Add an explicit require for the new cert_provider in framework.rb
in case it has not yet been loaded.
This should address the Travis failure on initial PR, although the
gem version in socket has not been updated, so this might take a
bit to propagate. In the end, if the dependency already gives us
this functionality by the time we call Rex::Socket::Ssl then this
commit can safely be dropped
Msf relies on Rex::Socket to create TLS certificates for services
hosted in the framework and used by some payloads. These certs are
flagged by NIDS - snort sid 1-34864 and such.
Now that Rex::Socket can accept a @@cert_provider from the Msf
namespace, a more robust generation routine can be used by all TLS
socket services, provided down from Msf to Rex, using dependencies
which Rex does not include.
This work adds the faker gem into runtime dependencies, creates an
Msf::Exploit::Remote::Ssl::CertProvider namespace, and provides
API compatible method invocations with the Rex version, but able
to generate higher entropy certs with more variables, options, etc.
This should reduce the hit rate against NIDS on the wire, reducing
pesky blue team interference until we slip up some other way. Also,
with the ability to generate different cert types, we may want to
look at extending this effort to probide a more comprehensive key
oracle to Framework and consumers.
Testing:
None yet, internal tests pending.
Travis should fail as this requires rex-socket #8.
Because we do not always update the version number, multiple releases have
shown version string, which is not useful for helping debug issues, or for
knowing what features are enabled.
This adds the git hash or reads from a file a copy of the git hash (useful for
doing packaged builds without git) so that it is clear the origin of a
particular metasploit-framework version.
MSP-11605
`Msf::Framework#threads?` returns whether `Msf::Framework#threads` was
ever initialized. If `Msf::Framework#threads?` is true, then threads
need to be cleaned up, while if it is false then no threads need to be
cleaned up from the current framework.
MSP-11605
`Rex::ThreadFactory.provider` needs to be set in
`Msf::Framework#initialize`, but setting it directly to
`Msf::Framework#threads` eliminates the laziness of
`Msf::Framework#threads`. In order keep `framework.threads` lazy,
`framework` is wrapped in a
`Metasploit::Framework::ThreadFactoryProvider`, which responds to
`spawn`, which is needed by `Rex::ThreadFactory`, by calling
`framework.threads.spawn`, which lazily initialized `framework.threads`
when the first thread needs to be spawned.
MSP-11605
Switch `Msf:Framework#db` from being set in `#initialize` to a custom
method that uses `||=` to lazily initialize the `Msf::DBManager` inside
a `synchronize` block to make it thread safe.
MSP-11605
Store options `Hash` passed to `Msf::Framework#new` in `#options` so
that lazily initialized children, such as DBManager, have access to
those options.
MSP-11605
Switch `Msf::Framework#sessions` from being set in `#initialize` to a
custom method that uses `||=` to lazily initialize the
`Msf::SessionManager` inside a `synchronize` block to make it thread
safe.
MSP-11605
Switch Msf::Framework#threads to a custom method that uses `||=` to
lazily initialize the `Msf::ThreadManager` inside a `synchronize` block
to make it thread safe.
MSP-11126
Fully-qualify `Msf::MODULE_TYPES`, `Msf::MODULE_ANY`,
Msf::MODULE_ENCODER`, `Msf::MODULE_EXPLOIT`, `Msf::MODULE_NOP`,
`Msf::MODULE_AUX`, `Msf::MODULE_PAYLOAD`, `Msf::MODULE_POST` so that
their usage isn't dependent on nested lexical scoping.
MSP-10998
It's compacting of the version parts into a single float doesn't work
with APIMinor over 10, so replace with Gem::Version, which compares
parts correctly.
Matthew Kienow
christopher lee
Brent Cook
James Barnett
RageLtMan
Brent Cook
jvazquez-r7
HD Moore
root
Luke Imhoff
Brandon Turner
Tod Beardsley
Tab Assassin
Tod Beardsley
James Lee