Commit Graph

2191 Commits (789122b8eec2a0e700b175fb0896d3a8db325412)

Author SHA1 Message Date
Brent Cook a191e12241 update specs 2017-04-26 17:06:35 -05:00
William Vu df306c1543 Fix spec (the irony!) 2017-04-26 03:56:10 -05:00
David Maloney aa9c037307
fix spec for reals this time 2017-04-18 14:30:29 -05:00
David Maloney db246e6076
update spec 2017-04-18 14:19:29 -05:00
Brent Cook 67047cf770 Revert "Fixes MS-1716, keep sessions in progress alive."
This reverts commit e5d0370a94.
2017-04-16 15:52:22 -05:00
Brent Cook 42122d2835
Land #8238, move SMB2 support back into smb_login, add simpler permissions checks 2017-04-14 14:06:46 -05:00
David Maloney 91fb3ce6b8
collapse SMB2 support into smb_login
converge the SMB and SMB loginscanners so that
there is only one SMB loginscanner that supports both

MS-2636
2017-04-13 15:22:03 -05:00
bigendiansmalls fa8011fd07 New mainframe privesc payload for z/OS
This module performs a privilege escaltion on mainframe systems
runing z/OS and using RACF for their security manager.  A user
with any non-privileged credentials and the ability to write to
an apf authorized library can use this payload to add "root level"
privileges (e.g. SPECIAL / BPX.SUPERUSER) to their profile.
2017-04-11 15:04:44 -05:00
Brent Cook 5f88971ca9 convert NTP modules to bindata 2017-04-04 02:57:38 -05:00
William Vu 7de2aa1a63 Update Nmap parser to handle masscan
masscan is missing <status>, meaning hosts aren't treated as alive.

Thanks to @jhart-r7 and @jlmurray for working on this previously.
2017-04-03 02:26:14 -05:00
Brent Cook 4c0539d129
Land #8178, Add support for non-Ruby modules 2017-04-02 21:02:37 -05:00
David Maloney 40ab82eea2
add specs for the smb2 login scanner
added some basic specs for the new smb loginscanner
class

MS-2557
2017-03-29 13:46:20 -05:00
Adam Cammack 71df231918
Add new loader for arbitrary executables
Still some kluges left in the shim and we have to hit the disk when
constructing the module path
2017-03-28 10:27:12 -05:00
dmohanty-r7 92c0748447
Land #8102, Add a plugin to notify new sessions via SMS 2017-03-24 11:17:59 -05:00
wchen-r7 bb4d6e17c8 Resolve #8026, Add a plugin to notify new sessions via SMS
This plugin will notify you of a new session via SMS.

It also changes the SMS text format to MIME.

Resolve #8026
2017-03-13 16:13:59 -05:00
wchen-r7 2a5815749c Update rspec 2017-03-08 13:39:24 -06:00
wchen-r7 702d1c2b7e Fix bug for subject 2017-03-08 11:43:36 -06:00
wchen-r7 ed22902fd4 Support the subject field 2017-03-08 11:40:08 -06:00
wchen-r7 a634fec8b3 Fix typo 2017-03-07 16:51:17 -06:00
wchen-r7 dc36bc4a0d Add rspec 2017-03-07 16:49:42 -06:00
wchen-r7 6ad8afb8b3 Add API to send a text message (SMS) to mobile devices 2017-03-02 16:47:55 -06:00
Pearce Barry e5d0370a94
Fixes MS-1716, keep sessions in progress alive. 2017-02-24 12:56:05 -06:00
Tim 7f759384ab fix missing payloads_spec 2017-02-07 15:02:29 +08:00
Brent Cook 64e475a4ee
Land #7892, Enhance the creds command to allow creating logins 2017-02-03 11:53:46 -06:00
Jeffrey Martin 1bb8c9bd93
missed userpass_file on CredentialCollection.empty? 2017-02-01 15:42:21 -06:00
Jeffrey Martin 0dcf0002ae
refactor empty test on CredentialCollection 2017-01-31 15:16:26 -06:00
darkbushido 1fcd20b7ef
adding a spec to show creating a core and login 2017-01-30 12:11:31 -06:00
darkbushido c20cdc2943 cleaning up some of the specs 2017-01-30 10:43:28 -06:00
Brent Cook 4480ea7877
Land #7827, Cisco Firepower Management Console LoginScanner 2017-01-27 16:26:40 -06:00
wchen-r7 781bc8420a Add Advantech WebAccess LoginScanner module 2017-01-26 13:54:50 -06:00
bwatters 253e39e18c
Land #7680, Fix #7679, LoginScanner should abort if there is no creds to try 2017-01-23 14:08:32 -06:00
wchen-r7 d9ead4484e Mock :password 2017-01-23 13:42:30 -06:00
Jeffrey Martin 7cf812ed99 add rspec test for inspect on all TLV_TYPE objects 2017-01-23 09:19:53 -06:00
Brent Cook ac2ceca5e3
Land #7804, Switch the creds command to use named options 2017-01-22 10:49:19 -06:00
Brent Cook 99047fa8a1 be stricter in what we accept for payload uri
datastore needs to contain something to produce a valid URI
2017-01-22 10:20:04 -06:00
Brent Cook 66e9f1d334 fix doc normalizer spec 2017-01-22 10:20:04 -06:00
Brent Cook f69b4a330e handle Ruby 2.4 Fixnum/Bignum -> Integer deprecations 2017-01-22 10:20:03 -06:00
wchen-r7 d7f43a2c66 Fix base_spec 2017-01-17 15:58:30 -06:00
wchen-r7 ecf246b380 Fix more prepended_creds issues 2017-01-17 15:41:24 -06:00
wchen-r7 9efa84298c Mock more methods for base_spec 2017-01-17 15:17:15 -06:00
wchen-r7 d79f4fbda2 Update cisco_firepower_spec 2017-01-17 13:33:56 -06:00
William Vu 77c78fa5f4 Move Rex::Text::Table workspace output to -v 2017-01-15 23:15:14 -06:00
William Vu 360ad26d9c Fix spec because I suck 2017-01-15 04:00:33 -06:00
wchen-r7 a687073416 Add Cisco Firepower Management Console LoginScanner 2017-01-13 16:59:20 -06:00
David Maloney 9b9d3127a8
cleanup leaked constants
use constant cleaner
7824
2017-01-12 15:49:24 -06:00
wchen-r7 08d529b818 Fix login_scanner_base rspec 2017-01-11 14:53:04 -06:00
wchen-r7 90c42b4740 Update rspec 2017-01-11 14:23:28 -06:00
wchen-r7 2377f17663 Fix typos 2017-01-11 14:05:22 -06:00
wchen-r7 9136e008bb Update rspec 2017-01-11 12:00:43 -06:00
wchen-r7 c97dba39f2 creds should mock these methods too 2017-01-11 11:48:52 -06:00
David Maloney 4029dbd5ca
try not to forget fixing the spec... 2017-01-10 14:33:18 -06:00
darkbushido 6bd2e03f37 dding realm tests showed a bug. its now squashed. 2017-01-09 13:04:34 -06:00
darkbushido fe3885f88a changing expect do end back to expect {} 2017-01-09 13:04:34 -06:00
darkbushido 30fe429ada fixing more whitespace issues
converting double quotes to single
2017-01-09 13:04:34 -06:00
darkbushido 0c3760a843 adding more tests
rubocoping the file
2017-01-09 13:04:34 -06:00
darkbushido 3674b25885 fixing the tests, more need to be added 2017-01-09 13:04:34 -06:00
darkbushido 18c7fc5a85 moving the cred tests out of the db tests 2017-01-09 13:04:34 -06:00
dmohanty-r7 5cba9b0034
Land #7747, Add LoginScanner module for BAVision IP cameras 2017-01-06 16:25:44 -06:00
David Maloney 2108913e77
target_host method had a name collision
this method appears to have been accidentaly overriding another
method causing sessions to never finish being established
2017-01-06 12:44:37 -06:00
David Maloney 9dc4ee57b6 minor fixes to linux example module
fixed a copy paste error in the linux_autotarget
test exploit and added actual linux targets to it
2017-01-03 14:38:52 -06:00
David Maloney 5fd531028c ome minor guards and spec fixes
some minor conditional guards and spec fixes
2017-01-03 14:38:51 -06:00
David Maloney a61b92aa3e tweak target selection
the target selection actually adjust the datastore
as if a user selected the target, this prevents
a mismatch between the target and the target index

MS-2325
2017-01-03 14:38:51 -06:00
David Maloney 3d2957dff1 tying it all together
insert our autotarget routine into
the main target selection process

MS-2325
2017-01-03 14:38:50 -06:00
David Maloney 44830dfc54 prefer authour's target over ours
if the module authour added an automatic target
we skip our routine, to let the module's own automatic targeting
take over as it likely be better

MS-2325
2017-01-03 14:38:50 -06:00
David Maloney 1afc57da40 determine most precise filter
drop back to our most precise level of filtering

MS-2325
2017-01-03 14:38:50 -06:00
David Maloney 201b65e43d remaining os filtering
now can filter by os name and service pack
need to do final logic to turn that into an actual
target selection

MS-2325
2017-01-03 14:38:50 -06:00
David Maloney 05ac2ee6ed convert first stage to os_family
added the new os-family column to Host
so now we use that as our first stage filter
for targets

MS-2325
2017-01-03 14:38:49 -06:00
David Maloney 95d5c7a778 filtering by os_name
targets now filtered by OS name, but a little
more processing may be needed on this part because
it looks like what you'd expect in os_flavor gets jammed
into name instead

MS-2325
2017-01-03 14:38:49 -06:00
David Maloney f107408389 target_host specs
add specs for finding the 'target host' ie.
the mdm::Host object related to the RHOST value
to see what we know about our target

MS-2325
2017-01-03 14:38:49 -06:00
David Maloney 4060e63b89 add tests for auto target addition
tests to make sure we add auto targets only
in the appropriate conditions

MS-2325
2017-01-03 14:38:49 -06:00
David Maloney 84d5e42e4f start gearing up for testing
start getting auto-targeting test framework in place
so we can have unit tests for this behaviour

MS-2325
2017-01-03 14:38:45 -06:00
wchen-r7 144f886e8b Add LoginScanner module for BAVision IP cameras 2016-12-23 16:22:17 -06:00
Brent Cook 9e75866188
Land #7738, Add sort by column to services and hosts commands 2016-12-22 01:10:45 -06:00
William Vu a8f36c2a2c Update spec 2016-12-20 23:32:28 -06:00
Brent Cook fa016de78a
Land #7634, Implement universal HTTP/S handlers for Meterpreter payloads 2016-12-13 18:13:22 -06:00
William Vu 4ad42784d3 Update spec 2016-12-12 14:24:24 -06:00
Adam Cammack ccba73b324
Add stageless mettle for Linux/zarch 2016-12-09 18:30:52 -06:00
Adam Cammack 24cf756f5b
Add stageless mettle for Linux/x86 2016-12-09 18:29:34 -06:00
Adam Cammack 62a9a31222
Add stageless mettle for Linux/x64 2016-12-09 18:28:29 -06:00
Adam Cammack 7d36d41b20
Add stageless mettle for Linux/ppc64le 2016-12-09 18:27:22 -06:00
Adam Cammack ee7d5fc0c9
Add stageless mettle for Linux/ppc 2016-12-09 18:25:57 -06:00
Adam Cammack 4570a7198c
Add stageless mettle for Linux/mipsle 2016-12-09 18:24:12 -06:00
Adam Cammack 25b069f6b4
Add stageless mettle for Linux/mipsbe 2016-12-09 18:23:03 -06:00
Adam Cammack 7aec68c1fe
Add stageless mettle for Linux/mips64 2016-12-09 18:21:52 -06:00
Adam Cammack 7a654ca76c
Add stageless mettle for Linux/armle 2016-12-09 18:19:58 -06:00
Adam Cammack b74482aa6e
Add stageless mettle for Linux/armbe 2016-12-09 18:18:22 -06:00
Adam Cammack 12b296ab1a
Add stageless mettle for Linux/aarch64 2016-12-09 18:05:34 -06:00
wchen-r7 dd2fb2dbbe Update rspec 2016-12-09 10:33:34 -06:00
wchen-r7 d8d4479d55 Update rspecs 2016-12-08 16:39:45 -06:00
wchen-r7 ef4dd80e2b Update rspecs 2016-12-08 16:34:19 -06:00
Jon Hart 4614b7023d
Land #7604, @godinezj's post module for creating AWS IAM accounts 2016-12-08 14:26:22 -08:00
wchen-r7 ce5c1f07c3 Fix rspecs 2016-12-08 16:11:06 -06:00
Javier Godinez 33add4c11f Updated spec to match latest changes 2016-12-07 11:32:08 -08:00
OJ 2839b198ba
Update payload spec to include multi payloads 2016-12-06 11:22:12 +10:00
OJ ffee0ff1b6
Fix payload cache size issue, fix shell/bind payloads 2016-12-06 11:12:02 +10:00
David Maloney d85f9880ff
fix command dispatcher specs 2016-12-05 11:16:15 -06:00
Javier Godinez 53a66585cf Removed dubious unit test 2016-11-28 10:07:18 -08:00
Javier Godinez 83e0a21a52 Added unit tests 2016-11-24 21:04:17 -08:00
Brent Cook f313389be4 Merge remote-tracking branch 'upstream/master' into land-7507-uuid-arch 2016-11-20 19:08:56 -06:00
Tod Beardsley 1deacad2be
Add a print_bad alias for print_error
Came up on Twitter, where Justin may have been trolling a little:

https://twitter.com/jstnkndy/status/798671298302017536

We have a `print_good` method, but not a `print_bad`, which seems a
little weird for Ruby -- opposite methods should be intuitive as Justin
is implying.

Anyway, I went with alias_method, thanks to the compelling argument at

https://github.com/bbatsov/ruby-style-guide#alias-method

...since Metasploit is all about the singleton, and didn't want to risk
some unexpected scoping thing.

Also dang, we define the `print_` methods like fifty billion times!
Really should fix that some day.
2016-11-15 19:20:42 -06:00
OJ d751c43f52
FINALLY fix the last of the tests
Sorry for the stupidity.
2016-11-05 06:20:43 +10:00
OJ 3bc6808278
Really fix the session test this time 2016-11-05 06:07:44 +10:00
OJ 5f5684841b
Fix the DB/Session test 2016-11-05 05:59:31 +10:00
OJ abe46024de
Fix tests after arch refactor 2016-11-05 05:15:57 +10:00
OJ e4edbb16fe
Fix encoded_payload_spec 2016-10-29 15:29:23 +10:00
Jon Hart 12508f7140
Fix DRDoS mixin to handle empty responses 2016-10-24 14:21:28 -07:00
David Maloney 6b77f509ba
fixes bad file refs for cmdstagers
when moving to the rex-exploitation gem some of the
file references were missed, partially due to silly differences
between how each file was referenced

Fixes #7466
2016-10-21 12:31:18 -05:00
David Maloney 7894d5b2c1 Revert "Revert "use the new rex-exploitation gem""
This reverts commit f3166070ba.
2016-10-11 17:40:43 -05:00
Brent Cook fabb296b15 update cache and add payload test 2016-09-29 21:19:55 -05:00
Tod Beardsley de9434870c
Land #7375, mock some rex tests for DNS lookups
Fixes #6467, as far as @lsato-r7 and I can tell.
2016-09-29 16:37:38 -05:00
William Vu 075401d702
Update dynamic_size for andterp spec 2016-09-28 16:58:34 -05:00
Louis Sato ca683576d0 Mock rex-socket getaddress call for loginscanner
Since we're using the rex-socket gem, we don't need to
test the getaddress call for each one of the login scanner specs
2016-09-28 11:32:06 -05:00
Tim de1e0aae99 add missing payload tests 2016-09-27 11:05:19 +08:00
Brent Cook 1b31e0a63e remove osvdb links 2016-09-20 14:27:59 -05:00
David Maloney 7e10b5c482
use new rex-encoder gem
remove all the encoidng lbiraries and use the new gem
rex-encoder that contains them now.

MS-1708
2016-09-14 12:07:26 -05:00
wchen-r7 245237d650
Land #7288, Add LoginScannerfor Octopus Deploy server 2016-09-13 17:26:56 -05:00
Pearce Barry 4495b27e67
Land #7254, Rex::SSLScan Gemification 2016-09-08 13:20:56 -05:00
David Maloney 7857c58655 remove all the left voer cruft
remove all the files that got xfered out to the gems

MS-1715
2016-09-07 11:38:28 -05:00
james-otten dcf0d74428 Adding module to scan for Octopus Deploy server
This module tries to log into one or more Octopus Deploy servers.

More information about Octopus Deploy:
https://octopus.com
2016-09-06 20:52:49 -05:00
Pearce Barry 9d5a276e91
Fix recent metasploit-framework.gemspec conflict. 2016-09-06 13:10:28 -05:00
dmohanty-r7 e36cfa54b1
Use rex-mime gem
MS-1710
2016-09-01 11:38:07 -05:00
David Maloney 029a28c95b
use the new rex-sslscan gem
remove old integerated code and replace it
with the gem. done.

MS-1693
2016-08-30 10:43:47 -05:00
David Maloney b1009ab8dc
remove all the left voer cruft
remove all the files that got xfered out to the gems

MS-1715
2016-08-26 14:31:27 -05:00
David Maloney d2a6c2e9ca
move rex bintools into new gem
move all the *scan *parsey code out into
the new rex-bin_tools gem

MS-1691
2016-08-15 14:01:43 -05:00
darkbushido 5a1cd24350 finishing converting the last of this to credentials 2016-07-29 09:58:17 -05:00
darkbushido 0972005b24 updating 'ppp.*username secret' 2016-07-29 09:58:17 -05:00
darkbushido 1d33c9aa88 updating specs upto 'username secret' 2016-07-29 09:58:17 -05:00
darkbushido 73b362cade updating more spec 2016-07-29 09:58:16 -05:00
darkbushido d807a83bb1 fixing some more specs 2016-07-29 09:58:16 -05:00
darkbushido b66621af0d adding in a blank service_name
fixing myworkspace
2016-07-29 09:58:16 -05:00
darkbushido 219f9d5d57 updating parts of cisco to use creds 2016-07-29 09:58:15 -05:00
darkbushido 40240662db converting enable password to create_credentials 2016-07-29 09:58:15 -05:00
darkbushido 9fa1c597b1 specing out the cisco mixin 2016-07-29 09:55:08 -05:00
Pearce Barry 1b6bd927d0 Rex::OLE is now rex-ole gem, fixes MS-1712 2016-07-25 14:05:48 -05:00
dmohanty-r7 471cc277ba
Remove rex-arch specs
MS-1703
2016-07-20 17:01:18 -05:00
James Lee ff63e6e05a
Land #7018, unvendor net-ssh 2016-07-19 17:06:35 -05:00
Brent Cook b08d1ad8d8
Revert "Land #6812, remove broken OSVDB references"
This reverts commit 2b016e0216, reversing
changes made to 7b1d9596c7.
2016-07-15 12:00:31 -05:00
David Maloney 1ea425aff1
update ssh login_scanner spec
the spec needs to be updated for the non_interactive flag
2016-07-14 15:30:20 -05:00
David Maloney 01d0d1702b
Merge branch 'master' into feature/MS-1688/net-ssh-cleanup 2016-07-14 09:48:28 -05:00
Brent Cook 2b016e0216
Land #6812, remove broken OSVDB references 2016-07-11 22:59:11 -05:00
Brent Cook 1c8556d8e0 add mettle payload tests 2016-07-06 15:53:20 -05:00
David Maloney 5f9f3259f8
Merge branch 'master' into feature/MS-1688/net-ssh-cleanup 2016-07-05 10:48:38 -05:00
Brent Cook cfc368ab65
Land #6959, Add Linux ARM big endian ipv4 bind shellcode 2016-07-05 00:41:00 -05:00
David Maloney ee2d1d4fdc
Merge branch 'master' into feature/MS-1688/net-ssh-cleanup 2016-06-28 15:00:35 -05:00
dmohanty-r7 c2f3d411c3
Replace rex/java with rex-java gem 2016-06-27 14:52:49 -05:00
David Maloney 6072697126
continued 2016-06-22 14:54:00 -05:00
David Maloney 69e2d05a5d
rip out old rex code and replace with gems
rex-text, rex-random_identifier, rex-powershell, rex-zip, and rex-registry
are now being pulled in as gems instead of part of the spgehtti code that is lib/rex
2016-06-21 13:56:36 -05:00
earthquake cd84b42e50 linux arm big endian ipv4 bind module added 2016-06-10 00:19:43 +02:00
Brent Cook da532ecc5e
Land #6919, Move LURI into a full URI for a new 'Payload opts" column in jobs output 2016-06-03 13:57:47 -05:00
Brent Cook c99505923f disable SSL tests that no longer work on Travis 2016-06-01 16:33:34 -05:00
James Lee f7382f5b3b
Make `jobs` display a full uri
Addresses the problem of LURI taking the place of URIPATH, which has
different semantics.

See #4623
2016-05-27 11:15:12 -05:00
Brent Cook a3d2cba698
Land #6906, Improve msfvenom error handling and spec coverage 2016-05-26 07:58:37 -05:00
Brent Cook c2cf992560 added spec for #6915 2016-05-26 07:57:17 -05:00
darkbushido a298129463
adding specs and expanding options
Tests shouldnt be DRY, they need to be easy to understand.
2016-05-25 13:17:47 -05:00
James Lee 5921ac7b47
Add a spec and fix ReverseHttp#luri 2016-05-24 17:22:14 -05:00
William Vu 3dfdf1d936
Land #6528, tilde expansion and more for OptPath 2016-05-24 16:01:59 -05:00
Brent Cook d709229f52 fix spec warnings 2016-05-24 07:51:36 -05:00
Jon Hart 8bccfef571
Fix merge conflict 2016-05-16 17:29:45 -07:00
David Maloney 19af279ce9
Merge branch 'master' into staging/rails-upgrade 2016-05-05 10:46:12 -05:00
dmohanty-r7 f096c3bb99
Land #6821 Fix send_request_cgi! redirection 2016-05-05 09:09:30 -05:00
David Maloney 55b38ad089
Land #6398, content length header
lands wei's content length header pr
2016-05-04 11:53:46 -05:00
David Maloney fb5b228984
Merge branch 'master' into staging/rails-upgrade 2016-05-02 11:33:35 -05:00
dmohanty-r7 050061762b Fix db_manager rspec tests
MS-255
2016-04-28 13:17:02 -05:00
wchen-r7 d4b89edf9c Fix #6398, Missing Content-Length header in HTTP POST
RFC-7230 states that a Content-Length header is normally sent in
a POST request even when the value (length) is 0, indicating an
empty payload body. Rex HTTP client failed to follow this spec,
and caused some modules to fail (such as winrm_login).

Fix #6398
2016-04-28 11:44:10 -05:00
James Lee e7f0163c2e
Apparently super doesn't work the same here in 2.3
But it doesn't matter, the value just needs to be before the current
time, so replace it with a simpler solution.
2016-04-26 10:35:41 -05:00
wchen-r7 47d52a250e Fix #6806 and #6820 - Fix send_request_cgi! redirection
This patch fixes two problems:

1. 6820 - If the HTTP server returns a relative path
   (example: /test), there is no host to extract, therefore the HOST
   header in the HTTP request ends up being empty. When the web
   server sees this, it might return an HTTP 400 Bad Request, and
   the redirection fails.

2. 6806 - If the HTTP server returns a relative path that begins
   with a dot, send_request_cgi! will literally send that in the
   GET request. Since that isn't a valid GET request path format,
   the redirection fails.

Fix #6806
Fix #6820
2016-04-25 14:30:46 -05:00
wchen-r7 816bc91e45 Resolve #6807, remove all OSVDB references.
OSVDB is no longer a vulnerability database, therefore all the
references linked to it are invalid.

Resolve #6807
2016-04-23 12:32:34 -05:00
Brent Cook 7ff5a5fd7e switch mainframe payloads to fixed size 2016-04-23 11:40:05 -04:00
Brent Cook e75ce8b248 update test to hook exist? rather than exists? 2016-04-21 06:56:48 -04:00
thao doan e70d967b4e Land #6763, Add rspec for lib/metasploit/framework/login_scanner/redis 2016-04-18 10:05:24 -07:00
David Maloney 3a623862e3
Merge branch 'master' into staging/rails-upgrade 2016-04-15 10:55:43 -05:00
Brent Cook d3e5dffe26
whitespace 2016-04-13 22:20:42 -05:00
Brent Cook 6ce7055130
Land #6737, Added reverse shell JCL payload for z/OS 2016-04-13 22:19:15 -05:00
Brent Cook 09873f2f9c
Land #6717, Add new cmd mainframe payload (generic_jcl) for z/OS 2016-04-13 22:10:23 -05:00
wchen-r7 6c5886afba Resolve #6736, Add rspec for login_scanner/redis lib
Resolve #6736
2016-04-08 11:41:08 -05:00
Fernando Arias 8f3f2f74b4
Move shared example from pro into framework
MS-1361
2016-04-07 13:09:52 -05:00
Fernando Arias f5415c8058
Move pro concern logic into framework
MS-1361
2016-04-07 10:59:40 -05:00
William Vu 22d08fdf39 Revert #6748, premature Gemfile* changes 2016-04-06 14:52:22 -05:00
David Maloney 8de58e4b80
Merge branch 'master' into staging/rails-upgrade 2016-04-04 09:30:01 -05:00
wchen-r7 f7dd326b16
Land #6455, Fix dns labels/names size limits for lib/net/dns/names/names 2016-04-01 21:57:09 -05:00
Bigendian Smalls 6a4d7e3b58
Revshell cmd JCL payload for z/OS
Added a JCL-based reverse shell.  Uses the same source code as the
shellcode version does.  Source code is in
external/source/shellcode/mainframe/shell_reverse_tcp.s
2016-03-31 20:42:42 -05:00
wchen-r7 46d4b533f3 Add rspec for lib/net/dns/names/names.rb 2016-03-31 11:29:30 -05:00
wchen-r7 bc48ebd43b Use patch_finder for msu_finder 2016-03-29 23:21:01 -05:00
wchen-r7 1bcd3fac25
Land #6724, Import workspace IP validation from Mdm
MS-902
2016-03-29 18:31:47 -05:00
Adam Cammack 3b0170e87d
Import workspace IP validation from Mdm
This allows us to actually test the validations, since the code calls
out to Rex::Socket::RangeWalker.

MS-902
2016-03-29 17:56:22 -05:00
Bigendian Smalls a6518b5273
Add generic JCL cmd payload for z/OS (mainframe)
This payload does nothing but return successfully.  It can be used to
test exploits and as a basis for other JCL cmd payloads.
2016-03-28 21:01:39 -05:00
wchen-r7 c4735bd72a Fix rspec pull_request_finder_spec.rb 2016-03-24 20:56:46 -05:00
wchen-r7 57984706b8 Resolve merge conflict with Gemfile 2016-03-24 18:13:31 -05:00
James Lee 1375600780
Land #6644, datastore validation on assignment 2016-03-17 11:16:12 -05:00
Adam Cammack 32fe9ae55d
Remove dead version check in db_manager.rb
The check appears to have been orphaned in the db_manager refactor, but
I can't track down the exact commit.
2016-03-16 15:24:55 -05:00
Brent Cook 903807d039 update spec for pre-check 2016-03-15 14:21:01 -05:00
Brent Cook dabe5c8465
Land #6655, use MetasploitModule as module class name 2016-03-13 13:48:31 -05:00
David Maloney 88697a5d3f
Merge branch 'master' into staging/rails-upgrade 2016-03-08 15:22:04 -06:00
wchen-r7 860159fa00 Update rspec 2016-03-08 11:37:25 -06:00
wchen-r7 58b8c35146 Escape HTML for KB and update rspec 2016-03-08 10:10:10 -06:00
Christian Mehlmauer 3123175ac7
use MetasploitModule as a class name 2016-03-08 14:02:44 +01:00
Brent Cook 659af68b16
Land #6388, update msftidy check for new preferred Metasploit module base class 2016-03-06 17:12:20 -06:00
Brent Cook cc436fe438 update to new preferred base class for modules 2016-03-06 17:11:51 -06:00
Brent Cook a2c3b05416
Land #6405, prefer default module base class of simply 'Metasploit' 2016-03-06 17:10:55 -06:00
Brent Cook e1db3ef369
Land #6388, Update msftidy to error when module super class is incorrect 2016-03-06 16:53:11 -06:00
Brent Cook 0fc4ebf4ab
Land #6618, Improve Content-Length behavior in Rex HTTP 2016-03-06 16:38:44 -06:00
Brent Cook 8faae94338
Land #6592, make linux/x86/shell_reverse_tcp's shell path configurable and remove shell_reverse_tcp2 2016-03-06 15:33:53 -06:00
Gregory Mikeska c2f7360a9a
replace deprecated 'ignore' with 'transient' 2016-02-29 14:57:09 -06:00
wchen-r7 bff4b4d5fc Fix #6609 and #6587 - Change Content-Length behavior in Rex HTTP
This patches changes two things:

1. If a module has a custom Content-Length, it will respect that
   instead of forcing its own.

2. If a request does not have anything in the body, the
   Content-Length header will not be set.

Fix #6609
Fix #6587
2016-02-29 10:50:21 -06:00
wchen-r7 814d53aee0 Add rspec for Msf::Util::DocumentGenerator::PullrequestFinder 2016-02-24 15:13:04 -06:00
wchen-r7 753e0f7693 Add rspec for Msf::Util::DocumentGenerator::DocumentNormalizer 2016-02-23 15:34:34 -06:00
joev 39f1113bca Remove unused spec. 2016-02-18 22:20:13 -06:00
OJ 44eb2d6a80
Merge branch 'upstream/master' into default-xor 2016-02-11 14:30:18 +10:00
Brent Cook 2386cb1344
Land #6527, add support for importing Burp suite vuln exports 2016-02-10 13:19:21 -06:00
wchen-r7 942eec5fee Update rspec 2016-02-07 12:37:08 -06:00
Brian Patterson 4dcbd7c1ae
Add a nokogiri xml stream parser for Burp issue xml and rename original burp parser to burp session parser so both are supported. 2016-02-04 10:30:56 -06:00
Jon Hart 53d4e31844
Allow OptPath to valid symbolic paths that need expansion 2016-02-03 14:12:03 -08:00
Brent Cook c0ed57db43
Land #6267, the rest of the rspec3 updates 2016-01-29 11:36:58 -06:00
Brent Cook d35d0993c1 should -> expect 2016-01-29 11:36:38 -06:00
Brent Cook ac822943b1
Land #6267, update to rspec3 2016-01-29 11:33:30 -06:00
Brent Cook 8c94d3c1bd adjust namespec for rspec3 2016-01-29 11:32:22 -06:00
Brent Cook b6bc862c1b
Land #6267, fix Rex::Parser::Ini#each_group 2016-01-29 11:19:40 -06:00
wchen-r7 6187354392
Land #6226, Add Wordpress XML-RPC system.multicall Credential BF 2016-01-23 00:12:46 -06:00
wchen-r7 781ff4bb7d Rspec is deprecated. Use RSpec instead. 2016-01-22 20:39:40 -06:00
wchen-r7 6bbfc5a869 Fix rspec 2016-01-22 20:27:45 -06:00
wchen-r7 0f9cf812b7 Bring wordpress_xmlrpc_login back, make wordpress_multicall as new 2016-01-22 18:54:20 -06:00
Christian Mehlmauer e6147d60e2 fix rspecs 2016-01-22 23:43:13 +01:00
Christian Mehlmauer f92f59a4c8 remove corresponding spec files 2016-01-22 23:38:44 +01:00
wchen-r7 216986f7af Do API documentation, rspec, and other small changes 2016-01-21 17:22:14 -06:00
Christian Mehlmauer 478cd2ed5c
check database.yml path 2016-01-21 20:32:32 +01:00
OJ ac0b489a90 Revert bad merge and include expect calls 2016-01-21 10:28:38 +10:00
Christian Mehlmauer f68b2b56fa
use hardcoded path 2016-01-19 23:51:28 +01:00
Christian Mehlmauer aaa1174ca5
fix rspec errors without database 2016-01-19 20:28:58 +01:00
OJ 18fe9bd96f
Merge branch 'upstream/master' into default-xor 2016-01-13 10:05:59 +10:00
Brent Cook 7f9b804060
Land #6410, remove JtR binaries, update for independent framework releases 2016-01-06 14:16:49 -06:00
Brent Cook 388bfec46c
Land #6415, update rspec3 conventions 2016-01-06 12:14:15 -06:00
wchen-r7 92503c0ff6 Remove extra check_setup call 2016-01-06 11:01:35 -06:00
wchen-r7 480913cb32 Add rspec 2016-01-06 01:41:13 -06:00
David Maloney 06a75e1339
re-enable deprecation errors
had to disable this to let transpec do
dynamic analysis. re-enabling now to throw
an error on any deprecation warning
2015-12-31 16:57:17 -06:00
David Maloney c6656e4031
example_group and hook_scope conversions
not strictly required, these conversions keep us
up to date with latest rspec conventions and best practices
which will prevent use from having to convert them when they become
deprecated later
2015-12-31 16:56:13 -06:00
David Maloney 0a8cc8e01c
basic transpec conversions
no options apssed, first run of transpec
not much to report
2015-12-31 16:43:26 -06:00
Chris Doughty 8090bbc750 Changes to support framework as a gem 2015-12-30 11:00:45 -06:00
Jon Hart 46a3c839b4
Refactor existing tests that had been duplicating get_std* 2015-12-24 11:03:11 -08:00
Jon Hart be84ed13a2
Update msftidy spec to be more easily added to 2015-12-24 10:55:13 -08:00
Jon Hart f029cd0c9a
Add common helpers for capturing stdout/stderr 2015-12-24 10:54:51 -08:00
Jon Hart 5ac4e9aa6b
Correct payload fixture 2015-12-23 12:55:01 -08:00
Jon Hart 83f0c2fa05
Add beginnings of rspec coverage for msftidy 2015-12-23 12:53:12 -08:00
Brent Cook 6eda702b25
Land #6292, add reverse_tcp command shell for Z/OS (MVS) 2015-12-23 14:11:37 -06:00
wchen-r7 7d8ecf2341 Add Joomla mixin 2015-12-18 21:14:04 -06:00
Brent Cook eccf61bec5 ensure that the metasploit database environment variable is unset 2015-12-14 14:29:25 -06:00
Brent Cook 6551df6446 update bitlocker for rspec3 2015-12-10 21:52:15 -06:00
Brent Cook fb578e9063 use explicit exceptions for raise_error 2015-12-10 21:47:22 -06:00
Brent Cook f59446851f update namespace 2015-12-10 21:47:22 -06:00
Gregory Mikeska 99931aff44 Call stance only if module implements stance 2015-12-10 21:47:22 -06:00
Greg Mikeska b29459747b stub out private meterpreter accessor method net 2015-12-10 21:47:22 -06:00