6a72572237
Wrap comments at 80
2014-07-31 09:41:08 -05:00
ceb8a0f5c2
Extract option require pattern to helper Module
...
MSP-10905
`Metasplot::Framework::Require.optionally` can be used to optionally
require a library and then issue a warning if the require fails or run a
block when it succeeds.
2014-07-30 10:07:53 -05:00
1a6d4843c7
Merge branch 'staging/electro-release' into bug/MSP-10905/msfconsole-database
...
MSP-10905
2014-07-29 15:52:11 -05:00
ba4891bca0
Restore Rails.groups arguments
...
MSP-10905
They don't cause a problem.
2014-07-29 15:50:52 -05:00
38da44c26b
Fix arity difference between rails and msfconsole options
...
MSP-10905
2014-07-29 14:32:42 -05:00
04541ac724
Parse msfconsole options before initializing Rails
...
MSP-10905
2014-07-29 14:07:14 -05:00
78a3263cfe
have Credentials remember their aprents
...
a Credential object can be created from several
other types of objects. Keep a reference to the originating
'parent' so we can find our way back
2014-07-29 11:20:52 -05:00
064d624322
changing Credential == operator
...
it should no longer raise no method errors when comparing a credential to
an object that doesnt respond to public, private, or realm
2014-07-23 16:17:09 -05:00
6c1a3f4992
Merge pull request #3555 from jlee-r7/bug/MSP-10817/jtr-typo
...
Now able to complete without error.
MSP-10817 #land
2014-07-23 15:55:42 -05:00
ffd7d28bc6
Merge pull request #3559 from dmaloney-r7/feature/MSP-10230/snmp_login
...
MSP-10230 #land
2014-07-23 13:59:37 -05:00
b7d15d0b08
simple fix to mysql loginscanner
...
typo caused connection_timeout default to not get set
2014-07-23 12:07:57 -05:00
e54f5e8ee7
working snmp_login module
2014-07-22 12:44:21 -05:00
c553fcac73
start refacotirng snmp_login
2014-07-22 11:46:22 -05:00
0eb4fc0ed1
community string collection
...
add community string collection to handle snmp loginscanner
credentials
2014-07-22 11:44:31 -05:00
addecb6311
Fix running shipped bins by using a config file
...
This should get everything working again.
MSP-10817
2014-07-21 18:26:50 -05:00
a2a75ffb03
Fix typo and full path issue
...
Previously, the JtR library was prepending the path to data/john/ for
shipped bins; without it, modules weren't finding the executables.
2014-07-21 17:58:27 -05:00
9db951cadc
Add sane defaults for HTTP method and path.
2014-07-21 14:57:28 -05:00
1ad04eb2d9
Merge pull request #111 from rapid7/bug/MSP-10714-gem-version
...
Fix gem version to support rubygems < 2.1
2014-07-16 13:23:33 -05:00
e637237574
Use the Rubygems 2.2 version convention
...
Substitute version dashes with ".pre.".
MSP-10714
2014-07-16 11:13:14 -05:00
044fdb8c55
Fix gem version to support rubygems < 2.1
...
MSP-10714
2014-07-15 19:02:39 -05:00
ea57ad0126
fix connection error on base
...
missed a reference to connection_error on the
loginscanner base. this would prevent us from
bailing out early if we have too many connection errors
2014-07-15 16:21:13 -05:00
34635ab968
module login status cleanup
...
cleanup several bruteforce module to
use the loginstatus constants for result status
2014-07-15 14:55:41 -05:00
9857bac6b1
add NO_AUTH_REQUIRED
2014-07-15 14:38:41 -05:00
939e585658
refactor all loginscanners
...
loginscanners now use LoginStatus constants
for the result statuses
2014-07-15 13:17:56 -05:00
846679bef9
change Result status
...
result bojects now use Login::status constants
for their status
2014-07-15 11:39:38 -05:00
f3ec386240
Merge pull request #106 from rapid7/feature/MSP-10686/stop-after-user-success
...
Feature/msp 10686/stop after user success
2014-07-14 14:56:23 -05:00
7184d2ed5e
Merge pull request #107 from rapid7/feature/MSP-9704/pop3-module-refactor
...
Refactor pop3_login
2014-07-14 13:27:11 -05:00
e68dcdbb06
Refactor pop3_login
...
Also adjusts timeout in the scanner class to account for Dovecot's
default "Authentication Penalty" delay.
See http://wiki2.dovecot.org/Authentication/Penalty
2014-07-11 17:26:49 -05:00
cc93dbbe29
Merge pull request #102 from rapid7/feature/MSP-9707/smb-bruteforce-refactor
...
Feature/msp 9707/smb bruteforce refactor
MSP-9707 #land
2014-07-11 11:33:12 -05:00
4b16985eb8
Stop trying more creds for a user after success
...
This is more like the behavior of the old AuthBrute mixin, where a
scanner module was expected to return :next_user in the block given to
each_user_pass when it successfully authenticated.
The advantage is a reduced number of attempts that are very unlikely to
be successful since we already know the password. However, note that
since we don't compare realms, this will cause a false negative in the
rare case where the same username exists with different realms on the
same service.
MSP-10686
2014-07-10 17:48:58 -05:00
097d5d68ce
Display 'realm\user' for AD instead of 'user@realm'
2014-07-10 14:31:42 -05:00
e4039c2382
Merge branch 'staging/electro-release' into feature/MSP-10679/refactor-invalidate-login
2014-07-10 14:00:28 -05:00
818bd1946d
final tweak for the http case
...
the only scenario in our final else that
would have a realm in the credential is the
http case in which case we want the realm to be there
still. otherwise the credential in this case has no
realm anyways so there is no need to strip one off
2014-07-10 12:39:01 -05:00
7dc58d060e
make only one each method
...
made the one true enumerator of credentials
for the login_scanner.
also covered the wierd http case where it can have a realm key
but no default realm.
2014-07-10 12:35:09 -05:00
a319d5270e
set default connection tiemouts
...
loginscanners should have a default connection timeout
2014-07-10 11:35:10 -05:00
1a0200f711
one more strip
2014-07-09 17:50:28 -05:00
25ee278097
strip vestigial realms
...
in the cases where we don't want a realm we should be
stripping it from the credential so we can build accurate results
2014-07-09 17:46:56 -05:00
bb3525419e
Rescue the right thing
...
MSP-9707
2014-07-09 17:44:53 -05:00
0c4e53ce5a
fix up specs
...
a whole bunch of spec changes needed for
these changes.
alos the axis2 spec was actually testing the winrm
class due to copypasta error.
2014-07-09 16:32:59 -05:00
c7b37743ef
working realm coercion
...
LoginScanners will now figure out
the right thing to do about Realms
based on attributes of the Scanner itself
2014-07-09 15:56:39 -05:00
24fced822e
coerce realm_key when it exists
...
if the cred has a realm and the loginscanner
has a realm_key, make the credential use the
scanner's realm key
2014-07-09 14:58:20 -05:00
766b50b5e0
REALM_KEY not _TYPE
...
arg typos
2014-07-09 14:01:41 -05:00
afe36ab6ad
Merge branch 'staging/electro-release' into feature/MSP-9707/smb-bruteforce-refactor
...
Conflicts:
lib/metasploit/framework/login_scanner/smb.rb
2014-07-09 12:50:24 -05:00
7325cfec64
add default realm values
...
for the scanners that take a realm
we know what the default realm to try is
so the Scanner should hold that info
2014-07-09 11:19:25 -05:00
bc18ca5762
add REALM_KEY to each LoginScanner
...
each LoginScanner should now know
what kind of REALM it takes
2014-07-09 10:53:37 -05:00
b65989ff0c
Merge pull request #100 from rapid7/bug/MSP-10661/glob-rb-files
...
Use glob instead of entries
2014-07-08 14:29:24 -05:00
567435f508
Use glob instead of entries
...
Fixes the case where a non-ruby file exists in the login_scanner/
directory
2014-07-08 11:00:33 -05:00
38419dae83
fix to_credential on core
...
the Metasploit::Credential::Core to_credential
method now seats private_type and realm_key correctly
2014-07-07 18:05:04 -05:00
2c13ff4038
Merge branch 'staging/electro-release' into feature/MSP-10656/unify-ssh-scanners
2014-07-07 16:32:39 -05:00
db8b0c907b
Merge pull request #94 from rapid7/feature/MSP-10648/login-scanner-creation
...
Feature/msp 10648/login scanner creation
2014-07-07 16:04:09 -05:00
James Lee
Luke Imhoff
David Maloney
darkbushido
Samuel Huckins
Joe Vennix
cdoughty-r7
Brandon Turner
Trevor Rosen