37d0dd59e8
Clean up a little CMDStager methods
2014-06-27 08:34:56 -04:00
8db7ec683f
Fix setup and teardown stager methods
2014-06-27 08:34:55 -04:00
dd7b2fc541
Use constants
2014-06-27 08:34:55 -04:00
778f34bab6
Allow targets and modules to define compatible stagers
2014-06-27 08:34:55 -04:00
74a6de828a
Cannot delete @cmd_list, is used at least by one module
2014-06-27 08:34:55 -04:00
7ced5927d8
Use One CMDStagermixin
2014-06-27 08:34:55 -04:00
0a99b549d6
Change filenames
2014-06-27 08:34:55 -04:00
cff580162b
Move stagers
2014-06-27 08:34:55 -04:00
9991316ae6
Minor code cleanup and honor the datastore decoder.
2014-06-27 08:34:55 -04:00
80bdf750e9
Multi-fy the new printf stager and add to sshexec.
2014-06-27 08:34:55 -04:00
ae25c300e5
Initial attempt to unify the command stagers.
2014-06-27 08:34:55 -04:00
a86610dad5
Gut and delegate import_msf_pwdump
...
MSP-9848
2014-06-26 16:47:42 -05:00
56b94fea4f
pcap import now creates creds
...
refactored cred creation to use Metasploit::Credential
for captured HTTP basic auth credentials gatehered on the wire
2014-06-26 15:34:40 -05:00
b5351eec2b
adding .to_credential
...
Metasploit::Framework::Credential and Metasploit::Credential::Core
need to be consumable by the login scanners. the easiest way to do this
was to create a shared to_credential method on both that return Metasploit::Framework::Credential
MSP-9912
2014-06-26 11:05:59 -05:00
9cec330f05
Merge branch 'master' into staging/electro-release
2014-06-26 10:22:30 -05:00
27ef12bafe
Land #3478 , disallow port 0 for portspec
...
[Closes #3478 ]
2014-06-25 15:46:30 -05:00
9b35b0e13a
Revert "Land #3446 -- Meterpreter bins gem switch" due to build failures
...
This reverts commit bba8bd3498002234993f
2014-06-25 13:24:07 -05:00
97d08a081a
reverting port 0 behaviour in portspec
...
a change was made to protspec that allowed port 0
when we explicitly dissallowed port 0. This change caused
other code that depended on this behaviour to break
2014-06-25 13:07:22 -05:00
f225ac92ab
Refactor smb_login
...
Maintains the new admin check functionality added in
rapid7/metasploit-framework#3330
2014-06-25 04:13:37 -05:00
769f2e4936
Change elevator to 'elevator'
...
This would have made lots of people uhnappy.
2014-06-25 07:47:47 +10:00
ac03b7c96a
Use sorted sets extension lists
2014-06-25 03:26:25 +10:00
0fc4d10813
Fix indentation for case statements
2014-06-25 03:18:37 +10:00
bba8bd3498
Land #3446 -- Meterpreter bins gem switch
2014-06-25 03:00:11 +10:00
85611702f9
Merge branch 'upstream-master' into feature/MSP-9707/smb-bruteforce-refactor
2014-06-23 23:58:47 -05:00
002234993f
SMB lib fixes, unattend.xml cred gathering
2014-06-23 20:08:42 -05:00
b872fa0f0d
Handle smb_recv corner case with a cache, clean up find_*, cosmetic
2014-06-23 16:14:18 -05:00
94388e3931
Fix typo in the constant name
2014-06-23 12:51:26 -05:00
d6a263d538
Identify the hung host in the thread info
2014-06-22 16:01:03 -05:00
538a520445
Remove redundant option (threads are always used in reverse_tcp_double)
2014-06-22 16:00:44 -05:00
b3d83720ca
Add ReverseListenerThreaded option to prevent deadlocks
...
JodaZ reported that the handle_connection() sock.put call can
result in the entire reverse_tcp stager hanging if the client
stops receiving or is on a very slow link. The solution emulates
what ReverseTcpDouble already does, which is stage each connection
in a new thread. However, given that a high number of threads
can be a problem on some operating systems (*ahem* win32) this
option is not enabled by default.
We should look into thread pooling and handle_connection() timeouts
as well as event-based polling of multiple clients as alternatives,
but this option will improve the situation for our existing users.
2014-06-22 15:55:20 -05:00
6e5f528332
Prevent stager deadlock if inp/out detection hangs for some reason
...
Even though there are calls to has_read_data(), it doesn't prevent
the put() call from blocking in a dead client or slowaris-like
situation. By moving the inp/out detection into the thread, we
allow the main handler to keep processing connections even if
a single connection hangs.
2014-06-22 15:25:19 -05:00
05d4a1ab2c
Land #3342 , Support negation in portspec
2014-06-21 18:14:50 -04:00
35c0ef0c68
Merge branch 'feature/MSP-9716/mssql_crack' into staging/electro-release
2014-06-20 12:39:07 -05:00
2626450c38
Fix indent per @jlee-r7'e eagle eye
2014-06-20 11:52:47 -05:00
99b1702559
Merge branch 'master' into staging/electro-release
...
Conflicts:
lib/msfenv.rb
2014-06-20 11:38:47 -05:00
4203e75777
Land #3408 , @m-1-k-3's exploit for D-Link hedwig.cgi OSVDB 95950
2014-06-20 10:27:32 -05:00
2a4ed0e651
Replace all the obvious path calls to Meterpreter
...
Unfortunately, though, there seems to be a stealthy set, somewhere, of
datastore['DLL']. Not sure where yet. The stack trace in the
framework.log is:
````
[06/19/2014 17:53:34] [i(0)] core: windows/meterpreter/reverse_http: iteration 1: Successfully encoded with encoder x86/fnstenv_mov (size is
366)
[06/19/2014 17:53:35] [e(0)] rex: Proc::on_request: Errno::ENOENT: No such file or directory -
/home/todb/git/rapid7/metasploit-framework/data/meterpreter/metsrv.x86.dll
/home/todb/git/rapid7/metasploit-framework/lib/msf/core/reflective_dll_loader.rb:26:in `initialize'
/home/todb/git/rapid7/metasploit-framework/lib/msf/core/reflective_dll_loader.rb:26:in `open'
/home/todb/git/rapid7/metasploit-framework/lib/msf/core/reflective_dll_loader.rb:26:in `load_rdi_dll'
/home/todb/git/rapid7/metasploit-framework/lib/msf/core/payload/windows/reflectivedllinject.rb:56:in `stage_payload'
/home/todb/git/rapid7/metasploit-framework/lib/msf/core/handler/reverse_http.rb:212:in `on_request'
/home/todb/git/rapid7/metasploit-framework/lib/msf/core/handler/reverse_http.rb:129:in `block in setup_handler'
/home/todb/git/rapid7/metasploit-framework/lib/rex/proto/http/handler/proc.rb:38:in `call'
/home/todb/git/rapid7/metasploit-framework/lib/rex/proto/http/handler/proc.rb:38:in `on_request'
/home/todb/git/rapid7/metasploit-framework/lib/rex/proto/http/server.rb:365:in `dispatch_request'
/home/todb/git/rapid7/metasploit-framework/lib/rex/proto/http/server.rb:299:in `on_client_data'
/home/todb/git/rapid7/metasploit-framework/lib/rex/proto/http/server.rb:158:in `block in start'
/home/todb/git/rapid7/metasploit-framework/lib/rex/io/stream_server.rb:48:in `call'
/home/todb/git/rapid7/metasploit-framework/lib/rex/io/stream_server.rb:48:in `on_client_data'
/home/todb/git/rapid7/metasploit-framework/lib/rex/io/stream_server.rb:192:in `block in monitor_clients'
/home/todb/git/rapid7/metasploit-framework/lib/rex/io/stream_server.rb:190:in `each'
/home/todb/git/rapid7/metasploit-framework/lib/rex/io/stream_server.rb:190:in `monitor_clients'
/home/todb/git/rapid7/metasploit-framework/lib/rex/io/stream_server.rb:73:in `block in start'
/home/todb/git/rapid7/metasploit-framework/lib/rex/thread_factory.rb:22:in `call'
/home/todb/git/rapid7/metasploit-framework/lib/rex/thread_factory.rb:22:in `block in spawn'
/home/todb/git/rapid7/metasploit-framework/lib/msf/core/thread_manager.rb💯 in `call'
/home/todb/git/rapid7/metasploit-framework/lib/msf/core/thread_manager.rb💯 in `block in spawn'
````
Still tracking this down.
2014-06-19 18:03:11 -05:00
3c85601426
not every version has dupe supression
2014-06-19 16:28:23 -05:00
a0386f0797
Fix cmd_concat_operator
2014-06-19 15:52:55 -05:00
4453dcdc8e
some minor fixes
2014-06-19 15:45:24 -05:00
8de2109f97
Merge branch 'staging/electro-release' into feature/MSP-9696/http-bruteforce-refactor
2014-06-19 15:38:05 -05:00
9421beedb3
Refactor http_login
2014-06-19 14:12:21 -05:00
0ff8708e6d
some minor fixes
2014-06-19 13:08:43 -05:00
5815ec96df
Merge pull request #80 from rapid7/bug/MSP-10038/skip-ssh-passphrase
...
Backported net-ssh ask_passphrase functionality
MSP-10038
2014-06-19 12:53:43 -05:00
53352924d2
Merge branch 'staging/electro-release' into feature/MSP-9716/mssql_crack
...
Conflicts:
Gemfile
2014-06-19 12:45:53 -05:00
b606448976
Merge branch 'feature/MSP-9689/jtr_cracker' into staging/electro-release
2014-06-19 10:14:57 -05:00
2d9c6f832a
Moar parens!!1!!
2014-06-19 10:07:21 -05:00
594923c790
Don't overwrite ENV if it's set
2014-06-18 14:53:41 -05:00
62f4054858
startring refactor on jtr_mssql
...
started work on the mssql hash cracker
fixed some minor bugs with the underlying mixin
crackers now runs. still have to have the cred objects created
2014-06-18 14:50:08 -05:00
5beb43d200
Land #3022 , support Gemfile.local
2014-06-18 14:28:57 -05:00
fd0e24cdb2
moar docs!
2014-06-18 11:38:07 -05:00
4b4d9796c5
more minor cleanup
...
cleanup from code review
2014-06-18 11:24:55 -05:00
f24d665516
Backported net-ssh ask_passphrase functionality
...
MSP-10038
2014-06-18 11:21:17 -05:00
86f523f00c
concator handling
2014-06-18 18:15:58 +02:00
9f11170c3b
some minor cleanup on jtr stuff
...
minor cleanup to code nstyling stuff
2014-06-18 10:57:41 -05:00
58b016202b
Merge branch 'staging/electro-release' into feature/MSP-9709/ssh-pubkey
2014-06-18 10:50:29 -05:00
2b0bb608b1
Merge branch 'master' into staging/electro-release
2014-06-18 10:49:58 -05:00
5879ca3340
Merge branch 'upstream/master' into meatballs x64_injection
2014-06-18 10:24:33 +10:00
34c0b00816
don't autload this mixin
...
causes laod order problems when we try to
autoload this mixin. We will just explicitly require
2014-06-17 16:10:09 -05:00
763f6f8d80
finish cleaning up jtr mixin
...
finish cleaning up the module mixin for jtr
2014-06-17 15:16:32 -05:00
432b88680b
start fixing jtr module mixin
2014-06-17 13:27:11 -05:00
d473d86ef0
use tr instead of gsub for mutation
...
this should be another slight performance
increase as straight up string replacement
should require less overhead then multiple
runs of regex replacement.
2014-06-17 10:29:09 -05:00
6237d56398
Refactor ssh_login_pubkey
...
* Fix a bug in LoginScanner::SSHKey (which was copy-pasted from SSH)
where the ssh_socket accessor was not being set because of a
shadowing local var
* Fix a bug in the db command dispatcher where an extra column was
added to the table, causing an unhandled exception when running the
creds command
* Add a big, ugly, untested class for imitating
Metasploit::Framework::CredentialCollection for ssh keys. This class
continues the current behavoir of silently ignoring files that are a)
encrypted or b) not private keys.
* Remove unnecessary proof gathering in the module (it's already
handled by the LoginScanner class)
2014-06-16 18:38:20 -05:00
a81b0ed17b
rename method to_file
...
change method name from write to to_file
as it makes more sense for what it is is doing
and what it returns
2014-06-16 18:03:06 -05:00
95beaa4f7e
correct self-eating array nature
...
we never noticed we were modifying the array in place
because we were reculaculating. now with a memoized
version we would get decreasing results
2014-06-16 17:37:18 -05:00
a92a58417f
memoize the mutation keys
...
it was recalculating the mutation rules
everytime, and there is no reason to do this
2014-06-16 17:18:52 -05:00
f1a39ef973
enumerators all done with specs
...
the enumeration chains are now all complete with specs
so we can enumerate all the words generated by the given options.
2014-06-16 13:31:30 -05:00
9af811a2ed
we need to pass in a workspace
2014-06-15 15:52:57 -05:00
897b0b1ee5
wordlist enumerators with some specs
...
started the enumerators on the wordlist class
and began adding the specs for them
2014-06-15 13:37:50 -05:00
d38a95a352
Merge branch 'bugfixes/post-module-execution-causing-duplicate-search-results' of github.com:nstarke/metasploit-framework into nstarke-bugfixes/post-module-execution-causing-duplicate-search-results
2014-06-15 13:15:57 -05:00
a00ff5aeef
yield custom_wordlist words
2014-06-15 12:16:21 -05:00
41d6b326f2
specs for wordlist validations
...
added specs to cover the validations on
the JtR wordlist class.
2014-06-15 11:14:11 -05:00
a5fb898904
actually set max run time
...
make maxrutnime affect the crack command
2014-06-14 20:03:56 -05:00
33519b1fcd
cracker validations and specs
...
more validations and specs for the cracker class
2014-06-14 19:59:59 -05:00
10f3531bbb
add exectuable validator
...
like the filepath validator but also checks
to see if the file is exectuable by the current
users.
2014-06-14 18:01:24 -05:00
21f29c4da9
more filepath validators
...
added filepath validations to cracker
also made them all conditional validations
2014-06-14 17:54:37 -05:00
1dd69a5228
wordlist validators
...
added custom fielpath vaidator and
added validations to the wordlist class
2014-06-14 17:49:47 -05:00
466576d03f
jtr wordlist validations started
...
start adding validations and exceptions for the
JtR Wordlist class.
2014-06-14 16:16:30 -05:00
19231b7c8f
starting skeleton on wordlist class
...
start framing out JtR wordlist class that
will generate Wordlists to be passed to our
JtR cracker.
2014-06-14 15:48:25 -05:00
41f7bc1372
add common root words wordlist
...
this adds a new wordlist to the data directory.
This wordlist is compiled from statistical analysis of
common Numeric passwords and Common rootwords across
6 years of colleted password breach dumps. Every word in
this list has been seen thousands of times in password
breaches
2014-06-14 14:13:59 -05:00
873d6e5b99
add all the specs
2014-06-14 12:28:17 -05:00
9b43749916
Land #3418 - android adobe reader addjisf pdf exploit
...
Merge branch 'landing-3418' into upstream-master
2014-06-14 11:25:29 +01:00
b784bea48e
slow roll of specs for jtr cracker
...
slowly adding spec coverage for the JtR cracker
2014-06-13 16:08:56 -05:00
7187138134
start injecting sanity
2014-06-13 14:53:56 -05:00
a9bcb8b3bd
add skeleton for JtR Cracker
...
starting work on creating the JtR Cracker class
2014-06-13 11:10:12 -05:00
894af92b22
echo stager, arch_cmd
2014-06-13 11:40:50 +02:00
f452652f54
Merge pull request #61 from rapid7/feature/MSP-9708/ssh-bruteforce
...
Functional steps updated and passing, along with specs. Proof being maintained seemed off, but it's not persisted, just used for setting platform.
MSP-9708 #land
2014-06-12 18:37:44 -05:00
d215b8e5b2
Merge pull request #47 from rapid7/feature/MSP-9712/winrm-bruteforce
...
45 merged, steps passing.
MSP-9712 #land
2014-06-12 16:04:17 -05:00
df705c2edc
Gotta keep 'em sepArated.
...
MSP-9712
2014-06-12 16:03:02 -05:00
cbedea222f
Land #3416 again, now that the bins are available
...
This reverts commit 3d73414530
2014-06-12 14:53:03 -05:00
3d73414530
Revert #3416 , needs the correct bins first
...
This was a whoops on my part. I will reland this when I have the
Meterpreter bins all sorted.
This reverts commit 40b540505386e4eaaaed
2014-06-12 14:20:06 -05:00
96e492f572
Merge branch 'master' into staging/electro-release
2014-06-12 14:02:27 -05:00
40b5405053
Land #3416 , fix DWORD/QWORD bug
2014-06-12 13:59:34 -05:00
fe33444858
Merge pull request #58 from rapid7/feature/MSP-9693/db2_auth
...
Errors resolved, cred created
MSP-9693 #land
2014-06-12 12:49:54 -05:00
5fd117a015
fix userpass file stack trace
...
if an improperly formated userpass file was
supplied it could cause a stack trace. add some guarding around it
2014-06-12 12:39:36 -05:00
ed84336149
Merge pull request #60 from rapid7/feature/MSP-9992/creds-command
...
Refactor the creds command
2014-06-12 12:24:09 -05:00
289bae88de
Remove lie in comment.
2014-06-12 10:02:29 -05:00
2a7227f443
Land #3427 - Adds webcam module for firefox privileged sessions on OSX
2014-06-11 22:27:25 -05:00
c074ebda7b
refactor telnet_login
2014-06-11 17:46:42 -05:00
c8e1fab6ec
Merge branch 'staging/electro-release' into feature/MSP-9708/ssh-bruteforce
...
Conflicts:
lib/metasploit/framework/credential.rb
2014-06-11 16:28:01 -05:00
b756395eaa
Merge branch 'staging/electro-release' into feature/MSP-9712/winrm-bruteforce
...
Conflicts:
lib/metasploit/framework/credential_collection.rb
spec/lib/metasploit/framework/credential_collection_spec.rb
2014-06-11 16:21:59 -05:00
9affc753c0
Merge pull request #66 from rapid7/feature/cred-collection-prepend
...
Add ability to prepend creds to a collection
2014-06-11 14:34:54 -05:00
3a8f6236ad
Add ability to prepend creds to a collection
2014-06-11 14:30:45 -05:00
84aa0d42ed
Merge pull request #57 from rapid7/bug/MSP-10004/rubyzip
...
Trevor added a 0.4.1 tag right before this PR landed, making this unmergable. Pulled in staging/electro-release, specs passing.
2014-06-11 13:48:03 -05:00
1903542683
Merge branch 'staging/electro-release' into bug/MSP-10004/rubyzip
...
Conflicts:
Gemfile
Gemfile.lock
2014-06-11 13:42:26 -05:00
e8752f9c56
Point to correct creds version
2014-06-11 13:38:35 -05:00
9593422f9c
Merge branch 'master' into staging/electro-release
2014-06-11 10:23:56 -05:00
4b8961a464
Land #3428 , deprecation warns for payloads
2014-06-11 09:57:07 -05:00
fb8c1f4c4b
Refactor ssh_login to use LoginScanner stuffs
...
Also, Metasploit::Credential::Creation stuffs.
2014-06-10 17:30:06 -05:00
c0c1bd40a9
Fix help spec
2014-06-10 17:28:55 -05:00
82b2c1deae
Make creds command show Metasploit::Credentials
...
This attempts to change the output of the command as little as possible,
but removes the ability to add and delete for now. At some point, we'll
need to add that back in.
2014-06-10 15:03:03 -05:00
b379dc014a
Avoid double-printing with setup and init_ui
2014-06-10 13:57:25 -05:00
4d923a4809
Update to Rubyzip 1.X API
...
MSP-10004
`require 'zip'` instead of `'zip/zip'` and rename all classes to remove
redundant Zip prefix inside the Zip namespace.
2014-06-10 13:41:42 -05:00
f37ce795a1
Remove lib/zip
...
MSP-10004
2014-06-10 13:39:05 -05:00
e9d9806408
invalidate_login
...
added invalidate_login call
also made to_s on credential drop the @
if there is no realm present
2014-06-10 11:07:15 -05:00
92414d3688
Merge pull request #53 from rapid7/bug/MSP-9994/framework-db-driver
...
Set `framework.db.driver` when connection already established.
2014-06-10 10:49:00 -05:00
2cbbaad6b4
Set drivers and driver when connection already established
...
MSP-9994
3 database commands in msfconsole check for framework.db.driver to be
set, so driver must be set when the connection is already established by
the Rails initialization.
2014-06-09 14:26:59 -05:00
1ee35ec68a
Handle unconnected config in connection_established?
...
MSP-9994
Rescue `ActiveRecord::ConnectionNotEstablished` in
`Msf::DBManager#connection_established?` in addition to
`PG::ConnectionBad` to handle when the connection has been removed.
2014-06-09 14:26:45 -05:00
482aa2ea08
Merge branch 'master' into staging/electro-release
2014-06-09 10:27:22 -05:00
bf1a665259
Land #2657 , Dynamic generation of windows service executable functions
...
Allows a user to specify non service executables as EXE::Template as
long as the file has enough size to store the payload.
2014-06-07 13:28:20 +01:00
897ad6f963
Some service yarddoc
2014-06-07 13:27:32 +01:00
5218ca4d89
Give warning on module load
2014-06-06 23:04:40 +01:00
d990fb4999
Remove a number of stray edits and bs.
2014-06-06 16:24:45 -05:00
4a9f50bb60
Clean up some dead code.
2014-06-06 16:20:40 -05:00
7c762ad42c
Fix some minor bugs in webrtc stuff, inline API code.
2014-06-06 16:18:39 -05:00
4a699c2852
Merge remote-tracking branch 'upstream/pr/3416' into x64_injection
2014-06-06 20:37:12 +01:00
552899ef13
Add a couple more specs for CredentialCollection
...
Also fixes some typos in docs
2014-06-06 12:12:32 -05:00
4d53c18ac4
fix version
2014-06-06 12:07:22 -05:00
ff8e6d2c50
Merge pull request #45 from rapid7/feature/MSP-9988/credential-collection
...
Add a CredCollection class and refactor WinRM bruteforce module
2014-06-06 11:53:28 -05:00
bacf82acb1
Merge branch 'release' into 'master'
2014-06-06 09:59:00 -05:00
21be4f21a6
Bump version to 4.9.3
2014-06-06 09:52:01 -05:00
f2a56c041b
Merge branch 'staging/electro-release' into feature/MSP-9653/use-metasploit-concern-in-pro
...
MSP-9653
Conflicts:
Gemfile
Gemfile.lock
2014-06-05 16:22:02 -05:00
c61b47063d
vnc add missing exception catch
...
linux throws a different exception than osx
when the vnc client fails to connect
this caused issues with the specs running. this now
catches that additional exception
2014-06-05 15:32:08 -05:00
b1136752be
Add Credential#== to facilitate specs
2014-06-05 11:37:48 -05:00
8b6e188ba8
Add support for realm in CredentialCollection
...
MSP-9988
2014-06-04 17:03:52 -05:00
b1ff6b95b5
Better docs
2014-06-04 14:44:53 -05:00
41644970bf
Add a CredentialCollection
...
Also moves Metasploit::Framework::LoginScanner::Credential to
Metasploit::Framework::Credential
2014-06-04 13:01:09 -05:00
28bf29980e
Merge branch 'master' into staging/electro-release
2014-06-04 10:21:08 -05:00
a53955adb7
Updated more UINT TLVs to QWORDS
...
All with the goal of removing more pointer truncation issues.
2014-06-04 20:55:20 +10:00
ad15e6fe17
Merge pull request #35 from rapid7/feature/MSP-9678/pop3-login-scanner
...
Feature/msp 9678/pop3 login scanner
MSP-9678 #land
2014-06-03 12:11:17 -05:00
edc9f94d41
fixing issues raised in code review
...
MSP-9678
2014-06-03 11:15:26 -05:00
cf6b181959
Revert change to trailer(). Kill dead method.
...
* I verified that changes to PDF mixin do not affect any older modules that
generate PDF. I did this by (on each branch) running in irb, then
running the module and diffing the pdf's generated by each branch. There were
no changes.
2014-06-02 22:26:14 -05:00
9f5dfab9ea
Add better interface for specifying custom #eol.
2014-06-02 22:26:11 -05:00
09e965d54e
Remove extraneous method from pdf.rb
2014-06-02 22:26:03 -05:00
feca6c4700
Add exploit for ajsif vuln in Adobe Reader.
...
* This refactors the logic of webview_addjavascriptinterface into a mixin (android.rb).
* Additionally, some behavior in pdf.rb had to be modified (in backwards-compatible ways).
Conflicts:
lib/msf/core/exploit/mixins.rb
2014-06-02 22:25:55 -05:00
d0d389598a
Land #3086 , Android Java Meterpreter updates
...
w00t.
2014-06-02 17:28:38 -05:00
15fffb1668
Adding in some tests
...
cleaning up the regex a bit
MSP-9678
2014-06-02 13:50:30 -05:00
9e78509aac
Merge branch 'staging/electro-release' into feature/MSP-9653/use-metasploit-concern-in-pro
...
MSP-9653
Conflicts:
Gemfile
Gemfile.lock
2014-06-02 13:40:11 -05:00
ebf61bef22
Metasploit::Framework::Engine
...
MSP-9653
Rails::Engine version of Metasploit::Framework::Application that can be
used by downstream projects, like Pro to get the shared behaviors, like
modules path adding, meterpreter extension merging, and binary default
encoding.
2014-06-02 13:00:22 -05:00
9d326fcb24
Extra common engine and fix default encoding
...
MSP-9653
Extra config and initializers that can we shared between
Metasploit::Framework::Application and the future
Metasploit::Framework::Engine. Move the default encoding setup from
lib/msf/sanity.rb to a before_initialize callback for the shared config
so that gems, like gherkin that depend on the utf-8 default internal
encoding can be loaded.
2014-06-02 12:57:48 -05:00
3ebe7dfbc8
Gem version
...
MSP-9653
Move version information to standard location for gems.
2014-06-02 12:54:46 -05:00
21fad7163d
Msf::DBManager#connection_established?
...
MSP-9653
Calling `ActiveRecord::Base.establish_connection`, followed by
`ActiveRecord::Base.connected?` returns false unless some other code
requires a connection to be checked out first. The correct way to check
if the spec passed to `ActiveRecord::Base.establish_connection` is to
checkout a connection and then ask if it is active.
`Msf::DBManager#connection_established?` does the checkout, active check
and checkin, and should be used in place of
`ActiveRecord::Base.connected?` and
`ActiveRecord::Base.connection_pool.connected?`.
`Msf::DBManager#active` should still be used as it also checks for
adapter/driver usability and that migrations have run.
2014-06-02 12:49:09 -05:00
b436aeff01
msfenv compatibility with Pro
...
MSP-9653
lib/msfenv.rb should only load the framework environment to initialize
Metasploit::Framework::Application if a Rails.application is not
defined, otherwise it will clash with the Rails application in prosvc.
2014-06-02 12:41:22 -05:00
1055efbeaa
Add module paths from paths['modules'] from Rails app and engines
...
MSP-9653
Allow rails engines (and other applications, like
Metasploit::Pro::Engine::Application) to define their own module paths
using the paths['modules'] entry for Rails Applications/Engines.
2014-06-02 12:32:54 -05:00
84f5a0d499
Explicitly require gem dependencies
...
MSP-9653
2014-06-02 12:27:15 -05:00
34004908bb
Merge branch 'master' into staging/electro-release
...
Conflicts:
.ruby-version
2014-06-02 11:10:33 -05:00
bba741897e
Land #3413 , improved FileDropper cleanup message
2014-06-02 11:05:48 -05:00
f2a2975bc1
Merge branch 'staging/electro-release' into feature/MSP-9678/pop3-login-scanner
2014-06-02 10:56:54 -05:00
428df19739
Changed message
2014-06-02 17:28:09 +02:00
e3a20ae073
Merge remote-tracking branch 'upstream/pr/3416' into x64_injection
2014-06-01 16:10:53 +01:00
8346e20bf1
Change memory types from DWORD to QWORD
...
This was causing memory allocations to fail on x64 in cases where
the higher bits were set in addresses.
2014-06-01 21:27:07 +10:00
f0e9a9010e
Return nil if fail
2014-06-01 11:55:40 +01:00
a4ecd8e02d
Should return the thread object
2014-06-01 11:49:56 +01:00
58ee2ccd6e
Land #3390 , Fix have_powershell
2014-06-01 10:43:35 +01:00
03b4a29662
Clarify filedropper error message
2014-05-31 22:17:32 +02:00
dee4acdb2a
Merge pull request #27 from rapid7/feature/MSP-9725/windows_hashdump
...
Windows Hashdump post module refactor
MSP-9725 #land
2014-05-30 14:04:31 -05:00
8bcd763039
Merge pull request #26 from rapid7/feature/MSP-9685/telnet_login_scanner
...
Feature/msp 9685/telnet login scanner
MSP-9685 #land
2014-05-30 13:40:18 -05:00
782c8bd172
Merge branch 'staging/electro-release' into feature/MSP-9725/windows_hashdump
2014-05-30 13:28:35 -05:00
ba525c7b78
use metasploit-credential creation methods
2014-05-30 13:07:11 -05:00
98a23881ee
remove cred creation methods
...
removed cred creation methods from framework
and include them from the metasploit-credential gem instead
2014-05-30 11:28:53 -05:00
e3c4745879
Windows Hashdump post module refactor
...
refactor the Hashdump post module for window
to use the new cred creation methods.
Also some extra methods to do db safe checks
for record ids that we need
2014-05-29 13:20:32 -05:00
e669324366
Merge pull request #25 from rapid7/feature/MSP-9673/axis2-login-scanner
...
Add axis2 login scanner
2014-05-29 11:22:22 -05:00
2c6f89a58d
add sane default for connection timeout
2014-05-29 11:12:59 -05:00
eb04a3774a
fixes for telnet wierdness
...
had to work around the way the old
Auxiliary::Login mixin worked. Scanner
now works properly
2014-05-29 10:43:00 -05:00
aa85cb8195
Update powershell.rb
2014-05-29 05:46:32 -05:00
572e4f2bdf
Fix dumb missing options and add spec
2014-05-28 16:32:38 -05:00
1bc2140fa6
Telnet LoginScanner basics
...
basic Telnet LoginScanner with shell
specs. Need to test functionality
and write additional specs
2014-05-28 14:47:58 -05:00
0e60f08e51
Don't re-establish connection
...
MSP-9653
If ActiveRecord::Base is already connected, then don't attempt to create
the database (as it involves establishing a new connection) or
establishing a new connection after the creation. Still run the
migrations as the normal Rails::Application.initialize! will result in
ActiveRecord::Base.connected? being true even if migrations are missing.
2014-05-28 14:34:36 -05:00
747395e383
create telnet clinet mixin
...
copy paste existing stuff repurposed for use
in a real class instead of a metasploit module
2014-05-28 13:53:50 -05:00
07a61ae696
adding in changes from before my vacation..
...
MSP-9678
2014-05-28 13:18:28 -05:00
ca4c942ceb
Merge branch 'staging/electro-release' into feature/MSP-9640/cred_creation
2014-05-28 09:40:44 -05:00
967b0d49b1
Merge branch 'master' into staging/electro-release
...
Conflicts:
Gemfile
Gemfile.lock
2014-05-28 09:39:56 -05:00
deabd1c3b0
tidy the YARD
...
some more cleanup, in the YARD
docs this time.
2014-05-28 09:30:45 -05:00
3ac2182984
First stab at axis2 login scanner
2014-05-27 23:53:04 -05:00
ae1b7e564b
Update powershell.rb
2014-05-27 05:18:00 -05:00
704e4d78ca
Fix typo in client_request.rb comment
2014-05-26 23:55:48 -05:00
0133e861f8
Fix typo
2014-05-26 23:55:20 -05:00
352e14c21a
Land #3391 , all vars_get msftidy warning fixes
2014-05-26 23:41:46 -05:00
1914e0abd3
Land 3393, Add session and framework vars to irb
2014-05-26 18:50:20 +01:00
994891e9c5
Land #3383 , @wchen-r7's [FixRM #8804 ] Fix / URIPATH for BrowserExploitServer
2014-05-25 19:51:30 -05:00
77e70d8bbe
Add 2 more variables for meterpreter irb
2014-05-25 16:28:40 -04:00
da0a9f66ea
Resolved all msftidy vars_get warnings
2014-05-25 19:29:39 +02:00
42a17cc085
Update powershell.rb
...
To be clear, the shell that was tested with was 'windows/shell_reverse_tcp' delivered via 'exploit/windows/smb/psexec'
Additional changes required to fix regex to support the multiline output. Also, InstanceId uses a lower case 'D' on the platforms I tested - PowerShell 2.0 on Windows 2003, Windows 7, Windows 2008 R2 as well as PowerShell 4.0 on Windows 2012 R2.
This method doesn't appear to be used anywhere in the Metasploit codebase currently.
2014-05-25 08:59:42 -05:00
76b9273f10
Improve reliability of have_powershell
...
I have a case where on a Windows 2008 R2 host with PowerShell 2.0 the 'have_powershell' method times out. When I interactively run the command I find that the output stops after the PowerShell command and the token from 'cmd_exec' is NOT displayed. When I hit return the shell then processes the '&echo <randomstring>' and generates the token that 'cmd_exec' was looking for. I tried various versions of the PowerShell command string such as 'Get-Host;Exit(0)', '$PSVErsionTable.PSVersion', and '-Command Get-Host' but was unable to change the behavior. I found that adding 'echo. | ' simulated pressing enter and did not disrupt the results on this host or on another host where the 'have_powershell' method functioned as expected.
There may be a better solution, but this was the only one that I could find.
2014-05-25 08:07:38 -05:00
fc5436417b
Simplification
2014-05-24 23:45:21 +02:00
4fc6e402dc
Allow port 0
2014-05-24 23:44:50 +02:00
32b88c2db6
final fixes to login creation
2014-05-23 10:58:21 -05:00
ae3c334232
Getting closer. Still something f'd with local answerer.html.
2014-05-22 17:14:35 -05:00
85737d1235
Merge pull request #22 from rapid7/feature/MSP-9646/afp-loginscanner
...
AFP login scanner
2014-05-22 15:05:24 -05:00
e062e88081
Merge pull request #23 from rapid7/feature/MSP-9671/tomcat-loginscanner
...
Add Tomcat login scanner
2014-05-22 15:01:47 -05:00
fbacf80839
Merge branch 'staging/electro-release' into feature/MSP-9640/cred_creation
2014-05-22 14:39:17 -05:00
75d19e198b
Merge branch 'staging/electro-release' of github.com:rapid7/metasploit-framework-private into staging/electro-release
2014-05-22 14:38:53 -05:00
dcc6ed5351
Merge branch 'master' into staging/electro-release
2014-05-22 14:37:09 -05:00
ac9af000af
full cred creation rotuine done
...
creating Logins as a seperate method, both
methods are done and fully documented.
2014-05-22 13:53:26 -05:00
1dbe972377
Fix URIPATH / for BrowserExploitServer
...
[SeeRM #8804 ] Fix URIPATH / for BrowserExploitServer
2014-05-22 12:18:49 -05:00
d31908b72e
Land #3374 , RPC deadlock fix
...
[FixRM #8794 ]
2014-05-22 12:07:23 -05:00
19e36cccb3
Credential Core creation now complete
2014-05-21 16:37:13 -05:00
14b796acbf
First stab at refactoring webrtc mixin.
2014-05-21 15:32:29 -05:00
5d1a0397ed
Add Tomcat login scanner
2014-05-21 14:28:54 -05:00
3ea99a9d43
private creation w/ specs and docs
...
the private creation method is now done
with specs and YARD docs
2014-05-21 13:21:56 -05:00
2629549f6f
added realm creation
...
added method for creating credential realm
creation.
2014-05-21 11:22:22 -05:00
8be35b90f4
Add some more specs for AFP login scanner
2014-05-20 17:44:41 -05:00
d061d36229
Merge branch 'staging/electro-release' into feature/MSP-9646/afp-loginscanner
2014-05-20 17:25:42 -05:00
21de14ac3d
Initial stab at AFP login scanner
2014-05-20 17:08:12 -05:00
92669cd4d6
Use parser
2014-05-20 22:26:13 +01:00
0a2b79ccd1
Tidyup parser
2014-05-20 22:04:59 +01:00
09af023a71
Merge in parser
2014-05-20 21:56:35 +01:00
15313a9ab1
Dont try to read 0 structs
2014-05-20 21:55:04 +01:00
62bae8e23b
Merge pull request #21 from rapid7/feature/MSP-9687/winrm-loginscanner
...
Specs and functional steps passing.
MSP-9687 #land
2014-05-20 11:32:37 -05:00
ce69f742a4
add yarddocs to origin methods
...
added YARD docs to the creation methods for
Credential::Origins
2014-05-20 11:16:19 -05:00
38fbbdc1b5
Print tm_call one caller per line
...
MSP-9653
The inspect format was difficult to read so convert to standard
backtrace format of one caller per line.
2014-05-20 10:59:29 -05:00
8a2f05b7d2
Merge branch 'staging/electro-release' into feature/MSP-9640/cred_creation
2014-05-20 10:28:33 -05:00
0b1d9d8cd0
Merge branch 'master' into staging/electro-release
2014-05-20 10:27:55 -05:00
9cdddb08d9
origin specs for realsies
...
final specs and fixes for the origin creation
methods
2014-05-20 10:19:03 -05:00
b84aaaad19
specs and fixes for origin creation
2014-05-20 09:59:15 -05:00
ddfa4f1ee7
some origin creation specs
...
started getting working specs
for the origin creation methods. feel
into the weeds for a bit, but making progress at last.
2014-05-19 15:16:02 -05:00
9efb97d465
origin creation method
...
added base behaviour for creating generic
credential origin objects from report
2014-05-19 10:00:19 -05:00
d2ebab09aa
Add timeout for SSL renegotiation after migrating
...
[SeeRM #8794 ]
2014-05-16 15:42:46 -05:00
d9687d87f9
Merge pull request #20 from rapid7/feature/MSP-9667/db2_login
...
Specs passing post update.
MSP-9667 #land
2014-05-16 11:29:31 -05:00
02a9d7f15d
minor cleanup
...
minor style changes found in code review
2014-05-16 11:20:04 -05:00
9582d82fba
Merge remote-tracking branch 'private/staging/electro-release' into feature/MSP-9687/winrm-loginscanner
2014-05-15 13:59:48 -05:00
efd0db9c39
Merge branch 'upstream-master' into HEAD
2014-05-15 13:53:16 -05:00
472f029576
Fix random bug when workstation_name is < 6 chars
...
When the local workstation name is less than 6 characters, remote
authentication against a Windows 2008r2 WinRM service always fails. This
doesn't seem to affect authentication against IIS's negotiate
implementation.
2014-05-15 13:27:37 -05:00
048aebbdf2
Search Result Uniqueness
...
SeeRM #8754
Cast the results of the query to an array and perform the uniq
function passing a block which provides uniqueness based
on the return value, which in this instance is ‘fullname’
This was done because the uniq function in AREL cannot take
a specific field for uniqueness, and the sophistication of the query
make grouping nearly impossible. Initial testing showed negligible
speed difference to the user.
2014-05-15 17:52:11 +00:00
b85403ab8f
Revert "POST module duplicate search results"
...
This reverts commit 0bca3a2d54
2014-05-15 16:05:47 +00:00
8a9abb90c0
Add specs for connection error conditions
2014-05-15 10:06:17 -05:00
e9b3f10ba7
Drying up some of the status codes
...
MSP-9678
2014-05-14 17:02:26 -05:00
773fd7a9cb
Fix up whitespace
2014-05-14 15:31:40 -05:00
340956f294
Add a newline after DISCLOSURE_DATE_FORMAT
2014-05-14 15:28:07 -05:00
59050d9bf1
Add specs for WinRM, improve those for HTTP
2014-05-14 15:13:29 -05:00
99f8fbbc9c
Add WinRM login scanner
...
* Genericizes HTTP a bit to make these kinds of HTTP-based scanners
simpler and easier
* Adds support for default ports to HTTP. This should probably be
rafactored up into Base
* Removes spec that complains about port being unset (which now fails
because defaults ensure it's always set)
2014-05-14 14:35:49 -05:00
dc7a8d32d8
Land #3324 , msfconsole search timestamp fixes
2014-05-14 21:30:02 +02:00
82d32e39cc
Merge branch 'feature/MSP-9686/vnc_login' into staging/electro-release
...
MSP-9686
2014-05-14 13:24:13 -05:00
a32152ecaa
Merge branch 'staging/electro-release' into feature/MSP-9686/vnc_login
...
MSP-9686
2014-05-14 13:22:41 -05:00
fb671c72a7
Merge branch 'master' into staging/electro-release
2014-05-14 13:00:37 -05:00
acaf713229
Merge pull request #17 from rapid7/feature/MSP-9606/metasploit-credential
...
Run migrations from Metasploit::Credential and initialize its concerns which patch Mdm
2014-05-14 11:15:07 -05:00
bb6201d66d
Fixing nil bug and making format constant
...
The date format has been moved into a constant variable.
Certain modules do not have a disclosure_date. For example,
‘checkvm’. This necessitated checking disclosure_date for nil
before attempting a format conversion. Also, there was an additional
location in core.rb that needed the formatting / nil check added. Specs
were also updated appropriately.
2014-05-14 15:51:42 +00:00
6a029bee02
Merge branch 'staging/electro-release' into feature/MSP-9678/pop3-login-scanner
2014-05-14 10:13:46 -05:00
f34090946e
derp
2014-05-14 10:10:57 -05:00
06796fb27c
returning the result class
...
MSP-9678
2014-05-14 10:09:52 -05:00
2faa015bf3
some minor cleanup
...
minor edits requested by kronicdeth during
code review
2014-05-14 10:09:26 -05:00
8a9027b21d
Add better #inspect for Credential and Result
2014-05-14 10:04:40 -05:00
3c0625e393
hacking on the pop3 login scanner
...
MSP-9678
2014-05-14 09:44:23 -05:00
9fbda3eae0
Land #3183 , tab completion improvements
2014-05-14 02:20:12 -05:00
fdbfaacdf6
Land #3313 , progress feedback for PASS_FILE
...
[FixRM #8704 ]
2014-05-14 02:03:39 -05:00
1ada4831e0
Land #3293 , module deprecation constants
2014-05-14 01:37:29 -05:00
de49241195
Land #3185 , regex option validation
2014-05-14 01:27:18 -05:00
72b3c4da35
working DB2 loginscanner
...
w00t
2014-05-13 14:41:15 -05:00
162038bde4
Merge pull request #19 from rapid7/feature/login_scanner/smb
...
Specs all passing, functional steps working.
2014-05-13 14:37:13 -05:00
f5751d6a85
first pass at attempt_login for DB2
...
first pass through at the attempt_login method
for the DB2 LoginScanner. still adding specs
and possibly refactoring
2014-05-13 14:10:30 -05:00
2d7e90d5df
Remove vestigal require
2014-05-13 13:39:40 -05:00
5dcf3efd1a
skeleton for DB2 loginscanner
...
add basic skeleton and specs for the DB2
LoginScanner class.
2014-05-13 13:16:56 -05:00
91cc9dc2d6
Add missing Msf::DBManager#drivers initialization
...
MSP-9606
2014-05-13 13:01:59 -05:00
1a3b319262
rebase to use the mixin psexec
2014-05-13 16:04:40 +02:00
87be2e674a
Rebase on https://github.com/rapid7/metasploit-framework/pull/2831 and adapt to the new mixin
2014-05-13 16:04:40 +02:00
808f87d213
SERVICE_DESCRIPTION doesn't concern this PR
2014-05-13 16:04:39 +02:00
bb4e9e2d4d
correct error in block service_change_description
2014-05-13 16:04:39 +02:00
6332957bd2
Try to add SERVICE_DESCRIPTION options to psexec, but it doesn't seem to work...
2014-05-13 16:04:39 +02:00
bdbb70ab71
up block_service_stopped.asm
2014-05-13 16:04:39 +02:00
94f97ab963
Prevent import table overwritting by shifting entry point
2014-05-13 16:04:39 +02:00
e269c1e4f1
Improve service_block with service_stopped block to cleanly terminate service
2014-05-13 16:04:38 +02:00
c43e3cf581
Improve block_create_remote_process to point on shellcode everytime
2014-05-13 16:04:38 +02:00
25d48b7300
Add create_remote_process block, now used in exe_service generation
2014-05-13 16:04:38 +02:00
5ecebc3427
Add options `SERVICE_NAME` and `SERVICE_DISPLAYNAME` to psexec and correct service payload generation
2014-05-13 16:04:37 +02:00
0b462ceea6
refactor `to_winpe_only` code to be used by `to_win32pe_service`
2014-05-13 16:04:37 +02:00
914d15c285
fix typo
2014-05-13 16:04:37 +02:00
ca7a2c7a36
Add string_to_pushes to use non fixed size service_name
2014-05-13 16:04:37 +02:00
b3fd21b98d
Change to try to follow ruby guidelines
2014-05-13 16:04:37 +02:00
72a3e49fbb
fix typo
2014-05-13 16:04:36 +02:00
513f3de0f8
new service exe creation refreshed
2014-05-13 16:04:36 +02:00
b1598e83c3
Re-enable `bundle install --without db` support
...
MSP-9606
Catch LoadError in config/application.rb when trying to require
'active_record/railtie` so that end-users can run without any of the
database gems installed. NOTE: you can't run in the development or
test environment without the database because factory_girl needs
ActiveRecord.
2014-05-12 15:39:34 -05:00
cea7b6cd77
Revert to production as default environment
...
MSP-9606
When switching to Rails.env to integrate better with railties for
Rails::Engines, I forgot that rails would default to development instead
of production.
2014-05-12 15:37:59 -05:00
3370465d84
Use railties to load Metasploit::Credential correctly
...
MSP-9606
In order to support Metasploit::Credential correctly,
metasploit-framework needs to support Metasploit::Concern, which does
all its magic using a Rails::Engine initializer, so the easiest path is
to make metasploit-framework be able to use Rails::Engines. To make
Rails::Engine use Rails::Engine, make a dummy Rails::Application
subclass so that all the initializers will be run when anything requires
msfenv.
2014-05-12 15:03:51 -05:00
2849a1bc0c
Update comment again
2014-05-12 13:10:20 -05:00
a3cc499a17
Update comment w/ all modes
2014-05-12 13:02:54 -05:00
d82bc11b7d
Add 'u-noslashes' and re-order cases for consistency.
2014-05-12 13:01:05 -05:00
57864cc6c9
Merge branch 'master' into staging/electro_release
2014-05-12 11:38:14 -05:00
5f523e8a04
Rex::Text::uri_encode - make 'hex-all' really mean all.
...
'hex-all' encoding was previously ignoring slashes.
This pull adds 'hex-noslashes' mode which carries forward the previous functionality, and replaces all existing references to 'hex-all' with 'hex-noslashes' It then adds a replacement 'hex-all' mode, which really encodes *ALL* characters.
2014-05-12 11:26:27 -05:00
f84d763382
refactoring conditional logic
...
the class works but the conditional logic needs
refactoring to be smoothed out more.
2014-05-12 11:10:36 -05:00
fe3acf08f5
Handle exceptions without error_code
...
Also sets smb_direct in attempt_login, which makes this work correctly
when port wasn't set in the constructor.
2014-05-12 10:31:11 -05:00
c70ef2afbd
Make fastlib compatible with Pathnames
...
MSP-9606
2014-05-12 10:16:39 -05:00
f83e8a4a4f
Add missing requires
...
MSP-9606
require 'msf/base/config' when required directly was not working.
2014-05-12 10:16:10 -05:00
3831042dca
Add specs, validations for LoginScanner::SMB
2014-05-09 18:58:49 -05:00
ee6a9f99b3
Add require for active_model
...
Having proper requires allows loading scanners in IRB without msfconsole
2014-05-09 18:16:19 -05:00
453851277f
Fix missing space in prompt for back and grep
2014-05-09 17:08:45 -05:00
4b47a9a297
Land #3339 , banner updates for Pro free trial
2014-05-09 15:25:09 -05:00
4e76330643
Add skeleton for VNC lgoinscanner
...
Add skeleton and specs for the VNC Loginscanner
MSP-9686
2014-05-09 11:55:15 -05:00
8b937b7c35
Merge branch 'master' into staging/electro_release
2014-05-09 11:46:08 -05:00
a71be33091
Adjusting status message to be based on time
...
Previously the status message timing was determined by the number of
pairs left to process. I have adjusted the code to rely on Time.now
in order to consistently print a message out every 60 seconds.
2014-05-09 14:39:34 +00:00
c77412d373
Merge pull request #13 from rapid7/feature/login_scanner/mysql
...
Add LoginScanner for MySQL
MSP-9676 #land
2014-05-08 15:05:24 -05:00
894ecaafb4
Merge pull request #12 from rapid7/feature/login_scanner/pg
...
Add Postgres LoginScanner class
MSP-9679 #land
2014-05-08 14:38:56 -05:00
66252ba9e5
support negation in portspec
2014-05-08 21:35:35 +02:00
42de1ab1f1
whitespace removal
2014-05-08 14:18:06 -05:00
d16a4a4c1d
add sane defaults to MySQl
...
MySQL LoginScanner now with sane defaults
for TCP evasion stuff
2014-05-08 13:57:58 -05:00
cfb13ed1bd
Merge branch 'staging/electro_release' into feature/login_scanner/mysql
2014-05-08 13:55:09 -05:00
2d2b5ea9e4
Merge remote-tracking branch 'private/feature/login_scanner/mssql' into feature/login_scanner/smb
2014-05-08 13:45:06 -05:00
e0c6e90ae8
trivial cleanup work
...
whitespace and alignment stuff
2014-05-08 13:42:52 -05:00
13fe8c0869
Default Credential#paired to true
2014-05-08 13:34:31 -05:00
20edabb0f5
mySQL Loginscanner with specs to match
...
This season's colours for Loginscanner is MySQL
with Unit Test Coverage applied to match.
2014-05-08 13:16:12 -05:00
ee303aa34e
Add missing formats in lib/msf/core/db.rb comment
...
Found outside big if block. Ugh.
2014-05-08 10:27:38 -05:00
281b000805
Typo fix for #3339
2014-05-08 10:18:19 -05:00
b50b3820a0
Update core/db.rb comments 'n' stuff
2014-05-08 02:53:02 -05:00
7da6a2c84c
Update db_import help with authoritative formats
...
Taken from import_filetype_detect in lib/msf/core/db.rb.
[SeeRM #8799 ]
2014-05-08 02:30:29 -05:00
b72f0f8ffc
try to fix bad push/revert mess
2014-05-07 18:43:37 -05:00
9919d54116
Revert "final touches and specs"
...
This reverts commit e025fa1791
2014-05-07 18:34:34 -05:00
e025fa1791
final touches and specs
...
add finishing touches to postgres
Loginscanner and add specs to cover
the behaviour
2014-05-07 18:32:36 -05:00
338ed7bd18
First attempt at smb login scanner
2014-05-07 16:38:56 -05:00
eecd05ec74
Fix banner language, padding.
2014-05-07 16:12:15 -05:00
c50c929412
Treat apt and binary installs the same for banners
2014-05-07 15:59:50 -05:00
7a476dc21a
fully operational lgoinscanner
...
Now you will witness the power of this fully operational
LoginScanner. fire at will, Commander!
2014-05-07 15:57:06 -05:00
ec974535ac
create base object for mssql scanner
...
created skeleton for MSSQL Loginscanner
included concerns.
also added an NTLM concern and shared example group
2014-05-07 14:43:15 -05:00
234e129523
add NTLM concern for loginscanners
...
add a new concern for LoginScanners
that provides the basic accessors and validations
for anything requiring NTLM
2014-05-07 14:28:10 -05:00
e6b15541ff
replace datastore calls
...
replace datastore calls with stub
methods that will be implmeneted by the loginscanner
2014-05-07 11:41:49 -05:00
ab56583ce0
Remove dead oldwarn code, fix shortlink
2014-05-07 09:49:41 -05:00
7ed943cead
Add new rotating banners for apt installs
2014-05-07 09:39:39 -05:00
a55e2bcf19
Rework banner trailers in sprintf padding
2014-05-07 09:38:59 -05:00
9ad5ae44be
Add abstract attempt_login and cleanup some docs
2014-05-06 15:24:18 -05:00
6077135782
extract login neccisary methods
...
create new mssql mixin. extract only the methods
required for mssql_login to work and copy them
into this mixin.
2014-05-06 11:59:21 -05:00
507fe566a4
Merge branch 'master' into staging/electro_release
2014-05-06 11:36:19 -05:00
3542f851bf
Fix some yarddoc issues
2014-05-05 22:45:41 +02:00
dc38212741
Fix function parsing
2014-05-05 20:53:36 +01:00
0b886db406
Script specs and remove unknown method
2014-05-05 19:01:36 +01:00
0177e51148
Finish obfu specs and use rig
2014-05-05 18:47:25 +01:00
6ab85027a4
More spec
2014-05-05 17:47:30 +01:00
162b6a8ab9
Add output spec
2014-05-05 14:48:18 +01:00
399928cf69
Remove unnecessary requires
2014-05-05 13:37:17 +01:00
cc8ab9bcba
Support one line js payload
...
Add missing ';' in `run_cmd_source`
2014-05-05 18:57:15 +10:00
5b1a207377
cleans up numerous superfluous returns in msf/core/module
2014-05-02 19:52:58 -04:00
5e6f57f711
fix up some more specs
...
some spec cleanup and added basic specs
to the HTTP LoginScanner
2014-05-01 12:10:51 -05:00
1a5abc49d1
Merge branch 'staging/electro_release' into feature/login_scanners/mixin_refactor
...
Conflicts:
lib/metasploit/framework/login_scanner/ftp.rb
lib/metasploit/framework/login_scanner/ssh.rb
lib/metasploit/framework/login_scanner/ssh_key.rb
2014-05-01 10:19:00 -05:00
f0a8f40acd
Omitting timestamp from msfconsole search output
...
SeeRM #8795
The disclosure date field in the results from the search command
where returning with a timestamp that was almost always 00:00:00 UTC. I added a bit of date time formatting to only
include the year (4 digit), month (2 digit), and day (2 digit)
in the following format: Y-m-d. This date time formatting
applies to both searches conducted through the database instance
as well as searches performed without a database (slow search).
2014-05-01 13:41:15 +00:00
0dd22395eb
use credential objects inside results
...
altered results to just hold a credential
object instead of duplicating attributes
2014-04-30 17:17:57 -05:00
3d94a1f77d
Merge branch 'feature/http_login_scanner' into staging/electro_release
2014-04-30 16:30:46 -05:00
2483a37c04
Rexsocket mixin for LoginScanners
...
add a mixin for Rex Socket dependent behaviour
in certain Loginscanners to DRY up code more
2014-04-30 15:43:28 -05:00
6a41697955
Add require
2014-04-30 15:03:49 -05:00
a4cc311106
test base behaviour in shared examples
...
start moving specs to a shared example group
for all behaviour defined by the LoginScanner
Base
2014-04-30 14:35:29 -05:00
f1e303d400
add connection error handling
...
if we get too many connection errors
or too many errors in a row, we bail on
the host
2014-04-30 14:06:18 -05:00
a08421b30f
apply reasonable defaults
...
give each lgoinscanner the ability to select
reasonable defaults for certain attributes
2014-04-30 13:56:29 -05:00
ea8dc4db5d
Handle connection errors
...
Also fix up some yardoc issues
2014-04-30 13:33:39 -05:00
b617be3dda
Move doc to the right place
2014-04-30 13:30:42 -05:00
ad264cb031
remove dead variable
...
dead variable left in a method from
a previous code iteration. removed
2014-04-30 13:30:09 -05:00
90882f803b
use base mixin in scanners
...
refactor the LoginScanner classes to use the
new Base mixin. Still some more cleanup to be done
2014-04-30 13:29:14 -05:00
7978587428
add lgoinscanner base mixin
...
start moving common behaviour for
all LoginScanners into a mixin
2014-04-30 13:11:48 -05:00
f61ede7fd2
fix merge wonkiness
2014-04-30 10:23:20 -05:00
e5276d111d
Merge branch 'staging/electro_release' into feature/login_scanner/snmp
...
Conflicts:
lib/metasploit/framework/login_scanner/result.rb
2014-04-30 10:21:35 -05:00
e8e5a7f72b
Add initial stab at LoginScanner::HTTP
2014-04-30 00:55:45 -05:00
c3fb5bf614
fix a few clarical errors and typos
2014-04-29 22:42:26 -04:00
4bd2dabfcd
Land #3121 , new kiwi extension, with compiled bins
...
See also rapid7/meterpreter#79
2014-04-29 17:53:37 -05:00
ace9e797e1
Adding count-based print message
...
This commit removes the creation of a separate, timed
thread for printing out status messages to the user
in the case of large PASS_FILEs. This adjustment eliminates
the overheard of context switching associated with
spinning off separate threads, as well as the dangers
associated with the Thread#kill method.
2014-04-29 22:10:08 +00:00
ddee401e27
Merge branch 'feature/MSP-9684/sshkey_loginscanner' into staging/electro_release
...
MSP-9684 #land
2014-04-29 15:21:56 -05:00
5c24eab526
add snmp specific behaviour
...
add the snmp specific attempt_login behaviour
to gear this login scanner to the right protocol.
2014-04-29 14:08:30 -05:00
f1105ebe48
basic template copypasta
...
copy the ssh scanner as a template to
start the SNMP scanner from
2014-04-29 10:14:23 -05:00
00b9c99c89
fix class documentation copypasta
2014-04-29 10:13:11 -05:00
08b2974454
fix class documentation
2014-04-29 10:12:26 -05:00
2b4006089b
Land #3298 , @wvu-r7's fix for db_import and its spec
2014-04-28 17:29:52 -05:00
eb98ea2d31
Large pass_file hangs login modules
...
SeeRM #8704
When running a *_login module that contains a large PASS_FILE
the module appears to hang while it is creating the combinations over
such a large dataset. The solution proposed in the Redmine task
requested that the user be alerted with some sort of progress feedback
if the process takes an excessive amount of time.
I have added a message that logs to the console that contains the
number of pairs left to be constructed before the module will continue.
The verbiage is fairly arbitrary and should probably be updated to
something that might be more descriptive. Likewise, the sleep
interval may need to be adjusted.
2014-04-28 21:45:14 +00:00
8a4c7b22ed
Land #3296 - Refactors firefox js usage into a mixin
2014-04-28 15:22:55 -05:00
7fad215f3e
Merge branch 'bug/9582-metasploit-imports-and-tasks' into upstream-master
...
Land #3299
2014-04-28 10:47:23 -05:00
b860cecad6
Function spec (doesnt pass)
2014-04-28 14:09:39 +01:00
0bca3a2d54
POST module duplicate search results
...
Running a POST module in meterpreter was causing duplicate search
results for the executed module. For example, running
post/windows/gather/checkvm would produce duplicate results for that
module when executing “search checkvm” in msf.
Debugging revealed that the cmd_exec function in meterpreter’s ui
command_dispatcher core was creating the specified module, and then
promptly reloading it. The reload function was causing the duplicate
module_detail record to be written to the msg postgres database
instance. Further analysis revealed that the “original_mod” could be
used for running the post module, so the “reloaded_mod” was removed
and the “original_mod” used in it’s place to run the post module.
SeeRM #8754
2014-04-27 20:31:32 +00:00
696eee1ada
Add Outpost24 to db_import help
2014-04-25 14:27:44 -05:00
0fcfb9d655
add proxies to ssh scanner
...
allow the SSH LoginScanner
to accept a proxy directive
2014-04-25 14:22:21 -05:00
35a039848c
add sshkey loginscanner
...
added the loginscanner class for SSHKey and
the base specs
2014-04-25 14:21:08 -05:00
8031e50d35
Make Exploitation::Powershell testable
...
Example test
2014-04-26 13:27:25 +01:00
98d2b2293b
Unnecessary return
2014-04-26 13:05:47 +01:00
be10c8e4ac
Split Rex::Exploitation::Powershell::* into individual files
2014-04-26 12:59:43 +01:00
8f43c229b1
Passing the Mdm::Task down the chain
...
when reporting hosts from an Mdm::Task we need to pass the task all
the way down. this wasnt done for the metasploit import format.
2014-04-25 11:15:39 -05:00
2346d583ed
touchups and specsfor FTP Scanner
...
add some final touchups and specs to the FTP
Loginscanner object. now fully working.
2014-04-25 11:02:15 -05:00
838a444b23
first pass of FTP LoginScanner
...
made the first pass at the ftp
LoginScanner, with base specs.
Need to still tierate, add more new
specs and clean it up
2014-04-25 10:14:48 -05:00
19dd21abaf
Remove duplicate methods
2014-04-25 15:40:03 +01:00
206184007f
Move methods and rename file so it is run by rspec
2014-04-25 15:16:15 +01:00
f94d1f6546
Refactors firefox js usage into a mixin.
2014-04-24 15:09:48 -05:00
1f9cf8c68f
add the mixins for tcp and ftp
...
skimmed down, non-module dependent mixins
for TCP client and Ftp client. neccesary for
loginscanner work
2014-04-24 13:39:04 -05:00
087bcbdce1
Merge branch 'master' into staging/electro_release
2014-04-24 09:50:18 -05:00
3a66723741
nake scan! more generic
...
scan! can now be reused for each scanner and
only attempt_login is specific for each thing.
2014-04-24 09:43:39 -05:00
e556997bf7
Land #3269 (Pro) fix report import issue
2014-04-24 08:27:06 -05:00
ec1f7d644c
Support deprecation information from constants
2014-04-23 23:03:02 -04:00
ed8f87d3cf
allow scan! to take a blcok
...
by allowing scan! to take block
and yield the result of each attempt
we can do things like have a module print out
status messages
2014-04-23 12:41:10 -05:00
72a2849bf1
Better specs
...
90.6% line coverage in Exploit::Powershell
77.32% in Rex::Exploitation::Powershell and haven't even started
writing those specs...
2014-04-23 08:07:42 +01:00
0137fdb690
Prepend sleep should be an int
2014-04-23 07:29:51 +01:00
61b8fb7921
Remove puts
2014-04-23 06:15:28 +01:00
32fa8748a8
Fix up decompress
2014-04-23 05:20:54 +01:00
11526b59a6
Boolean datastore options should always be present
...
Dont evaluate true/false as 'true'/'false'!
2014-04-23 05:03:16 +01:00
1347649a47
Remove unused EOFs
2014-04-23 02:37:07 +01:00
01bfad3489
Correct datastore values
2014-04-23 02:08:57 +01:00
e774411b63
Revert Enum removal
...
.NET 4.5 has two constructors with 2 args so this becomes ambiguous
2014-04-23 02:06:14 +01:00
d2e8e07cfe
Fix old powershell generation
2014-04-23 01:58:02 +01:00
dd38a81dfc
Fix a @parma
2014-04-23 01:10:13 +01:00
647936e291
Add more yarddoc to Rex::Exploitation::Powershell
...
encode_code doesn't use eof
no need to unicode encode in gzip as this is handled by encode_code
2014-04-23 01:07:54 +01:00
88fe619c48
Yarddoc exploit::powershell
2014-04-23 00:15:55 +01:00
jvazquez-r7
Spencer McIntyre
Trevor Rosen
David Maloney
Lance Sanchez
Matt Buck
Chris Doughty
James Lee
OJ
HD Moore
Tod Beardsley
Fernando Arias
Michael Messner
scriptjunkie
Tim Wright
Samuel Huckins
joev
sinn3r
Luke Imhoff
Meatballs
Brandon Turner
William Vu
Christian Mehlmauer
Tom Sellers
Lutz Wolf
nstarke
agix
Florian Gaultier
Jeff Jarmoc
Brendan Coles
Joshua Smith
Lance Sanchez
Rob Fuller