32b88c2db6
final fixes to login creation
2014-05-23 10:58:21 -05:00
85737d1235
Merge pull request #22 from rapid7/feature/MSP-9646/afp-loginscanner
...
AFP login scanner
2014-05-22 15:05:24 -05:00
e062e88081
Merge pull request #23 from rapid7/feature/MSP-9671/tomcat-loginscanner
...
Add Tomcat login scanner
2014-05-22 15:01:47 -05:00
fbacf80839
Merge branch 'staging/electro-release' into feature/MSP-9640/cred_creation
2014-05-22 14:39:17 -05:00
75d19e198b
Merge branch 'staging/electro-release' of github.com:rapid7/metasploit-framework-private into staging/electro-release
2014-05-22 14:38:53 -05:00
dcc6ed5351
Merge branch 'master' into staging/electro-release
2014-05-22 14:37:09 -05:00
ac9af000af
full cred creation rotuine done
...
creating Logins as a seperate method, both
methods are done and fully documented.
2014-05-22 13:53:26 -05:00
1dbe972377
Fix URIPATH / for BrowserExploitServer
...
[SeeRM #8804 ] Fix URIPATH / for BrowserExploitServer
2014-05-22 12:18:49 -05:00
d31908b72e
Land #3374 , RPC deadlock fix
...
[FixRM #8794 ]
2014-05-22 12:07:23 -05:00
19e36cccb3
Credential Core creation now complete
2014-05-21 16:37:13 -05:00
5d1a0397ed
Add Tomcat login scanner
2014-05-21 14:28:54 -05:00
3ea99a9d43
private creation w/ specs and docs
...
the private creation method is now done
with specs and YARD docs
2014-05-21 13:21:56 -05:00
2629549f6f
added realm creation
...
added method for creating credential realm
creation.
2014-05-21 11:22:22 -05:00
8be35b90f4
Add some more specs for AFP login scanner
2014-05-20 17:44:41 -05:00
d061d36229
Merge branch 'staging/electro-release' into feature/MSP-9646/afp-loginscanner
2014-05-20 17:25:42 -05:00
21de14ac3d
Initial stab at AFP login scanner
2014-05-20 17:08:12 -05:00
62bae8e23b
Merge pull request #21 from rapid7/feature/MSP-9687/winrm-loginscanner
...
Specs and functional steps passing.
MSP-9687 #land
2014-05-20 11:32:37 -05:00
ce69f742a4
add yarddocs to origin methods
...
added YARD docs to the creation methods for
Credential::Origins
2014-05-20 11:16:19 -05:00
38fbbdc1b5
Print tm_call one caller per line
...
MSP-9653
The inspect format was difficult to read so convert to standard
backtrace format of one caller per line.
2014-05-20 10:59:29 -05:00
8a2f05b7d2
Merge branch 'staging/electro-release' into feature/MSP-9640/cred_creation
2014-05-20 10:28:33 -05:00
0b1d9d8cd0
Merge branch 'master' into staging/electro-release
2014-05-20 10:27:55 -05:00
9cdddb08d9
origin specs for realsies
...
final specs and fixes for the origin creation
methods
2014-05-20 10:19:03 -05:00
b84aaaad19
specs and fixes for origin creation
2014-05-20 09:59:15 -05:00
ddfa4f1ee7
some origin creation specs
...
started getting working specs
for the origin creation methods. feel
into the weeds for a bit, but making progress at last.
2014-05-19 15:16:02 -05:00
9efb97d465
origin creation method
...
added base behaviour for creating generic
credential origin objects from report
2014-05-19 10:00:19 -05:00
d2ebab09aa
Add timeout for SSL renegotiation after migrating
...
[SeeRM #8794 ]
2014-05-16 15:42:46 -05:00
d9687d87f9
Merge pull request #20 from rapid7/feature/MSP-9667/db2_login
...
Specs passing post update.
MSP-9667 #land
2014-05-16 11:29:31 -05:00
02a9d7f15d
minor cleanup
...
minor style changes found in code review
2014-05-16 11:20:04 -05:00
9582d82fba
Merge remote-tracking branch 'private/staging/electro-release' into feature/MSP-9687/winrm-loginscanner
2014-05-15 13:59:48 -05:00
efd0db9c39
Merge branch 'upstream-master' into HEAD
2014-05-15 13:53:16 -05:00
472f029576
Fix random bug when workstation_name is < 6 chars
...
When the local workstation name is less than 6 characters, remote
authentication against a Windows 2008r2 WinRM service always fails. This
doesn't seem to affect authentication against IIS's negotiate
implementation.
2014-05-15 13:27:37 -05:00
8a9abb90c0
Add specs for connection error conditions
2014-05-15 10:06:17 -05:00
e9b3f10ba7
Drying up some of the status codes
...
MSP-9678
2014-05-14 17:02:26 -05:00
773fd7a9cb
Fix up whitespace
2014-05-14 15:31:40 -05:00
340956f294
Add a newline after DISCLOSURE_DATE_FORMAT
2014-05-14 15:28:07 -05:00
59050d9bf1
Add specs for WinRM, improve those for HTTP
2014-05-14 15:13:29 -05:00
99f8fbbc9c
Add WinRM login scanner
...
* Genericizes HTTP a bit to make these kinds of HTTP-based scanners
simpler and easier
* Adds support for default ports to HTTP. This should probably be
rafactored up into Base
* Removes spec that complains about port being unset (which now fails
because defaults ensure it's always set)
2014-05-14 14:35:49 -05:00
dc7a8d32d8
Land #3324 , msfconsole search timestamp fixes
2014-05-14 21:30:02 +02:00
82d32e39cc
Merge branch 'feature/MSP-9686/vnc_login' into staging/electro-release
...
MSP-9686
2014-05-14 13:24:13 -05:00
a32152ecaa
Merge branch 'staging/electro-release' into feature/MSP-9686/vnc_login
...
MSP-9686
2014-05-14 13:22:41 -05:00
fb671c72a7
Merge branch 'master' into staging/electro-release
2014-05-14 13:00:37 -05:00
acaf713229
Merge pull request #17 from rapid7/feature/MSP-9606/metasploit-credential
...
Run migrations from Metasploit::Credential and initialize its concerns which patch Mdm
2014-05-14 11:15:07 -05:00
bb6201d66d
Fixing nil bug and making format constant
...
The date format has been moved into a constant variable.
Certain modules do not have a disclosure_date. For example,
‘checkvm’. This necessitated checking disclosure_date for nil
before attempting a format conversion. Also, there was an additional
location in core.rb that needed the formatting / nil check added. Specs
were also updated appropriately.
2014-05-14 15:51:42 +00:00
6a029bee02
Merge branch 'staging/electro-release' into feature/MSP-9678/pop3-login-scanner
2014-05-14 10:13:46 -05:00
f34090946e
derp
2014-05-14 10:10:57 -05:00
06796fb27c
returning the result class
...
MSP-9678
2014-05-14 10:09:52 -05:00
2faa015bf3
some minor cleanup
...
minor edits requested by kronicdeth during
code review
2014-05-14 10:09:26 -05:00
8a9027b21d
Add better #inspect for Credential and Result
2014-05-14 10:04:40 -05:00
3c0625e393
hacking on the pop3 login scanner
...
MSP-9678
2014-05-14 09:44:23 -05:00
9fbda3eae0
Land #3183 , tab completion improvements
2014-05-14 02:20:12 -05:00
fdbfaacdf6
Land #3313 , progress feedback for PASS_FILE
...
[FixRM #8704 ]
2014-05-14 02:03:39 -05:00
1ada4831e0
Land #3293 , module deprecation constants
2014-05-14 01:37:29 -05:00
de49241195
Land #3185 , regex option validation
2014-05-14 01:27:18 -05:00
72b3c4da35
working DB2 loginscanner
...
w00t
2014-05-13 14:41:15 -05:00
162038bde4
Merge pull request #19 from rapid7/feature/login_scanner/smb
...
Specs all passing, functional steps working.
2014-05-13 14:37:13 -05:00
f5751d6a85
first pass at attempt_login for DB2
...
first pass through at the attempt_login method
for the DB2 LoginScanner. still adding specs
and possibly refactoring
2014-05-13 14:10:30 -05:00
2d7e90d5df
Remove vestigal require
2014-05-13 13:39:40 -05:00
5dcf3efd1a
skeleton for DB2 loginscanner
...
add basic skeleton and specs for the DB2
LoginScanner class.
2014-05-13 13:16:56 -05:00
91cc9dc2d6
Add missing Msf::DBManager#drivers initialization
...
MSP-9606
2014-05-13 13:01:59 -05:00
b1598e83c3
Re-enable `bundle install --without db` support
...
MSP-9606
Catch LoadError in config/application.rb when trying to require
'active_record/railtie` so that end-users can run without any of the
database gems installed. NOTE: you can't run in the development or
test environment without the database because factory_girl needs
ActiveRecord.
2014-05-12 15:39:34 -05:00
cea7b6cd77
Revert to production as default environment
...
MSP-9606
When switching to Rails.env to integrate better with railties for
Rails::Engines, I forgot that rails would default to development instead
of production.
2014-05-12 15:37:59 -05:00
3370465d84
Use railties to load Metasploit::Credential correctly
...
MSP-9606
In order to support Metasploit::Credential correctly,
metasploit-framework needs to support Metasploit::Concern, which does
all its magic using a Rails::Engine initializer, so the easiest path is
to make metasploit-framework be able to use Rails::Engines. To make
Rails::Engine use Rails::Engine, make a dummy Rails::Application
subclass so that all the initializers will be run when anything requires
msfenv.
2014-05-12 15:03:51 -05:00
2849a1bc0c
Update comment again
2014-05-12 13:10:20 -05:00
a3cc499a17
Update comment w/ all modes
2014-05-12 13:02:54 -05:00
d82bc11b7d
Add 'u-noslashes' and re-order cases for consistency.
2014-05-12 13:01:05 -05:00
57864cc6c9
Merge branch 'master' into staging/electro_release
2014-05-12 11:38:14 -05:00
5f523e8a04
Rex::Text::uri_encode - make 'hex-all' really mean all.
...
'hex-all' encoding was previously ignoring slashes.
This pull adds 'hex-noslashes' mode which carries forward the previous functionality, and replaces all existing references to 'hex-all' with 'hex-noslashes' It then adds a replacement 'hex-all' mode, which really encodes *ALL* characters.
2014-05-12 11:26:27 -05:00
f84d763382
refactoring conditional logic
...
the class works but the conditional logic needs
refactoring to be smoothed out more.
2014-05-12 11:10:36 -05:00
fe3acf08f5
Handle exceptions without error_code
...
Also sets smb_direct in attempt_login, which makes this work correctly
when port wasn't set in the constructor.
2014-05-12 10:31:11 -05:00
c70ef2afbd
Make fastlib compatible with Pathnames
...
MSP-9606
2014-05-12 10:16:39 -05:00
f83e8a4a4f
Add missing requires
...
MSP-9606
require 'msf/base/config' when required directly was not working.
2014-05-12 10:16:10 -05:00
3831042dca
Add specs, validations for LoginScanner::SMB
2014-05-09 18:58:49 -05:00
ee6a9f99b3
Add require for active_model
...
Having proper requires allows loading scanners in IRB without msfconsole
2014-05-09 18:16:19 -05:00
453851277f
Fix missing space in prompt for back and grep
2014-05-09 17:08:45 -05:00
4b47a9a297
Land #3339 , banner updates for Pro free trial
2014-05-09 15:25:09 -05:00
4e76330643
Add skeleton for VNC lgoinscanner
...
Add skeleton and specs for the VNC Loginscanner
MSP-9686
2014-05-09 11:55:15 -05:00
8b937b7c35
Merge branch 'master' into staging/electro_release
2014-05-09 11:46:08 -05:00
a71be33091
Adjusting status message to be based on time
...
Previously the status message timing was determined by the number of
pairs left to process. I have adjusted the code to rely on Time.now
in order to consistently print a message out every 60 seconds.
2014-05-09 14:39:34 +00:00
c77412d373
Merge pull request #13 from rapid7/feature/login_scanner/mysql
...
Add LoginScanner for MySQL
MSP-9676 #land
2014-05-08 15:05:24 -05:00
894ecaafb4
Merge pull request #12 from rapid7/feature/login_scanner/pg
...
Add Postgres LoginScanner class
MSP-9679 #land
2014-05-08 14:38:56 -05:00
42de1ab1f1
whitespace removal
2014-05-08 14:18:06 -05:00
d16a4a4c1d
add sane defaults to MySQl
...
MySQL LoginScanner now with sane defaults
for TCP evasion stuff
2014-05-08 13:57:58 -05:00
cfb13ed1bd
Merge branch 'staging/electro_release' into feature/login_scanner/mysql
2014-05-08 13:55:09 -05:00
2d2b5ea9e4
Merge remote-tracking branch 'private/feature/login_scanner/mssql' into feature/login_scanner/smb
2014-05-08 13:45:06 -05:00
e0c6e90ae8
trivial cleanup work
...
whitespace and alignment stuff
2014-05-08 13:42:52 -05:00
13fe8c0869
Default Credential#paired to true
2014-05-08 13:34:31 -05:00
20edabb0f5
mySQL Loginscanner with specs to match
...
This season's colours for Loginscanner is MySQL
with Unit Test Coverage applied to match.
2014-05-08 13:16:12 -05:00
ee303aa34e
Add missing formats in lib/msf/core/db.rb comment
...
Found outside big if block. Ugh.
2014-05-08 10:27:38 -05:00
281b000805
Typo fix for #3339
2014-05-08 10:18:19 -05:00
b50b3820a0
Update core/db.rb comments 'n' stuff
2014-05-08 02:53:02 -05:00
7da6a2c84c
Update db_import help with authoritative formats
...
Taken from import_filetype_detect in lib/msf/core/db.rb.
[SeeRM #8799 ]
2014-05-08 02:30:29 -05:00
b72f0f8ffc
try to fix bad push/revert mess
2014-05-07 18:43:37 -05:00
9919d54116
Revert "final touches and specs"
...
This reverts commit e025fa1791
2014-05-07 18:34:34 -05:00
e025fa1791
final touches and specs
...
add finishing touches to postgres
Loginscanner and add specs to cover
the behaviour
2014-05-07 18:32:36 -05:00
338ed7bd18
First attempt at smb login scanner
2014-05-07 16:38:56 -05:00
eecd05ec74
Fix banner language, padding.
2014-05-07 16:12:15 -05:00
c50c929412
Treat apt and binary installs the same for banners
2014-05-07 15:59:50 -05:00
7a476dc21a
fully operational lgoinscanner
...
Now you will witness the power of this fully operational
LoginScanner. fire at will, Commander!
2014-05-07 15:57:06 -05:00
ec974535ac
create base object for mssql scanner
...
created skeleton for MSSQL Loginscanner
included concerns.
also added an NTLM concern and shared example group
2014-05-07 14:43:15 -05:00
234e129523
add NTLM concern for loginscanners
...
add a new concern for LoginScanners
that provides the basic accessors and validations
for anything requiring NTLM
2014-05-07 14:28:10 -05:00
David Maloney
sinn3r
William Vu
James Lee
Samuel Huckins
Luke Imhoff
Lance Sanchez
Christian Mehlmauer
nstarke
Jeff Jarmoc
Trevor Rosen
Tod Beardsley