4ea2daa96a
Minor cleanup
2014-07-11 09:50:22 -05:00
51cfa168b1
Fix deprecation information
2014-07-11 09:47:30 -05:00
46f5282fd3
Land #3455 , @m-1-k-3's exploit for DLink UPNP M-Search Command Injection
2014-07-11 09:39:05 -05:00
611b8a1b6d
Modify title and ranking
2014-07-11 09:35:21 -05:00
a9b92ee581
Change module filename
2014-07-11 09:17:56 -05:00
36c6e74221
Do minor fixes
2014-07-11 09:17:34 -05:00
f29050b6b2
Use MSF_ROOT instead of MSP_ROOT
2014-07-10 20:22:50 -05:00
4b16985eb8
Stop trying more creds for a user after success
...
This is more like the behavior of the old AuthBrute mixin, where a
scanner module was expected to return :next_user in the block given to
each_user_pass when it successfully authenticated.
The advantage is a reduced number of attempts that are very unlikely to
be successful since we already know the password. However, note that
since we don't compare realms, this will cause a false negative in the
rare case where the same username exists with different realms on the
same service.
MSP-10686
2014-07-10 17:48:58 -05:00
074632043f
Update meterpreter binaries
2014-07-10 16:36:48 -05:00
dbe9b47937
lands 3469, fixes handler deadlock in corner cases
...
May affect the following RM issues which need to be retested:
https://dev.metasploit.com/redmine/issues/8407
https://dev.metasploit.com/redmine/issues/4314
https://dev.metasploit.com/redmine/issues/6829
2014-07-10 16:20:33 -05:00
b8225ae2dc
Remove unnecessary ||= and ivars.
2014-07-10 16:06:28 -05:00
e6e88ab4fe
Allow declaring root via env var in gemspecs
...
The bundle build tasks temporarily relocate Gemfile and gemspecs to
temporary directories when packing bundles. For this to work, we can't
depend on the Gemfile/gemspec exisiting in a specific location relative
to other code.
This allows specifying the project root via the MSP_ROOT environment
variable. If you do not specify MSP_ROOT, the behavior is unchanged.
MSP-10684
2014-07-10 15:04:33 -05:00
e0389dfbc3
Update code as per @wvu's code review.
2014-07-10 15:03:40 -05:00
097d5d68ce
Display 'realm\user' for AD instead of 'user@realm'
2014-07-10 14:31:42 -05:00
62a2f1dc0a
Credential -> Model for realm key constants
2014-07-10 14:30:25 -05:00
74c1bfe615
Land #3510 , grammar fix for module descriptions
2014-07-10 14:00:30 -05:00
e4039c2382
Merge branch 'staging/electro-release' into feature/MSP-10679/refactor-invalidate-login
2014-07-10 14:00:28 -05:00
688c31cc44
Switch to a space. It gets eaten anyway.
2014-07-10 13:59:30 -05:00
147c6d8160
Merge branch 'feature/MSP-10660/realm_adjustments' into staging/electro-release
2014-07-10 13:52:21 -05:00
109201a5da
little auto detect fix
2014-07-10 20:45:49 +02:00
781149f13f
little auto detect fix
2014-07-10 20:40:39 +02:00
5bb3c8a581
Make merged module descriptions more grammar.
2014-07-10 13:31:57 -05:00
e104f73d5d
Merge pull request #103 from rapid7/bug/MSP-10683/pnd-login-task-assoc
...
Filler task dropped, login results in task assoc
2014-07-10 13:30:56 -05:00
8833429987
make shared example usage more readable
...
this seems less obtuse
2014-07-10 12:58:13 -05:00
818bd1946d
final tweak for the http case
...
the only scenario in our final else that
would have a realm in the credential is the
http case in which case we want the realm to be there
still. otherwise the credential in this case has no
realm anyways so there is no need to strip one off
2014-07-10 12:39:01 -05:00
1cbcc71832
Land #3509 , Meterpreter PHP hop description fix
2014-07-10 12:36:04 -05:00
7dc58d060e
make only one each method
...
made the one true enumerator of credentials
for the login_scanner.
also covered the wierd http case where it can have a realm key
but no default realm.
2014-07-10 12:35:09 -05:00
5b1dc39caf
Filler task dropped, login results in task assoc
...
MSP-10683
* Task constraint now optional, so no need for filler
* Task ID now in service_data so it's passed to the core and the login
creation methods
2014-07-10 12:32:40 -05:00
dd439066ca
Patch rhost to display hostname of JSONP_URL.
2014-07-10 12:02:22 -05:00
bcec2df0a4
Fix Meterpreter PHP hop description
2014-07-10 11:35:48 -05:00
a319d5270e
set default connection tiemouts
...
loginscanners should have a default connection timeout
2014-07-10 11:35:10 -05:00
841cb6a590
STEAL_URL -> STEAL_URLS.
2014-07-10 09:14:32 -05:00
fad30bc874
Add flash rosetta exploit module for stealing URLs.
2014-07-10 09:09:10 -05:00
87e6ede123
Merge branch 'master' into staging/electro-release
2014-07-10 08:44:12 -05:00
0daa395007
Fix specs for LoginError cases
2014-07-09 18:11:20 -05:00
1a0200f711
one more strip
2014-07-09 17:50:28 -05:00
25ee278097
strip vestigial realms
...
in the cases where we don't want a realm we should be
stripping it from the credential so we can build accurate results
2014-07-09 17:46:56 -05:00
c5226352de
Un-login-able should be print_status, not good
2014-07-09 17:45:41 -05:00
bb3525419e
Rescue the right thing
...
MSP-9707
2014-07-09 17:44:53 -05:00
038d1e210a
Merge upstream/master to deconflict.
...
Conflicts:
Gemfile.lock
2014-07-09 17:43:42 -05:00
9bbf9486c7
fix schema bleedover
...
i accidentally polluted the schema earlier,
this should be fixed now
2014-07-09 17:26:22 -05:00
0c4e53ce5a
fix up specs
...
a whole bunch of spec changes needed for
these changes.
alos the axis2 spec was actually testing the winrm
class due to copypasta error.
2014-07-09 16:32:59 -05:00
c7b37743ef
working realm coercion
...
LoginScanners will now figure out
the right thing to do about Realms
based on attributes of the Scanner itself
2014-07-09 15:56:39 -05:00
24fced822e
coerce realm_key when it exists
...
if the cred has a realm and the loginscanner
has a realm_key, make the credential use the
scanner's realm key
2014-07-09 14:58:20 -05:00
f068006f05
auto target
2014-07-09 21:53:11 +02:00
6a765ae3b0
small cleanup
2014-07-09 21:16:29 +02:00
766b50b5e0
REALM_KEY not _TYPE
...
arg typos
2014-07-09 14:01:41 -05:00
0674314c74
auto target included
2014-07-09 20:56:04 +02:00
b4812c1b7d
auto target included
2014-07-09 20:53:24 +02:00
7d9c0da691
Record correct creds with non-success status
2014-07-09 13:26:49 -05:00
jvazquez-r7
Brandon Turner
James Lee
Joshua Smith
joev
William Vu
Tod Beardsley
Michael Messner
David Maloney
Samuel Huckins