Rex::AddressInUse exception
2014-07-16 13:57:41 -05:00
52a29856b3
Merge branch 'master' into staging/electro-release
...
Conflicts:
Gemfile
Gemfile.lock
2014-07-16 09:38:44 -05:00
eff2defdde
Fix bug due to Metasploit::Model::Login::Status refactor
...
MSP-10718
2014-07-16 04:14:45 -05:00
939e585658
refactor all loginscanners
...
loginscanners now use LoginStatus constants
for the result statuses
2014-07-15 13:17:56 -05:00
4098979448
Add spec
2014-07-15 13:06:53 -05:00
846679bef9
change Result status
...
result bojects now use Login::status constants
for their status
2014-07-15 11:39:38 -05:00
4b16985eb8
Stop trying more creds for a user after success
...
This is more like the behavior of the old AuthBrute mixin, where a
scanner module was expected to return :next_user in the block given to
each_user_pass when it successfully authenticated.
The advantage is a reduced number of attempts that are very unlikely to
be successful since we already know the password. However, note that
since we don't compare realms, this will cause a false negative in the
rare case where the same username exists with different realms on the
same service.
MSP-10686
2014-07-10 17:48:58 -05:00
e4039c2382
Merge branch 'staging/electro-release' into feature/MSP-10679/refactor-invalidate-login
2014-07-10 14:00:28 -05:00
147c6d8160
Merge branch 'feature/MSP-10660/realm_adjustments' into staging/electro-release
2014-07-10 13:52:21 -05:00
8833429987
make shared example usage more readable
...
this seems less obtuse
2014-07-10 12:58:13 -05:00
7dc58d060e
make only one each method
...
made the one true enumerator of credentials
for the login_scanner.
also covered the wierd http case where it can have a realm key
but no default realm.
2014-07-10 12:35:09 -05:00
87e6ede123
Merge branch 'master' into staging/electro-release
2014-07-10 08:44:12 -05:00
0daa395007
Fix specs for LoginError cases
2014-07-09 18:11:20 -05:00
25ee278097
strip vestigial realms
...
in the cases where we don't want a realm we should be
stripping it from the credential so we can build accurate results
2014-07-09 17:46:56 -05:00
038d1e210a
Merge upstream/master to deconflict.
...
Conflicts:
Gemfile.lock
2014-07-09 17:43:42 -05:00
0c4e53ce5a
fix up specs
...
a whole bunch of spec changes needed for
these changes.
alos the axis2 spec was actually testing the winrm
class due to copypasta error.
2014-07-09 16:32:59 -05:00
c7b37743ef
working realm coercion
...
LoginScanners will now figure out
the right thing to do about Realms
based on attributes of the Scanner itself
2014-07-09 15:56:39 -05:00
24fced822e
coerce realm_key when it exists
...
if the cred has a realm and the loginscanner
has a realm_key, make the credential use the
scanner's realm key
2014-07-09 14:58:20 -05:00
766b50b5e0
REALM_KEY not _TYPE
...
arg typos
2014-07-09 14:01:41 -05:00
afe36ab6ad
Merge branch 'staging/electro-release' into feature/MSP-9707/smb-bruteforce-refactor
...
Conflicts:
lib/metasploit/framework/login_scanner/smb.rb
2014-07-09 12:50:24 -05:00
aeda74f394
Merge branch 'master' into staging/electro-release
...
Conflicts:
Gemfile
Gemfile.lock
2014-07-07 16:41:23 -05:00
2c13ff4038
Merge branch 'staging/electro-release' into feature/MSP-10656/unify-ssh-scanners
2014-07-07 16:32:39 -05:00
db8b0c907b
Merge pull request #94 from rapid7/feature/MSP-10648/login-scanner-creation
...
Feature/msp 10648/login scanner creation
2014-07-07 16:04:09 -05:00
c4c7ff519f
Merge pull request #96 from rapid7/feature/MSP-10657/add-private-type
...
Add private_type and realm_key accessors to Framework::Credential
2014-07-07 15:43:18 -05:00
4d4b8078f8
Unify SSH specs as well
2014-07-07 13:41:08 -05:00
71cbbc5388
Merge branch 'feature/MSP-10648/login-scanner-creation' into feature/MSP-10656/unify-ssh-scanners
2014-07-07 13:19:34 -05:00
b7cfc927c4
Add private_type and realm_key accessors
2014-07-07 13:07:28 -05:00
cff2e1a1c1
And remove specs referencing obsolete accessors
2014-07-07 12:37:14 -05:00
325d2d25b9
Fix requires and derp typos
2014-07-07 10:09:45 -05:00
14b1ed5290
Add spec for comma separated cookies
2014-07-06 16:23:43 -05:00
311f43f1e4
Constpocalypse
2014-07-03 18:49:46 -05:00
405de05e4b
Add specs for module_flavors
2014-07-03 10:31:39 -05:00
bc3ac1ee36
Correct private message format, update tests
2014-07-03 08:27:27 -07:00
b7a55d402d
Add likely service ports and names for HTTP
2014-07-02 23:41:31 -05:00
9dde47a0bc
Add a simple classes_for_service method
2014-07-02 23:31:56 -05:00
1830bdc7a5
Add rspec coverage for Rex::Proto::NTP
2014-07-01 12:29:47 -07:00
4ff211ec8d
Fix the spec to allow for 1 or more spaces between
2014-06-30 13:18:43 -05:00
8b63d3d467
Revert the revert of #3446
...
This reverts commit 9b35b0e13a
2014-06-29 17:22:21 -05:00
0a6a5a0a12
Merge pull request #92 from rapid7/feature/MSP-9912/metamodule-refactor-ssh-key
...
Feature/msp 9912/metamodule refactor ssh key
2014-06-27 11:48:57 -05:00
c1877cfba2
fixing the broken to_credential test
...
MSP-9912
2014-06-27 10:06:38 -05:00
1b4b4fd1c0
Update the cmdstager spec ArgumentError text
2014-06-27 08:34:57 -04:00
dcd0e77f9e
Change #compatible? method name because it's used by Module
2014-06-27 08:34:56 -04:00
af568c856a
Add CMStager specs
2014-06-27 08:34:56 -04:00
b5351eec2b
adding .to_credential
...
Metasploit::Framework::Credential and Metasploit::Credential::Core
need to be consumable by the login scanners. the easiest way to do this
was to create a shared to_credential method on both that return Metasploit::Framework::Credential
MSP-9912
2014-06-26 11:05:59 -05:00
9cec330f05
Merge branch 'master' into staging/electro-release
2014-06-26 10:22:30 -05:00
27ef12bafe
Land #3478 , disallow port 0 for portspec
...
[Closes #3478 ]
2014-06-25 15:46:30 -05:00
07d548caeb
dropping lib from shared examples
...
MSP-9912
2014-06-25 14:32:43 -05:00
42bfe8ba4f
make portspec specs not insane
...
the specs for the portspec_to_portlist method
need a lot of work. this gives us some btter minimum coverage
2014-06-25 14:10:06 -05:00
9b35b0e13a
Revert "Land #3446 -- Meterpreter bins gem switch" due to build failures
...
This reverts commit bba8bd3498002234993f
2014-06-25 13:24:07 -05:00
f225ac92ab
Refactor smb_login
...
Maintains the new admin check functionality added in
rapid7/metasploit-framework#3330
2014-06-25 04:13:37 -05:00
bba8bd3498
Land #3446 -- Meterpreter bins gem switch
2014-06-25 03:00:11 +10:00
85611702f9
Merge branch 'upstream-master' into feature/MSP-9707/smb-bruteforce-refactor
2014-06-23 23:58:47 -05:00
c71eb1aa4e
Add specs for changed object UI
2014-06-22 13:05:17 -05:00
53d0aba305
Add some specs for changed object Priv
2014-06-22 12:54:10 -05:00
05d4a1ab2c
Land #3342 , Support negation in portspec
2014-06-21 18:14:50 -04:00
f90e8f00e5
Add the first few specs
...
Coverage for meterpreter and client core, just the bits I'm changing. I
intend to make liberal use of doubles, since they're easier than mocks
and all I care about is the changed behavior. I refuse to fall into a
trap where I need to first spec out aaaaaalllll of Metepreter just to
make this one change.
2014-06-20 13:18:55 -05:00
99b1702559
Merge branch 'master' into staging/electro-release
...
Conflicts:
lib/msfenv.rb
2014-06-20 11:38:47 -05:00
4203e75777
Land #3408 , @m-1-k-3's exploit for D-Link hedwig.cgi OSVDB 95950
2014-06-20 10:27:32 -05:00
330caa8c13
Fix specs
2014-06-20 00:08:55 -05:00
ee62428248
Add specs
2014-06-19 18:13:14 -05:00
af99c0c01e
Remove `should_receive(:with_connection)` from specs
...
MSP-10127
Causes specs to randomly fail when with_connection calls from
before(:each) or after(:each) are intercepted by the should_receive
call.
2014-06-19 16:24:53 -05:00
d9b7a320ae
fix more broken specs
2014-06-19 14:07:39 -05:00
2ac2dc9d7a
2 minor spec fixes
2014-06-19 13:23:37 -05:00
b606448976
Merge branch 'feature/MSP-9689/jtr_cracker' into staging/electro-release
2014-06-19 10:14:57 -05:00
ccf967fdfe
added support to msfpayload to use elf so payload target
2014-06-19 00:59:49 -05:00
f1a39ef973
enumerators all done with specs
...
the enumeration chains are now all complete with specs
so we can enumerate all the words generated by the given options.
2014-06-16 13:31:30 -05:00
9af811a2ed
we need to pass in a workspace
2014-06-15 15:52:57 -05:00
897b0b1ee5
wordlist enumerators with some specs
...
started the enumerators on the wordlist class
and began adding the specs for them
2014-06-15 13:37:50 -05:00
a00ff5aeef
yield custom_wordlist words
2014-06-15 12:16:21 -05:00
8ada0804bd
add valid! spec
2014-06-15 11:22:43 -05:00
41d6b326f2
specs for wordlist validations
...
added specs to cover the validations on
the JtR wordlist class.
2014-06-15 11:14:11 -05:00
a5fb898904
actually set max run time
...
make maxrutnime affect the crack command
2014-06-14 20:03:56 -05:00
33519b1fcd
cracker validations and specs
...
more validations and specs for the cracker class
2014-06-14 19:59:59 -05:00
466576d03f
jtr wordlist validations started
...
start adding validations and exceptions for the
JtR Wordlist class.
2014-06-14 16:16:30 -05:00
873d6e5b99
add all the specs
2014-06-14 12:28:17 -05:00
300baa577c
moar specs!
2014-06-13 17:34:16 -05:00
b784bea48e
slow roll of specs for jtr cracker
...
slowly adding spec coverage for the JtR cracker
2014-06-13 16:08:56 -05:00
7187138134
start injecting sanity
2014-06-13 14:53:56 -05:00
a9bcb8b3bd
add skeleton for JtR Cracker
...
starting work on creating the JtR Cracker class
2014-06-13 11:10:12 -05:00
d215b8e5b2
Merge pull request #47 from rapid7/feature/MSP-9712/winrm-bruteforce
...
45 merged, steps passing.
MSP-9712 #land
2014-06-12 16:04:17 -05:00
ed84336149
Merge pull request #60 from rapid7/feature/MSP-9992/creds-command
...
Refactor the creds command
2014-06-12 12:24:09 -05:00
b756395eaa
Merge branch 'staging/electro-release' into feature/MSP-9712/winrm-bruteforce
...
Conflicts:
lib/metasploit/framework/credential_collection.rb
spec/lib/metasploit/framework/credential_collection_spec.rb
2014-06-11 16:21:59 -05:00
3a8f6236ad
Add ability to prepend creds to a collection
2014-06-11 14:30:45 -05:00
c0c1bd40a9
Fix help spec
2014-06-10 17:28:55 -05:00
552899ef13
Add a couple more specs for CredentialCollection
...
Also fixes some typos in docs
2014-06-06 12:12:32 -05:00
9b9de12a38
Merge branch 'master' into staging/electro-release
...
Conflicts:
lib/msf/core/framework.rb
2014-06-06 12:04:53 -05:00
ff8e6d2c50
Merge pull request #45 from rapid7/feature/MSP-9988/credential-collection
...
Add a CredCollection class and refactor WinRM bruteforce module
2014-06-06 11:53:28 -05:00
90b52814b1
fix some spec issues for recent changes
2014-06-06 11:52:49 -05:00
82464bd6aa
Update version spec
2014-06-06 10:16:44 -05:00
f2a56c041b
Merge branch 'staging/electro-release' into feature/MSP-9653/use-metasploit-concern-in-pro
...
MSP-9653
Conflicts:
Gemfile
Gemfile.lock
2014-06-05 16:22:02 -05:00
5ae5448005
Join killed threads to ensure cleanup
...
MSP-9653
2014-06-05 12:40:24 -05:00
33a9f8c43f
Add spec for userpass_file
2014-06-05 11:54:59 -05:00
45c26343a1
Add spec for pass_file
2014-06-05 11:51:11 -05:00
b1136752be
Add Credential#== to facilitate specs
2014-06-05 11:37:48 -05:00
262deac155
Fixing the failing specs
...
for some reason on my box sock.closed? isnt being called. stubbing it out
Kernel.select is being called and cant cast a mock object to an IO object
ok to fix this I'm stubbing select on the scanner object then the call wont
get passed onto the Kernel module
2014-06-05 11:21:34 -05:00
41644970bf
Add a CredentialCollection
...
Also moves Metasploit::Framework::LoginScanner::Credential to
Metasploit::Framework::Credential
2014-06-04 13:01:09 -05:00
ca63d2201e
Update init_module_paths spec to match Rails::Engine behavior
...
MSP-9653
2014-06-02 14:26:35 -05:00
1295028595
Remove unneeded MetasploitDataModels.require_models
...
MSP-9653
Models are loaded using railties features.
2014-06-02 13:54:38 -05:00
15fffb1668
Adding in some tests
...
cleaning up the regex a bit
MSP-9678
2014-06-02 13:50:30 -05:00
f2a2975bc1
Merge branch 'staging/electro-release' into feature/MSP-9678/pop3-login-scanner
2014-06-02 10:56:54 -05:00
8bcd763039
Merge pull request #26 from rapid7/feature/MSP-9685/telnet_login_scanner
...
Feature/msp 9685/telnet login scanner
MSP-9685 #land
2014-05-30 13:40:18 -05:00
98a23881ee
remove cred creation methods
...
removed cred creation methods from framework
and include them from the metasploit-credential gem instead
2014-05-30 11:28:53 -05:00
e669324366
Merge pull request #25 from rapid7/feature/MSP-9673/axis2-login-scanner
...
Add axis2 login scanner
2014-05-29 11:22:22 -05:00
d95b0497a7
add more specs
...
added more specs around telnet specific validations
2014-05-29 11:11:19 -05:00
572e4f2bdf
Fix dumb missing options and add spec
2014-05-28 16:32:38 -05:00
1bc2140fa6
Telnet LoginScanner basics
...
basic Telnet LoginScanner with shell
specs. Need to test functionality
and write additional specs
2014-05-28 14:47:58 -05:00
07a61ae696
adding in changes from before my vacation..
...
MSP-9678
2014-05-28 13:18:28 -05:00
821a62627a
final spec cleanup
2014-05-28 09:56:26 -05:00
ca4c942ceb
Merge branch 'staging/electro-release' into feature/MSP-9640/cred_creation
2014-05-28 09:40:44 -05:00
967b0d49b1
Merge branch 'master' into staging/electro-release
...
Conflicts:
Gemfile
Gemfile.lock
2014-05-28 09:39:56 -05:00
c975d4dc49
some minor cleanup items
2014-05-28 09:26:19 -05:00
da0a9f66ea
Resolved all msftidy vars_get warnings
2014-05-25 19:29:39 +02:00
2b75a53c93
Add basic rspec for portspec_to_portlist
2014-05-24 23:46:26 +02:00
85737d1235
Merge pull request #22 from rapid7/feature/MSP-9646/afp-loginscanner
...
AFP login scanner
2014-05-22 15:05:24 -05:00
fbacf80839
Merge branch 'staging/electro-release' into feature/MSP-9640/cred_creation
2014-05-22 14:39:17 -05:00
19e36cccb3
Credential Core creation now complete
2014-05-21 16:37:13 -05:00
5d1a0397ed
Add Tomcat login scanner
2014-05-21 14:28:54 -05:00
3ea99a9d43
private creation w/ specs and docs
...
the private creation method is now done
with specs and YARD docs
2014-05-21 13:21:56 -05:00
2629549f6f
added realm creation
...
added method for creating credential realm
creation.
2014-05-21 11:22:22 -05:00
8be35b90f4
Add some more specs for AFP login scanner
2014-05-20 17:44:41 -05:00
d061d36229
Merge branch 'staging/electro-release' into feature/MSP-9646/afp-loginscanner
2014-05-20 17:25:42 -05:00
21de14ac3d
Initial stab at AFP login scanner
2014-05-20 17:08:12 -05:00
09af023a71
Merge in parser
2014-05-20 21:56:35 +01:00
62bae8e23b
Merge pull request #21 from rapid7/feature/MSP-9687/winrm-loginscanner
...
Specs and functional steps passing.
MSP-9687 #land
2014-05-20 11:32:37 -05:00
8a2f05b7d2
Merge branch 'staging/electro-release' into feature/MSP-9640/cred_creation
2014-05-20 10:28:33 -05:00
9cdddb08d9
origin specs for realsies
...
final specs and fixes for the origin creation
methods
2014-05-20 10:19:03 -05:00
b84aaaad19
specs and fixes for origin creation
2014-05-20 09:59:15 -05:00
ddfa4f1ee7
some origin creation specs
...
started getting working specs
for the origin creation methods. feel
into the weeds for a bit, but making progress at last.
2014-05-19 15:16:02 -05:00
d9687d87f9
Merge pull request #20 from rapid7/feature/MSP-9667/db2_login
...
Specs passing post update.
MSP-9667 #land
2014-05-16 11:29:31 -05:00
9582d82fba
Merge remote-tracking branch 'private/staging/electro-release' into feature/MSP-9687/winrm-loginscanner
2014-05-15 13:59:48 -05:00
efd0db9c39
Merge branch 'upstream-master' into HEAD
2014-05-15 13:53:16 -05:00
8a9abb90c0
Add specs for connection error conditions
2014-05-15 10:06:17 -05:00
e9b3f10ba7
Drying up some of the status codes
...
MSP-9678
2014-05-14 17:02:26 -05:00
59050d9bf1
Add specs for WinRM, improve those for HTTP
2014-05-14 15:13:29 -05:00
99f8fbbc9c
Add WinRM login scanner
...
* Genericizes HTTP a bit to make these kinds of HTTP-based scanners
simpler and easier
* Adds support for default ports to HTTP. This should probably be
rafactored up into Base
* Removes spec that complains about port being unset (which now fails
because defaults ensure it's always set)
2014-05-14 14:35:49 -05:00
dc7a8d32d8
Land #3324 , msfconsole search timestamp fixes
2014-05-14 21:30:02 +02:00
82d32e39cc
Merge branch 'feature/MSP-9686/vnc_login' into staging/electro-release
...
MSP-9686
2014-05-14 13:24:13 -05:00
a32152ecaa
Merge branch 'staging/electro-release' into feature/MSP-9686/vnc_login
...
MSP-9686
2014-05-14 13:22:41 -05:00
fb671c72a7
Merge branch 'master' into staging/electro-release
2014-05-14 13:00:37 -05:00
acaf713229
Merge pull request #17 from rapid7/feature/MSP-9606/metasploit-credential
...
Run migrations from Metasploit::Credential and initialize its concerns which patch Mdm
2014-05-14 11:15:07 -05:00
bb6201d66d
Fixing nil bug and making format constant
...
The date format has been moved into a constant variable.
Certain modules do not have a disclosure_date. For example,
‘checkvm’. This necessitated checking disclosure_date for nil
before attempting a format conversion. Also, there was an additional
location in core.rb that needed the formatting / nil check added. Specs
were also updated appropriately.
2014-05-14 15:51:42 +00:00
08a7acef3f
Make sure fail case is correct
...
`rand(1000)` would return 0 one in a thousand times, causing this test to
randomly fail at that interval
2014-05-14 10:22:47 -05:00
162038bde4
Merge pull request #19 from rapid7/feature/login_scanner/smb
...
Specs all passing, functional steps working.
2014-05-13 14:37:13 -05:00
2a13010bfb
Fix faulty spec
2014-05-13 14:15:00 -05:00
f5751d6a85
first pass at attempt_login for DB2
...
first pass through at the attempt_login method
for the DB2 LoginScanner. still adding specs
and possibly refactoring
2014-05-13 14:10:30 -05:00
5dcf3efd1a
skeleton for DB2 loginscanner
...
add basic skeleton and specs for the DB2
LoginScanner class.
2014-05-13 13:16:56 -05:00
3370465d84
Use railties to load Metasploit::Credential correctly
...
MSP-9606
In order to support Metasploit::Credential correctly,
metasploit-framework needs to support Metasploit::Concern, which does
all its magic using a Rails::Engine initializer, so the easiest path is
to make metasploit-framework be able to use Rails::Engines. To make
Rails::Engine use Rails::Engine, make a dummy Rails::Application
subclass so that all the initializers will be run when anything requires
msfenv.
2014-05-12 15:03:51 -05:00
638ae477d9
Fix up spec. Rex::Proto::Http::ClientRequest handles & and = outside of Rex::Text::uri_encode, so mode doesn't affect them.
...
Fix erroneous typo char.
2014-05-12 12:10:30 -05:00
cba39a9a04
Adds spec for 'hex-all' mode
2014-05-12 12:01:06 -05:00
7f98d1630e
specs for VNC Loginscanner
...
cover remaining behaviour for the
VNC LoginScanner class.
2014-05-12 11:29:27 -05:00
5f523e8a04
Rex::Text::uri_encode - make 'hex-all' really mean all.
...
'hex-all' encoding was previously ignoring slashes.
This pull adds 'hex-noslashes' mode which carries forward the previous functionality, and replaces all existing references to 'hex-all' with 'hex-noslashes' It then adds a replacement 'hex-all' mode, which really encodes *ALL* characters.
2014-05-12 11:26:27 -05:00
f84d763382
refactoring conditional logic
...
the class works but the conditional logic needs
refactoring to be smoothed out more.
2014-05-12 11:10:36 -05:00
3831042dca
Add specs, validations for LoginScanner::SMB
2014-05-09 18:58:49 -05:00
4e76330643
Add skeleton for VNC lgoinscanner
...
Add skeleton and specs for the VNC Loginscanner
MSP-9686
2014-05-09 11:55:15 -05:00
8b937b7c35
Merge branch 'master' into staging/electro_release
2014-05-09 11:46:08 -05:00
c77412d373
Merge pull request #13 from rapid7/feature/login_scanner/mysql
...
Add LoginScanner for MySQL
MSP-9676 #land
2014-05-08 15:05:24 -05:00
894ecaafb4
Merge pull request #12 from rapid7/feature/login_scanner/pg
...
Add Postgres LoginScanner class
MSP-9679 #land
2014-05-08 14:38:56 -05:00
42de1ab1f1
whitespace removal
2014-05-08 14:18:06 -05:00
cfb13ed1bd
Merge branch 'staging/electro_release' into feature/login_scanner/mysql
2014-05-08 13:55:09 -05:00
2d2b5ea9e4
Merge remote-tracking branch 'private/feature/login_scanner/mssql' into feature/login_scanner/smb
2014-05-08 13:45:06 -05:00
13fe8c0869
Default Credential#paired to true
2014-05-08 13:34:31 -05:00
20edabb0f5
mySQL Loginscanner with specs to match
...
This season's colours for Loginscanner is MySQL
with Unit Test Coverage applied to match.
2014-05-08 13:16:12 -05:00
102eb85277
Update CommandDispatcher::Db spec
2014-05-08 03:05:49 -05:00
b72f0f8ffc
try to fix bad push/revert mess
2014-05-07 18:43:37 -05:00
9919d54116
Revert "final touches and specs"
...
This reverts commit e025fa1791
2014-05-07 18:34:34 -05:00
e025fa1791
final touches and specs
...
add finishing touches to postgres
Loginscanner and add specs to cover
the behaviour
2014-05-07 18:32:36 -05:00
acbff23c32
final wrap-up specs
...
successkid.jpg
2014-05-07 16:07:18 -05:00
ec974535ac
create base object for mssql scanner
...
created skeleton for MSSQL Loginscanner
included concerns.
also added an NTLM concern and shared example group
2014-05-07 14:43:15 -05:00
507fe566a4
Merge branch 'master' into staging/electro_release
2014-05-06 11:36:19 -05:00
dc38212741
Fix function parsing
2014-05-05 20:53:36 +01:00
e946046de5
Add methods spec
2014-05-05 19:08:18 +01:00
0b886db406
Script specs and remove unknown method
2014-05-05 19:01:36 +01:00
0177e51148
Finish obfu specs and use rig
2014-05-05 18:47:25 +01:00
6ab85027a4
More spec
2014-05-05 17:47:30 +01:00
162b6a8ab9
Add output spec
2014-05-05 14:48:18 +01:00
589d235a80
Simple param spec
2014-05-05 13:46:52 +01:00
5e6f57f711
fix up some more specs
...
some spec cleanup and added basic specs
to the HTTP LoginScanner
2014-05-01 12:10:51 -05:00
0dd22395eb
use credential objects inside results
...
altered results to just hold a credential
object instead of duplicating attributes
2014-04-30 17:17:57 -05:00
4995fcdced
Shared Examples for RexSocket mixin
...
shared example group for the Loginscanner RexSocket
mixin. Pretty simple stuff, just trying to keep it
DRY.
2014-04-30 15:47:52 -05:00
1cd3f3f0da
finished first shared example group
...
base behaviour is now defined in shared
example group and the specs all use that
shared example group
2014-04-30 14:40:37 -05:00
a4cc311106
test base behaviour in shared examples
...
start moving specs to a shared example group
for all behaviour defined by the LoginScanner
Base
2014-04-30 14:35:29 -05:00
a08421b30f
apply reasonable defaults
...
give each lgoinscanner the ability to select
reasonable defaults for certain attributes
2014-04-30 13:56:29 -05:00
e5276d111d
Merge branch 'staging/electro_release' into feature/login_scanner/snmp
...
Conflicts:
lib/metasploit/framework/login_scanner/result.rb
2014-04-30 10:21:35 -05:00
ddee401e27
Merge branch 'feature/MSP-9684/sshkey_loginscanner' into staging/electro_release
...
MSP-9684 #land
2014-04-29 15:21:56 -05:00
e8ea6a86b5
add specs for snmp
...
add specs for the snmp loginscanner
and modify the specs to Result class
to account for the access_level attribute
2014-04-29 14:49:35 -05:00
2b4006089b
Land #3298 , @wvu-r7's fix for db_import and its spec
2014-04-28 17:29:52 -05:00
b860cecad6
Function spec (doesnt pass)
2014-04-28 14:09:39 +01:00
c02fb21c3b
Finalized specs for sshkey
...
shkey loginscanner now compelte along
with specs
2014-04-25 15:20:33 -05:00
9964548b41
Amend spec for db_import help
2014-04-25 14:28:29 -05:00
e2d6a57db1
fix spec filename
...
had an extra underscore
2014-04-25 14:27:10 -05:00
0fcfb9d655
add proxies to ssh scanner
...
allow the SSH LoginScanner
to accept a proxy directive
2014-04-25 14:22:21 -05:00
35a039848c
add sshkey loginscanner
...
added the loginscanner class for SSHKey and
the base specs
2014-04-25 14:21:08 -05:00
3ae8c3ff46
Basic specs
2014-04-25 18:14:39 +01:00
8031e50d35
Make Exploitation::Powershell testable
...
Example test
2014-04-26 13:27:25 +01:00
318ae46085
Remove puts
2014-04-26 12:59:19 +01:00
3f5cc13bf8
Better eof test
2014-04-25 17:15:12 +01:00
2346d583ed
touchups and specsfor FTP Scanner
...
add some final touchups and specs to the FTP
Loginscanner object. now fully working.
2014-04-25 11:02:15 -05:00
838a444b23
first pass of FTP LoginScanner
...
made the first pass at the ftp
LoginScanner, with base specs.
Need to still tierate, add more new
specs and clean it up
2014-04-25 10:14:48 -05:00
d85e4b1313
Error if encode_inner and encode_final
2014-04-25 15:47:36 +01:00
ae574bec2b
Correct spec
2014-04-25 15:42:48 +01:00
5b9ec72395
Remove read_script spec
2014-04-25 15:40:52 +01:00
206184007f
Move methods and rename file so it is run by rspec
2014-04-25 15:16:15 +01:00
3a66723741
nake scan! more generic
...
scan! can now be reused for each scanner and
only attempt_login is specific for each thing.
2014-04-24 09:43:39 -05:00
72a2849bf1
Better specs
...
90.6% line coverage in Exploit::Powershell
77.32% in Rex::Exploitation::Powershell and haven't even started
writing those specs...
2014-04-23 08:07:42 +01:00
58c3bf0e59
Further speccage
2014-04-23 06:08:39 +01:00
c4cfa42e5b
More specs
2014-04-23 02:37:19 +01:00
36dd10e1c2
add the renamed spec
...
renamed spec for credential class
forgot to add it
2014-04-22 11:05:58 -05:00
526bb4989a
more explicit requires
...
LoginScanner module brings in all the deps
while the individual classes require
the module then to get their deps.
2014-04-22 10:28:01 -05:00
645eef51b7
Rename CredDetail to Credential
...
it was felt this was better naming
for the class. Refactored all occurence
2014-04-22 10:25:36 -05:00
f35314b9f0
adjust Msf::Util::EXE for newer file output
...
Newer releases of File have a much different output when given a jar
file. Adjust regex per egyp7's suggestion to close bug 8792 on redmine.
Failure/Error: verify_bin_fingerprint(format_hash, bin)
expected: /zip/i
got: "/dev/stdin: Java archive data (JAR)\n" (using =~)
Tested and confirmed working with file 5.17 on Gentoo Linux.
2014-04-22 02:21:09 -05:00
f079d3f3a9
move requires into module
...
move all the requires into the LoginScanner
module area to clean up requires
2014-04-21 19:14:50 -05:00
9c6528f13f
use the CredDetail class
...
now that we have the new CredDetail
class, use it instead of hashes
2014-04-21 18:58:23 -05:00
1a6ef8dced
allow for balnk passwords
...
have to alter validation slightly
to allow for blank passwords
2014-04-21 18:57:28 -05:00
fd1777a79f
add CredDetail class
...
rather than passing dumb hashes around
added a CredDetail class that comes
with it's own conditional validations
2014-04-21 18:26:38 -05:00
de2bb7d66c
dd tests for #scan!
...
the scan! method is mostly done
and has unit tests
2014-04-21 17:59:50 -05:00
2e11f80a98
refactor to use Result class
...
we now use a Result class to handle
all result codes from the login attempt
2014-04-21 15:35:16 -05:00
d313047532
add loginscanner result class
...
add a result class to have more
tightly defined return values from
the loginscanner classes
2014-04-21 15:11:56 -05:00
aa1d1be786
do not create sessions with scanner
...
the session creation behaviour is
currently inextricably linked to module
behaviour. We will have our scanner class
only return success status. The calling module
will be responsible for opening sessions afterwards.
2014-04-21 11:38:48 -05:00
67f44072ca
Merge remote-tracking branch 'upstream/master' into pr2075
2014-04-19 18:45:55 +01:00
9a15a2be04
basic login attempt functionality
...
groundowkr now layed for trying
authentication attempts on the
SSH LoginScanner, with test coverage
2014-04-18 20:08:28 -05:00
85349ccec4
SSH connection exception handling
...
added in the exception handling
around the Net::SSH conenction
in attempt_login
2014-04-18 18:13:05 -05:00
17b4d4a416
Add more attributes and validations
...
Added some more attributes neccesary
for the actual running of the login scan
as well as accompanying validations and
specs
2014-04-18 16:23:35 -05:00
613612eecb
Merge branch 'master' into feature/ssh_login_scanner
2014-04-18 11:16:18 -05:00
756488b581
last of the validations
...
finalized validation for SSH lgoinscanner
2014-04-16 13:34:23 -05:00
bf20ed5812
add validations for cred_details
...
Adds validator for the cred_details
attribute on the SSH Login Scanner.
Makes sure propper input is always supplied
for the scanner.
2014-04-16 13:20:14 -05:00
434391c308
add host validations to ssh scanner
...
add validations to the :host attribute
on the SSH LoginScanner
2014-04-16 10:26:00 -05:00
7a4e12976c
First little bit at Bug 8498
...
[FixRM #8489 ] rhost/rport modification
2014-04-15 18:20:16 -05:00
60c879c824
specs for port validation
...
created specs for port validation
MSP-9683
2014-04-15 17:25:55 -05:00
02a17b8612
namespace change to Metasploit
...
chaning the code to live in the namespace of
Metasploit::Framework instead of Msf::Auxiliary
MSP-9683
2014-04-15 17:11:25 -05:00
38d8df4040
Merge remote-tracking branch 'upstream/master' into pr2075
...
Conflicts:
modules/exploits/windows/local/wmi.rb
2014-04-15 22:06:45 +01:00
3c9507c30c
Adds invalid exception class
...
adds an invalid exception class to the
LoginScanner namespace.
MSP-9683
2014-04-15 13:23:24 -05:00
e4a61e2730
Fix Module.new bug and test for vhost
2014-04-14 18:01:13 -05:00
7b6b94acd5
Land #3247 - Revert #3224 jsobfu string size fixes
2014-04-12 00:58:27 -05:00
e09f887c4c
Revert "Fixes large-string expansion in JSObfu."
...
This reverts commit 14fed8c610
2014-04-11 16:51:47 -05:00
68a50e3663
Land #3224 - Fixes large-string expansion in JSObfu
2014-04-10 12:09:22 -05:00
ea8c15ba47
Land #3241 back into master
2014-04-11 15:08:01 -05:00
bbc72c3e1c
Update spec to reflect the correct version.
2014-04-11 12:29:26 -05:00
14fed8c610
Fixes large-string expansion in JSObfu.
2014-04-09 15:45:48 -05:00
9779913060
Land #3184 , Rex::Proto::Http::Client IOError fix
2014-04-03 15:58:50 -05:00
3504ddc633
Fix http spec.
2014-04-03 14:50:54 -05:00
92c6113a7c
Fix broken spec for Rex::Text.randomize_space
2014-04-02 11:48:50 -05:00
8ab03f3aeb
Use Array#sample in randomize_space
2014-04-01 14:09:07 -05:00
ec7bb6de54
Land #2969 , random name generator for phishing
2014-04-01 13:00:55 -05:00
35d3e064b2
Update spec for #3162
2014-03-28 21:18:26 -05:00
355cda0a43
Add specs for random name and e-mail methods
...
Babby's first RSpec. Style is consistent with the rest of the tests.
2014-03-28 16:47:52 -05:00
617e916511
fix specs from change
...
spec changes to go with the previous code change
2014-03-18 13:52:17 -05:00
b431bf3da9
Land #3052 - Fix nil error in BES
2014-03-11 12:51:03 -05:00
78393057fe
Fix failing spec
2014-03-10 16:40:46 -05:00
5790547d34
Start undoing some work.
2014-03-04 17:01:53 -06:00
2a87973d3c
Use be instead of eq.
2014-03-03 21:55:12 -06:00
a382b78f80
Oops, $ and _ need to be in the spec.
...
* Repeats the random check 20 times for each spec.
2014-03-03 21:54:09 -06:00
bfecf9525d
Add Rex::RandomIdentifierGenerator.
2014-03-03 16:43:49 -06:00
e8b10db73b
Dropped a space.
2014-03-03 15:48:44 -06:00
1352e5eacb
Add presence spec.
2014-03-03 15:47:30 -06:00
b3ab8f7ce1
Make random_var_name public, add specs for it.
2014-03-03 15:39:56 -06:00
6574a06bc3
Whitespace fix.
2014-03-02 20:55:07 -06:00
4514e32df8
Remove spec changes, oops.
2014-03-02 20:54:22 -06:00
894d16af80
Add specs for new/returning/previous visitors.
2014-03-02 20:50:10 -06:00
b458b8ad63
Add specs for new methods.
2014-03-02 20:23:20 -06:00
2885ebcb40
Merge remote-tracking branch 'upstream/master' into pr2075
2014-03-02 20:57:02 +00:00
1ca690eccf
Do some rspec
2014-03-02 20:37:08 +00:00
8be99fc299
Fix payload_generator.format_payload rspec
...
The platform should match.
2014-02-25 16:37:21 -06:00
a098c08f2f
pend out bad spec
2014-02-13 15:44:05 -06:00
f7a4dc967d
remove obsolete msfvenom spec
2014-02-05 16:38:44 -06:00
b3db623277
add shellcode file fixture
...
add shellcode file fixture for specs
2014-02-05 11:01:40 -06:00
508f251db2
add cli compat
...
add cli capability to putut verbose info to the console
2014-02-05 11:00:57 -06:00
fc9105d862
final generation and specs
...
generation wrapped method complete with specs
2014-02-04 17:52:20 -06:00
4dcae920f8
add specs for generate_java_payload
...
pretty self-explanatory
2014-02-04 17:40:59 -06:00
70d8246791
finish wiring up the final generation
...
formating and main generate methods wired up
still need to add some final tests
2014-02-04 15:52:18 -06:00
c8b7dc30b4
added encoding routines
...
now has a method for encoding the shellcode
and tests to go with
2014-02-03 17:51:22 -06:00
3b648346da
starting in on encoders
...
added get_encoders method to find propper encoders
started on encode_payload, incomplete
added specs
2014-02-03 00:59:08 -06:00
4a82bc74cf
added nop sled generator
...
added code to prepend a nop sled
with tests to match
2014-02-02 22:51:12 -06:00
3e945418df
specs for added shellcode
...
add specs around adding extra shellcode to the payload
2014-02-02 22:17:52 -06:00
bb5f5542f0
generating raw payload bits now
...
added raw payload generation, arch selection,
and specs for everything thus far
2014-02-02 21:09:17 -06:00
f9c31f988e
test platform selection
...
added tests around platform selection
2014-02-02 16:52:41 -06:00
f5d730e874
write specs around initialiser
...
added specs around object initialisation
2014-02-02 16:05:11 -06:00
e265d6f54c
begining of payload generator
...
started basics of generator
started adding specs
added option to simple framework to disable logging
2014-02-02 14:35:16 -06:00
9db295769d
Land #2905 , @wchen-r7's update of exploit checks
2014-01-24 16:49:33 -06:00
2ea3b46988
Remove to_s inside #{}
2014-01-23 14:21:48 -06:00
5073d3201f
Update rspec for ms08_067 check
...
The original version doesn't return a check if the host is invalid,
looks like it was forgotten. The new version will return Unknown
instead.
2014-01-22 16:10:14 -06:00
0a3ee573bc
Uncomment spec_helper require
2014-01-22 11:58:10 -06:00
2b7a993f65
Land #2902 , updated PJL spec
2014-01-22 11:57:28 -06:00
90207628cc
Land #2666 , SSLCompression option
...
[SeeRM #823 ], where Stephen was asking for SSL compression for
Meterpreter -- this isn't that, but it's at least now possible for other
Metasploit functionality.
2014-01-22 10:42:13 -06:00
1c1597973e
Update PJL rspec to comply with guidelines
...
Basically the updated version is more explicit. If a moethod doesn't
return anything but might raise an error, then we focus on that.
Also use . to # for instance methods.
2014-01-22 03:34:49 -06:00
a1eba03d1f
Land #2725 - Rex::Proto::PJL plus modules
2014-01-16 15:57:38 -06:00
6110ad72b3
Update tests and ensure full coverage
2014-01-16 15:11:04 -06:00
ad832adfc1
Land #2846 - Update mipsle shell_bind_tcp shellcode
2014-01-13 17:37:08 -06:00
41807d7e4e
move rev_http uri checksum code
...
need access to the uri checksum
routines outside of the handler.
moved them to their own mixin
and then mixed into the handler.
added specs also
2014-01-13 15:18:16 -06:00
7b206d6094
Ensure full coverage
2014-01-12 23:10:47 -06:00
f9fc54980a
retab
2014-01-12 22:54:43 -06:00
b8dd4b08c8
Add rspec
2014-01-12 22:53:11 -06:00
65b50b236d
Put classes under a module
2014-01-12 15:54:56 -06:00
02d5931739
Add method scan_by_checksum for virustotal.rb
...
Allows the user to scan files based on checksusm (without actually
uploading them to VT)
2014-01-12 15:45:16 -06:00
bd91e36e06
Land #2851 , @wchen-r7's virustotal integration
2014-01-10 19:12:56 -06:00
cacd7ff9d4
Land #2827 - Add firefox js xpcom payloads for universal ff shells
2014-01-10 14:29:32 -06:00
862f0e27b3
Modify msfvenom spec
2014-01-09 18:30:46 -06:00
b43a221959
Land #2855 , Rex::Socket refactor and specs
2014-01-09 16:20:50 -06:00
442c98bc05
Add spec for fixed bug
2014-01-09 15:18:03 -06:00
1519af33f5
Refactor `getaddress` in terms of `getaddresses`
2014-01-09 11:03:24 -06:00
01f350964f
Add specs for some stuff in Rex::Socket
2014-01-09 10:19:19 -06:00
9ddef2fbc9
Update rpsec and the script
2014-01-08 13:22:38 -06:00
cc51c2033e
Fix unreliable spec
...
Sometimes "localhost" resolves to more than one address
2014-01-08 10:16:32 -06:00
b7ce3c5812
Add rspec
2014-01-08 02:34:43 -06:00
9c23910b69
Refactor Socket::Range
...
There was really no reason for it to inherit from Array. Also adds a few
more specs and gets coverage up to a more respectable percentage.
2014-01-07 16:31:55 -06:00
2ed9772080
Fix unhandled exceptions when resolution fails
2014-01-07 12:00:04 -06:00
a6b25d3323
Add failing spec for invalid hostname bug
2014-01-06 17:49:27 -06:00
d00acccd4f
Remove Java target, since it no longer works.
2014-01-04 21:22:47 -06:00
694cb11025
Add firefox platform, architecture, and payload.
...
* Enables chrome privilege exploits in firefox to run a javascript cmd
shell session without touching the disk.
* Adds a spec for the addon_generator.
2014-01-02 10:48:28 -06:00
59be4316fe
Land #2793 , Msf::Util::EXE RSpec failure fix
2014-01-01 21:50:18 -06:00
cce354762d
Altered case by request
2013-12-31 16:09:11 -08:00
2cc4fa35cf
Land #2785 , @todb-r7's support for post modules on msfcli
2013-12-23 12:05:40 -06:00
fc792bdaae
Fix for Rspec failure in Msf::Util::EXE
...
[FixRM #8723 ]
2013-12-21 02:49:44 -07:00
52a4e55804
Land #2781 - Firefox 5.0 - 15.0.1 __exposedProps__ XCS Code Execution
2013-12-20 11:25:50 -06:00
ca23b32161
Add support for Procs in browserexploit requirements.
2013-12-19 12:49:05 -06:00
709a7bfb99
Land #2754 - Created standalone module for cpassword AES decrypt
2013-12-19 12:13:21 -06:00
284b3507ce
Convert gpp_standalone.rb into a standalone script in tools
2013-12-19 12:10:00 -06:00
6422ad2145
Adds ability to load post modules in msfcli
...
This is mainly important for normal load testing. It'd be unusual to
actually want to use this functionality with msfcli since post modules
already need established sessions in order to do something.
[SeeRM #8719 ]
2013-12-19 11:53:40 -06:00
764fd09cc3
Increase duration timeout task manager
...
Sometimes, Jenkins or Travis is slow, and can't hit that 1 second
timeout. This increases to 5 seconds to account for local slowness.
2013-11-25 10:26:51 -06:00
b015dd4f1c
Land #2532 Enum LSA Secrets
...
With refactoring of common methods from smart_hashdump, hashdump,
cachedump to Windows::Post::Privs
2013-11-24 18:09:33 +00:00
3ff9da5643
Remove compression options from client sockets.
...
I couldn't verify that it was working, as it always sends 1 compression type of NULL.
2013-11-20 14:41:45 -06:00
f8b57d45cd
Reenable the client SSLCompression advanced option.
...
Add spec for some of the additions to Rex::Proto::Http::Client
2013-11-20 01:03:13 -06:00
d7b022de5a
Land #2598 , offline updates and msfupdate refactor
2013-11-19 15:58:29 -06:00
a79e137a7a
Fix db_spec
2013-11-19 14:07:41 -06:00
e6c43bfe34
Allow stubbing stdin in msfupdate
2013-11-15 17:15:15 -06:00
823aa3a6f7
Validate arguments to msfupdate before updating
2013-11-15 17:01:08 -06:00
730edc4bf5
Always exit from maybe_wait_and_exit
...
Previously calling maybe_wait_and_exit wouldn't actually exit. This was
the wrong behavior.
2013-11-15 17:00:41 -06:00
8ea83ed1c6
Test the old wait/nowait behavior
2013-11-15 15:31:01 -06:00
Meatballs
David Maloney
darkbushido
James Lee
Luke Imhoff
us3r777
jvazquez-r7
Christian Mehlmauer
Tod Beardsley
scriptjunkie
William Vu
sinn3r
Matt Buck
Jon Hart
HD Moore
Lance Sanchez
Spencer McIntyre
Matt Buck
Chris Doughty
OJ
navs
Samuel Huckins
Brandon Turner
Trevor Rosen
Lutz Wolf
nstarke
Jeff Jarmoc
Lance Sanchez
Rick Farina (Zero_Chaos)
joev
Timothy Swartz