7c0633f0a7
gemfile fix
2014-07-15 15:38:02 -05:00
674447c891
final cleanup steps
2014-07-15 15:31:51 -05:00
7ac6640cfd
Merge branch 'staging/electro-release' into feature/MSP-10711/login-status
...
Conflicts:
Gemfile
Gemfile.lock
modules/auxiliary/scanner/smb/smb_login.rb
2014-07-15 15:12:33 -05:00
4d3bfcf9d0
Merge pull request #109 from rapid7/bug/MSP-10713/smb-error-code
...
Move error_name to InvalidPacket and check for nil
2014-07-15 15:10:37 -05:00
51a9a763c0
Move error_name to InvalidPacket and check for nil
...
MSP-10713
2014-07-15 15:02:53 -05:00
34635ab968
module login status cleanup
...
cleanup several bruteforce module to
use the loginstatus constants for result status
2014-07-15 14:55:41 -05:00
9857bac6b1
add NO_AUTH_REQUIRED
2014-07-15 14:38:41 -05:00
a4ff2fdd50
Merge pull request #108 from rapid7/feature/MSP-9948/update-db-import
...
Specs and functional now passing with latest update.
MSP-9948 #land
2014-07-15 13:36:43 -05:00
6a1149c1ed
Add missing origin
...
MSP-9948
2014-07-15 13:27:08 -05:00
939e585658
refactor all loginscanners
...
loginscanners now use LoginStatus constants
for the result statuses
2014-07-15 13:17:56 -05:00
846679bef9
change Result status
...
result bojects now use Login::status constants
for their status
2014-07-15 11:39:38 -05:00
8cafed956b
Remove cruft
...
MSP-9948
2014-07-14 18:26:18 -05:00
c1e02d4539
Update deps again
...
MSP-9948
2014-07-14 18:16:12 -05:00
0966949203
Merge branch 'staging/electro-release' into feature/MSP-9948/update-db-import
...
Upstream merge
Conflicts:
Gemfile
Gemfile.lock
2014-07-14 17:59:54 -05:00
aca627489e
Pass workspace down in import of creds dump
...
MSP-9948
2014-07-14 16:40:41 -05:00
f3ec386240
Merge pull request #106 from rapid7/feature/MSP-10686/stop-after-user-success
...
Feature/msp 10686/stop after user success
2014-07-14 14:56:23 -05:00
7184d2ed5e
Merge pull request #107 from rapid7/feature/MSP-9704/pop3-module-refactor
...
Refactor pop3_login
2014-07-14 13:27:11 -05:00
a76fe5402b
Merge pull request #104 from rapid7/feature/MSP-10680/realm-key-fixes
...
Feature/msp 10680/realm key fixes
2014-07-14 12:21:00 -05:00
b05b2657bc
Now importing creds dumps inside msf zips
...
MSP-9948
2014-07-13 11:07:01 -05:00
e68dcdbb06
Refactor pop3_login
...
Also adjusts timeout in the scanner class to account for Dovecot's
default "Authentication Penalty" delay.
See http://wiki2.dovecot.org/Authentication/Penalty
2014-07-11 17:26:49 -05:00
af2e29612b
Merge branch 'staging/electro-release' into feature/MSP-10680/realm-key-fixes
2014-07-11 12:02:40 -05:00
30e3ae7459
Merge branch 'staging/electro-release' into feature/MSP-10686/stop-after-user-success
2014-07-11 12:02:02 -05:00
cc93dbbe29
Merge pull request #102 from rapid7/feature/MSP-9707/smb-bruteforce-refactor
...
Feature/msp 9707/smb bruteforce refactor
MSP-9707 #land
2014-07-11 11:33:12 -05:00
4b16985eb8
Stop trying more creds for a user after success
...
This is more like the behavior of the old AuthBrute mixin, where a
scanner module was expected to return :next_user in the block given to
each_user_pass when it successfully authenticated.
The advantage is a reduced number of attempts that are very unlikely to
be successful since we already know the password. However, note that
since we don't compare realms, this will cause a false negative in the
rare case where the same username exists with different realms on the
same service.
MSP-10686
2014-07-10 17:48:58 -05:00
097d5d68ce
Display 'realm\user' for AD instead of 'user@realm'
2014-07-10 14:31:42 -05:00
62a2f1dc0a
Credential -> Model for realm key constants
2014-07-10 14:30:25 -05:00
e4039c2382
Merge branch 'staging/electro-release' into feature/MSP-10679/refactor-invalidate-login
2014-07-10 14:00:28 -05:00
147c6d8160
Merge branch 'feature/MSP-10660/realm_adjustments' into staging/electro-release
2014-07-10 13:52:21 -05:00
e104f73d5d
Merge pull request #103 from rapid7/bug/MSP-10683/pnd-login-task-assoc
...
Filler task dropped, login results in task assoc
2014-07-10 13:30:56 -05:00
8833429987
make shared example usage more readable
...
this seems less obtuse
2014-07-10 12:58:13 -05:00
818bd1946d
final tweak for the http case
...
the only scenario in our final else that
would have a realm in the credential is the
http case in which case we want the realm to be there
still. otherwise the credential in this case has no
realm anyways so there is no need to strip one off
2014-07-10 12:39:01 -05:00
7dc58d060e
make only one each method
...
made the one true enumerator of credentials
for the login_scanner.
also covered the wierd http case where it can have a realm key
but no default realm.
2014-07-10 12:35:09 -05:00
5b1dc39caf
Filler task dropped, login results in task assoc
...
MSP-10683
* Task constraint now optional, so no need for filler
* Task ID now in service_data so it's passed to the core and the login
creation methods
2014-07-10 12:32:40 -05:00
a319d5270e
set default connection tiemouts
...
loginscanners should have a default connection timeout
2014-07-10 11:35:10 -05:00
87e6ede123
Merge branch 'master' into staging/electro-release
2014-07-10 08:44:12 -05:00
0daa395007
Fix specs for LoginError cases
2014-07-09 18:11:20 -05:00
1a0200f711
one more strip
2014-07-09 17:50:28 -05:00
25ee278097
strip vestigial realms
...
in the cases where we don't want a realm we should be
stripping it from the credential so we can build accurate results
2014-07-09 17:46:56 -05:00
c5226352de
Un-login-able should be print_status, not good
2014-07-09 17:45:41 -05:00
bb3525419e
Rescue the right thing
...
MSP-9707
2014-07-09 17:44:53 -05:00
9bbf9486c7
fix schema bleedover
...
i accidentally polluted the schema earlier,
this should be fixed now
2014-07-09 17:26:22 -05:00
0c4e53ce5a
fix up specs
...
a whole bunch of spec changes needed for
these changes.
alos the axis2 spec was actually testing the winrm
class due to copypasta error.
2014-07-09 16:32:59 -05:00
c7b37743ef
working realm coercion
...
LoginScanners will now figure out
the right thing to do about Realms
based on attributes of the Scanner itself
2014-07-09 15:56:39 -05:00
24fced822e
coerce realm_key when it exists
...
if the cred has a realm and the loginscanner
has a realm_key, make the credential use the
scanner's realm key
2014-07-09 14:58:20 -05:00
766b50b5e0
REALM_KEY not _TYPE
...
arg typos
2014-07-09 14:01:41 -05:00
7d9c0da691
Record correct creds with non-success status
2014-07-09 13:26:49 -05:00
afe36ab6ad
Merge branch 'staging/electro-release' into feature/MSP-9707/smb-bruteforce-refactor
...
Conflicts:
lib/metasploit/framework/login_scanner/smb.rb
2014-07-09 12:50:24 -05:00
5b66f07f59
migration changes on schema.rb
2014-07-09 12:22:09 -05:00
59c90bba22
version lock rspec
...
rspec 3 will cause problems for us right now
2014-07-09 12:21:41 -05:00
7325cfec64
add default realm values
...
for the scanners that take a realm
we know what the default realm to try is
so the Scanner should hold that info
2014-07-09 11:19:25 -05:00
David Maloney
James Lee
Samuel Huckins
Trevor Rosen
jvennix-r7