Commit Graph

2191 Commits (92e945ff4680c5fe78fdd7d2bd5668d7b7f83977)

Author SHA1 Message Date
christopher lee 94de5a4e42 Add skip message, add event test 2018-05-03 14:20:32 -05:00
christopher lee a7ec7b52b7 Fix error on data server due to unexpected report_exploit call 2018-05-02 14:59:02 -05:00
christopher lee 9c7db375bf Fix broken tests after latest merge with master 2018-04-26 16:39:56 -05:00
christopher lee 516b61ebaa Merged master 2018-04-26 16:02:56 -05:00
christopher lee e97693d056 Cleanup 2018-04-26 16:01:15 -05:00
christopher lee 195b405d69 First pass at all test working, added travis ci build 2018-04-26 15:12:53 -05:00
Jeffrey Martin 2487314821
Land #9869, Add support for shellcode encryption for msfvenom 2018-04-25 15:51:05 -05:00
christopher lee 071a191055 Merge master + workspace removal from http remote data service 2018-04-25 13:39:46 -05:00
James Barnett e141a99f08
Update workspace add test with new output 2018-04-20 13:19:28 -05:00
Wei Chen 4dd9d32d62 Fix rspec 2018-04-17 20:32:29 -05:00
Wei Chen ff9c55207e Move crypto methods to Rex::Crypto namespace 2018-04-17 20:12:26 -05:00
James Barnett 68ad91763a Merge branch 'rapid7/master' into MS-3062_workspaces 2018-04-16 15:33:59 -05:00
James Barnett 2ef451c349
Land #9873, add notes functionality to remote datastore
This PR enables create, update, and delete functionality for the notes
command and data model when using a remote data service.
2018-04-16 15:03:27 -05:00
Matthew Kienow 4e49b99783
Add cmd notes option to sort by column number 2018-04-12 15:56:42 -04:00
Wei Chen ee9f49fa39 Fix a typo 2018-04-12 14:45:54 -05:00
Matthew Kienow 5b2bbe7432
Update test for removed make_sortable method 2018-04-12 15:23:35 -04:00
Wei Chen 4e55724f3f Fix a typo and rspec for payload generator 2018-04-12 14:10:26 -05:00
Matthew Kienow 518d672ad5
Update cmd_notes help message test 2018-04-11 18:09:48 -04:00
Adam Cammack f1d426d257
Land #9833, Remove broken feature detection 2018-04-11 15:02:53 -05:00
James Barnett cd48b47760 Fix failing tests.
-Was accidentally deleting opts[:workspace] instead of processing
-Update notes help text expectations
2018-04-10 17:10:32 -05:00
James Barnett e51f41fa34
Merge remote-tracking branch 'msf_jbarnett/fix_services_bugs' into MS-3062_workspaces 2018-04-10 13:35:33 -05:00
James Barnett f8cbb9d7c0
Update test 2018-04-10 13:14:16 -05:00
James Barnett 90542779ff
Audit models to ensure :workspace is passed only when needed 2018-04-09 14:50:37 -05:00
Brent Cook df6de5b1c3 remove self-evident rspec 2018-04-07 13:00:19 -05:00
James Barnett fe224f628b
Remove update_host_via_sysinfo since it is unused 2018-04-05 14:20:25 -05:00
Brent Cook 226ef160ff
Land #9748, Convert the smbloris DoS into an external module
Help reliability and performance. This some Ruby-specific external module
tooling as a result as well.
2018-04-02 23:25:10 -05:00
christopher lee 3aed6d6666 Initial 2018-04-02 08:08:23 -05:00
James Barnett 7d58b0a5f4 Merge branch 'goliath' into MS-3062_workspaces 2018-03-30 16:35:26 -05:00
Brent Cook b134a33877 Merge branch 'master' into land-9740 2018-03-27 11:59:55 -05:00
christopher lee abf16a4469 fix workspace tests 2018-03-27 10:41:08 -05:00
Adam Cammack c28fe65d98
Exclude Ruby external modules from rspec
The sum of the testing code and loading code assumptions was that all
files with the same extension in the same folder were all loadable with
the same loader. This is no longer the case, and until we are ready to
test the load-ability of external modules we can safely ignore them.
2018-03-23 16:44:58 -05:00
James Barnett 6b3a4a56dc Merge branch 'rapid7/master' into goliath 2018-03-23 11:26:31 -05:00
Christian Mehlmauer 7d873ea7ab
replace factory_girls with factory_bot fixes #9736 2018-03-21 23:21:37 +01:00
Matthew Kienow 553789557b
Merge branch 'goliath' into MS-2910-remote-vuln-read-update-delete 2018-03-21 01:45:58 -04:00
Matthew Kienow ced6707ba6
Fix cmd vulns and DBManager Session spec 2018-03-20 15:25:09 -04:00
Jeffrey Martin 4801021aba
Land #9613, add bind_named_pipe x86 2018-03-17 15:53:06 -05:00
James Barnett 45a6b244a7
Fix services spec 2018-03-16 17:10:02 -05:00
christopher lee 4d04319d2a Merged master 2018-03-15 11:31:44 -05:00
Brent Cook 3f9b124752 update spec 2018-03-12 15:46:03 -05:00
Jeffrey Martin eac7cc63fc
add missing payload tests 2018-03-04 17:54:52 -06:00
UserExistsError 35b66d0e60 added payload tests 2018-02-27 19:24:51 -07:00
James Barnett 3005a8b7ce
Merge branch 'rapid7/master' into goliath 2018-02-21 11:16:05 -06:00
Jeffrey Martin ea9b6d894d
add missing payload specs 2018-02-20 09:38:24 -06:00
Jeffrey Martin 0acc5fed20
add missing payload tests for bind_named_pipe 2018-02-16 18:05:45 -06:00
Brent Cook 2d3aef9031
Land #9533, Add output file support to the vulns command 2018-02-15 15:52:25 -06:00
Jeffrey Martin 3811665b69
Land #7699, Add UDP handlers and payloads (redux) 2018-02-13 14:50:09 -06:00
Jeffrey Martin b80445e448
add missing payload tests 2018-02-13 14:20:43 -06:00
Wei Chen 46a0ea6582 Fix db_spec 2018-02-09 20:06:43 -06:00
Spencer McIntyre c612dbfdbf Also fix GitHub related pull request links 2018-02-09 15:16:10 -05:00
Spencer McIntyre 7a18aaa74a Fix the normalizer_spec to expect the md syntax 2018-02-09 14:56:42 -05:00
Jeffrey Martin 159de817f7
add missing payload tests 2018-01-25 11:09:41 -06:00
Brent Cook 10fde42adc
Land #9431, Fix owa_login to handle inserting credentials for a hostname 2018-01-22 16:46:39 -06:00
Pearce Barry ba75d19d34
Fix failing spec. 2018-01-19 15:52:25 -06:00
christopher lee d5978803eb Fix all failing rspec for goliath 2018-01-19 15:16:19 -06:00
christopher lee 77125230c7 Merged master for module cache changes 2018-01-18 14:30:52 -06:00
Brent Cook 7fe237abe1
Land #9220, Module cache improvements 2018-01-17 22:34:51 -06:00
James Barnett 4aac8f5c39
Merge branch 'rapid7/master' into goliath 2018-01-02 17:34:40 -06:00
Brent Cook c2bb144d0f
Land #9302, Implement ARD auth and add remote CVE-2017-13872 (iamroot) module 2017-12-28 14:11:26 -06:00
Jon Hart 2e62d77e36
Add new method for fetching parsed cookies from an HTTP response
This fixed #9332.
2017-12-20 16:19:44 -08:00
jgor 09772cb08a Add negotiate_auth step to login_scanner test 2017-12-18 12:27:11 -06:00
Brent Cook 90b97d6581 Merge branch 'upstream-master' into land-9151- 2017-12-15 14:15:14 -06:00
jgor 563cb6f18f Update method name in test 2017-12-14 17:17:41 -06:00
Brent Cook 55f56a5350
Land #9110, added -C option to change default hosts columns 2017-11-29 17:48:44 -06:00
christopher lee e0d8f8e8e9 Force cache load before test run 2017-11-21 14:43:44 -06:00
christopher lee a16cd5aade Clean up metadata store logic 2017-11-17 12:42:19 -06:00
christopher lee fe1af35107 First pass at changes needed for module metadata caching 2017-11-15 16:38:01 -06:00
Brent Cook 7895cbc413
Land #9157, Add missing ppce500v2 tests 2017-11-01 12:33:02 -05:00
Jeffrey Martin 553452c19d
add missing ppc500v2 payload specs 2017-11-01 12:00:03 -05:00
Jeffrey Martin cd114c90e0
remove no longer available bundler hack
This address issue #9155 for bundler failures in TravisCI
2017-11-01 11:52:41 -05:00
Pearce Barry 48975a4327
Support multiple suffixes on meterpreter extensions. 2017-10-31 10:04:34 -05:00
Jeffrey Martin cd755b05d5
update powershell specs for rex-powershell 0.1.77 2017-10-26 15:03:10 -05:00
Jeffrey Martin a402686d7a
add missing spec for singles/python/shell_bind_tcp 2017-10-25 14:58:49 -05:00
Jeffrey Martin 386e14828a
Land #8728, Psexec via PSH related fixes 2017-10-24 15:55:18 -05:00
Dave Farrow ecada96585 #9108: fixed unit test 2017-10-20 21:20:36 -07:00
Jeffrey Martin b83787c24c
make powershell spec more specific in expectations 2017-10-09 20:02:32 -05:00
James Barnett 56e95f15c9
Land #9024, fix bug when manually adding loot
cmd_loot was throwing a stack trace when the host was not properly defined.
This fixes it to give a useful error message.
2017-10-06 16:02:12 -05:00
bigendiansmalls 9ae8bdda1c
Added Bind Shell JCL Payload for mainframe
The bind shell is the companion payload to the reverse_shell_jcl
payload for the mainframe platform.
2017-09-29 16:52:36 -05:00
William Vu 0723477b49 Fix nil bug in loot -a and nix hostless loot
Apparently you can't actually store hostless loot.
2017-09-29 16:16:16 -05:00
James Barnett f88840e5b7
Move normaliize_host to a library method
This method was in Msf::DbManager class but doesn't actually use the DB.
This required you to have a DB connection just to do the check.
Moved it out to a helper library so we have access to it without forcing
a DB connection.
2017-09-28 16:59:44 -05:00
Jeffrey Martin 2c040d932c
add some missing payload specs 2017-09-18 15:45:00 -05:00
Adam Cammack 195c1e041f Update payload specs and sizes
Adds the new Aarch64 and R payloads

fix merge
2017-08-31 18:48:56 +08:00
Brent Cook b42a0759ce add missing specs 2017-08-28 05:30:07 -05:00
Brent Cook 22e245ac99 call from_r before checking packet output 2017-08-21 03:44:13 -05:00
Brent Cook 2a1daa6ffc prefer create_request, use StringIO over custom slice operators 2017-08-21 03:23:06 -05:00
Brent Cook 2660a5b558 add missing osx specs 2017-08-20 19:25:22 -05:00
Brent Cook 5e8c2200ac Merge branch 'master' into land-8625-crypttlv2 2017-08-20 18:54:51 -05:00
Brent Cook 47dc3772a7 add OptFloat datastore option 2017-08-08 19:06:51 -05:00
OJ d7e8b32312
Merge branch 'upstream/master' into transport-agnostic-packet-encryption 2017-08-08 17:30:51 +10:00
Brent Cook 6300758c46 use https for metaploit.com links 2017-07-24 06:26:21 -07:00
OJ 4f054d25fc
Fix packet spec problems 2017-07-03 18:12:38 +10:00
Brent Cook 79657f5b5b remove silly spec 2017-06-24 16:00:46 -05:00
David Maloney 3a445655ae
Land #8511, console search options
lands sempervictus' console search command
enahncements and bug fixes
2017-06-22 12:07:10 -05:00
William Webb 47a659f554
Land #8185, Convert ntp modules to bindata 2017-06-22 09:37:58 -05:00
OJ a48f0fcec6
Remove references to Meterpreter CRYPTO TLVs
This feature wasn't supported, and so the TLVs are no longer needed.
2017-06-19 16:53:33 +10:00
RageLtMan 42d1fae2e6 Upstream console search additions and fixes
The -S flag for console commands, backed by search functionality
in Rex' tables, originally pushed upstream in #1604 (iirc), lacks
coverage for a number of commands which benefit a good deal from
inline filtering of the potentially large number of results.

Push more -S flags and surrounding table functionality upstream
to provide coverage for the console commands included in framework.

Include a fix for deleting hosts when DB references are a problem.

Include a fix for the upstream route command wherein scope must be
defined for the routing target by assuming a /32 without explicit
definition.

Note:
  With this in place, console behavior when filtering results is
roughly analagous to the R7 filtering in web UI, which should help
those of us trying to use both maintain corresponding workflows.

Testing:
  Used in-house for years, though changes to the diff from upstream
and our fork (expunging some internal code) are untested, so would
appreciate eyes and hands on.
2017-06-16 20:28:51 -04:00
Brent Cook 11b99d954d update specs 2017-05-27 00:34:12 -05:00
Jeffrey Martin 4a43e9bcb2
add spec for reverse_ncat_ssl 2017-05-22 18:34:18 -05:00
darkbushido 2f507cf52b removing some test code 2017-05-04 12:57:50 -05:00
darkbushido fbf1db590e Adding a tests
trying to find the first interface with a non local v4 ip address.
2017-05-04 12:57:50 -05:00
darkbushido a6afd0b9bf adding in a new option type
this will grab the first ipv4 address on a given iface
2017-05-04 12:55:46 -05:00
Brent Cook a191e12241 update specs 2017-04-26 17:06:35 -05:00
William Vu df306c1543 Fix spec (the irony!) 2017-04-26 03:56:10 -05:00
David Maloney aa9c037307
fix spec for reals this time 2017-04-18 14:30:29 -05:00
David Maloney db246e6076
update spec 2017-04-18 14:19:29 -05:00
Brent Cook 67047cf770 Revert "Fixes MS-1716, keep sessions in progress alive."
This reverts commit e5d0370a94.
2017-04-16 15:52:22 -05:00
Brent Cook 42122d2835
Land #8238, move SMB2 support back into smb_login, add simpler permissions checks 2017-04-14 14:06:46 -05:00
David Maloney 91fb3ce6b8
collapse SMB2 support into smb_login
converge the SMB and SMB loginscanners so that
there is only one SMB loginscanner that supports both

MS-2636
2017-04-13 15:22:03 -05:00
bigendiansmalls fa8011fd07 New mainframe privesc payload for z/OS
This module performs a privilege escaltion on mainframe systems
runing z/OS and using RACF for their security manager.  A user
with any non-privileged credentials and the ability to write to
an apf authorized library can use this payload to add "root level"
privileges (e.g. SPECIAL / BPX.SUPERUSER) to their profile.
2017-04-11 15:04:44 -05:00
Brent Cook 5f88971ca9 convert NTP modules to bindata 2017-04-04 02:57:38 -05:00
William Vu 7de2aa1a63 Update Nmap parser to handle masscan
masscan is missing <status>, meaning hosts aren't treated as alive.

Thanks to @jhart-r7 and @jlmurray for working on this previously.
2017-04-03 02:26:14 -05:00
Brent Cook 4c0539d129
Land #8178, Add support for non-Ruby modules 2017-04-02 21:02:37 -05:00
David Maloney 40ab82eea2
add specs for the smb2 login scanner
added some basic specs for the new smb loginscanner
class

MS-2557
2017-03-29 13:46:20 -05:00
Adam Cammack 71df231918
Add new loader for arbitrary executables
Still some kluges left in the shim and we have to hit the disk when
constructing the module path
2017-03-28 10:27:12 -05:00
dmohanty-r7 92c0748447
Land #8102, Add a plugin to notify new sessions via SMS 2017-03-24 11:17:59 -05:00
wchen-r7 bb4d6e17c8 Resolve #8026, Add a plugin to notify new sessions via SMS
This plugin will notify you of a new session via SMS.

It also changes the SMS text format to MIME.

Resolve #8026
2017-03-13 16:13:59 -05:00
wchen-r7 2a5815749c Update rspec 2017-03-08 13:39:24 -06:00
wchen-r7 702d1c2b7e Fix bug for subject 2017-03-08 11:43:36 -06:00
wchen-r7 ed22902fd4 Support the subject field 2017-03-08 11:40:08 -06:00
wchen-r7 a634fec8b3 Fix typo 2017-03-07 16:51:17 -06:00
wchen-r7 dc36bc4a0d Add rspec 2017-03-07 16:49:42 -06:00
wchen-r7 6ad8afb8b3 Add API to send a text message (SMS) to mobile devices 2017-03-02 16:47:55 -06:00
Pearce Barry e5d0370a94
Fixes MS-1716, keep sessions in progress alive. 2017-02-24 12:56:05 -06:00
Tim 7f759384ab fix missing payloads_spec 2017-02-07 15:02:29 +08:00
Brent Cook 64e475a4ee
Land #7892, Enhance the creds command to allow creating logins 2017-02-03 11:53:46 -06:00
Jeffrey Martin 1bb8c9bd93
missed userpass_file on CredentialCollection.empty? 2017-02-01 15:42:21 -06:00
Jeffrey Martin 0dcf0002ae
refactor empty test on CredentialCollection 2017-01-31 15:16:26 -06:00
darkbushido 1fcd20b7ef
adding a spec to show creating a core and login 2017-01-30 12:11:31 -06:00
darkbushido c20cdc2943 cleaning up some of the specs 2017-01-30 10:43:28 -06:00
Brent Cook 4480ea7877
Land #7827, Cisco Firepower Management Console LoginScanner 2017-01-27 16:26:40 -06:00
wchen-r7 781bc8420a Add Advantech WebAccess LoginScanner module 2017-01-26 13:54:50 -06:00
bwatters 253e39e18c
Land #7680, Fix #7679, LoginScanner should abort if there is no creds to try 2017-01-23 14:08:32 -06:00
wchen-r7 d9ead4484e Mock :password 2017-01-23 13:42:30 -06:00
Jeffrey Martin 7cf812ed99 add rspec test for inspect on all TLV_TYPE objects 2017-01-23 09:19:53 -06:00
Brent Cook ac2ceca5e3
Land #7804, Switch the creds command to use named options 2017-01-22 10:49:19 -06:00
Brent Cook 99047fa8a1 be stricter in what we accept for payload uri
datastore needs to contain something to produce a valid URI
2017-01-22 10:20:04 -06:00
Brent Cook 66e9f1d334 fix doc normalizer spec 2017-01-22 10:20:04 -06:00
Brent Cook f69b4a330e handle Ruby 2.4 Fixnum/Bignum -> Integer deprecations 2017-01-22 10:20:03 -06:00
wchen-r7 d7f43a2c66 Fix base_spec 2017-01-17 15:58:30 -06:00
wchen-r7 ecf246b380 Fix more prepended_creds issues 2017-01-17 15:41:24 -06:00
wchen-r7 9efa84298c Mock more methods for base_spec 2017-01-17 15:17:15 -06:00
wchen-r7 d79f4fbda2 Update cisco_firepower_spec 2017-01-17 13:33:56 -06:00
William Vu 77c78fa5f4 Move Rex::Text::Table workspace output to -v 2017-01-15 23:15:14 -06:00
William Vu 360ad26d9c Fix spec because I suck 2017-01-15 04:00:33 -06:00
wchen-r7 a687073416 Add Cisco Firepower Management Console LoginScanner 2017-01-13 16:59:20 -06:00
David Maloney 9b9d3127a8
cleanup leaked constants
use constant cleaner
7824
2017-01-12 15:49:24 -06:00
wchen-r7 08d529b818 Fix login_scanner_base rspec 2017-01-11 14:53:04 -06:00
wchen-r7 90c42b4740 Update rspec 2017-01-11 14:23:28 -06:00
wchen-r7 2377f17663 Fix typos 2017-01-11 14:05:22 -06:00
wchen-r7 9136e008bb Update rspec 2017-01-11 12:00:43 -06:00
wchen-r7 c97dba39f2 creds should mock these methods too 2017-01-11 11:48:52 -06:00