Joe Vennix
c6bbc5bccf
Merge branch 'landing-4055' into upstream-master
2014-10-28 11:18:20 -05:00
sinn3r
e31c9f579d
Land #3987 - Buffalo Linkstation NAS Login Scanner
2014-10-28 01:45:57 -05:00
Luke Imhoff
c84febea5f
tools/missing-payload-tests.rb
...
MSP-11145
**NOTE: Failing specs**
Add a tool for reading `log/untested-payload.log` and
`framework.payloads` to determine `context`s to add
`spec/modules/payloads_spec.rb` to test the untested payloads.
2014-10-27 13:03:31 -05:00
Jon Hart
b8c9ef96ca
Land #4003 , @nstarke's Login Scanner for WD MyBook Live NAS
2014-10-27 09:57:43 -07:00
Jon Hart
765b5e686c
Use configured method and URI rather than duplicated values
2014-10-27 09:56:39 -07:00
Luke Imhoff
605f48e58d
Detect leaked constants under Msf::Modules
...
MSP-11130
Detect constants leaked under Msf::Modules after the suite completes.
2014-10-27 11:13:43 -05:00
nstarke
44f7db4798
Refactoring Success Case
...
I have refactored the code so that it will work with
non-root accounts.
2014-10-25 13:31:36 +00:00
Luke Imhoff
48d6880f1d
Add docs for untested payload testing
...
MSP-11145
Add docs to rake task, shared examples, and share contexts for how to
use all 3 together.
2014-10-23 11:17:05 -05:00
Luke Imhoff
f827a1c761
Extract untested-payloads.log checker spec task action
...
MSP-11145
Extract the spec task action which errored out if
`log/untested-payloads.log` exists to
`Metasploit::Framework::Spec::UntestedPayloads.define_task`.
2014-10-23 10:24:33 -05:00
Jon Hart
83df08aaa7
Properly encode body and catch invalid configs
2014-10-22 22:43:06 -07:00
James Lee
a5a84886ee
Make sure vnc closes the socket
2014-10-22 15:53:05 -05:00
Jon Hart
ce8a9941ea
Cleanup. Sanity check in setup. vprint
2014-10-22 10:36:24 -07:00
James Lee
46acf08e2d
Merge remote-tracking branch 'upstream/master' into bug/msp-11497/loginscanner-tcp-evasions
2014-10-22 09:09:34 -05:00
nstarke
ee3dd3a2ac
More Fixes for WD MyBook Live Scanner
...
Fixes include removing deregistered options
from credentials collection object and adding proof
when there is no response
2014-10-22 03:06:21 +00:00
James Lee
e1a7e902d6
Re-enable tcp evasions for more LoginScanners
...
Untested since I don't have targets for these.
2014-10-21 18:58:28 -05:00
sinn3r
79d393c5aa
Resolve merge conflicts
...
Conflicts:
lib/msf/core/exploit/smb.rb
lib/msf/core/exploit/tcp.rb
modules/auxiliary/scanner/http/axis_login.rb
2014-10-21 13:06:35 -05:00
James Lee
83b1d270cd
Fix ftp and mssql
2014-10-21 11:09:39 -05:00
James Lee
8b2dcac730
Fix telnet
2014-10-21 11:08:41 -05:00
James Lee
2fcb1004fb
Move tcp options to Tcp::Client out of RexSocket
2014-10-21 09:59:26 -05:00
James Lee
e76ee294a1
Restore tcp evasions to telnet
2014-10-21 09:44:55 -05:00
James Lee
cb9a77c06b
Fix NoMethodError when unable to connect
...
Derp.
2014-10-21 08:58:45 -05:00
James Lee
6f3b26f5e9
Remove tcp evasions from Http
...
Can't use 'em anyway
2014-10-21 08:27:29 -05:00
nstarke
82b74d5f3c
Fixes to MyBook Live Module
...
This commit contains three fixes as requested on PR
#4003 . Those include:
+ Removing extraneous puts statement
+ Checking for valid response
+ SSL support.
2014-10-21 00:50:40 +00:00
nstarke
70b13819d9
Adding Login Scanner for MyBook Live
...
This is a LoginScanner auxiliary module for Western
Digital MyBook Live NAS devices as well as the spec
for testing.
2014-10-21 00:50:40 +00:00
James Lee
3051b6c5ba
Clean up exceptions
...
Of particular note is mysql, who was rescuing Rex::ConnectionTimeout
*after* Rex::ConnectionError, which never would have fired anyway.
2014-10-20 10:27:02 -05:00
James Lee
b7d69bec83
Restore proxies to ssh scanners
2014-10-20 10:19:06 -05:00
Tod Beardsley
a431bff13f
@wvu-r7 is a skilled negotiator. s/stdout/stderr/
2014-10-17 13:13:44 -05:00
Tod Beardsley
5978bd5e62
Control the startup msg with -q, too
2014-10-17 12:41:58 -05:00
Tod Beardsley
a45b21b6bf
-q will quiet the animation, too
2014-10-17 12:32:28 -05:00
James Lee
41a57b7ba5
Re-enable proxies for HTTP-based login scanners
2014-10-15 17:00:44 -05:00
Tod Beardsley
e010d70913
No need for that bool option
2014-10-14 14:59:57 -05:00
Tod Beardsley
bf0a5d038e
Add an animation to comfort the user
...
Sometimes msfconsole takes a little while to start.
This adds a fairly common ASCII spinner to the startup sequence.
I haven't spec'ed it, and the code organization isn't great, so consider
this PR more of a cry for help than something immediately landable.
That said, it works for me.
2014-10-14 14:54:45 -05:00
nstarke
f8d6af6d4e
Rescuing from JSON Parse
...
Previous code was not using any sort of exception handling
for parsing the response body. I have added a rescue block
for JSON errors to remedy this problem.
2014-10-10 12:41:11 +00:00
nstarke
472985a8a8
Adding Buffalo Linkstation NAS Login Scanner
...
I have added a login scanner for the Buffalo Linkstation
NAS. I have been testing against version 1.68 of the
firmware. Also included are some specs for this module.
2014-10-10 03:16:48 +00:00
nstarke
eed0958de5
Fixing Comment
...
Comment was incorrect and needed to be fixed.
2014-10-07 11:28:40 -05:00
nstarke
b8c2643d56
Converting Module to LoginScanner w/ Specs
...
The previous commits for this Jenkins CI module relied on an
obsolete pattern. Consequently, it was necessary to write
this module as a LoginScanner and incorporate the appropriate
specs so that the tests will run properly.
2014-10-06 21:14:10 -05:00
Matt Buck
0bb4eac259
Rename the method for optional requires
...
MSP-11412
2014-10-03 14:06:13 -05:00
Matt Buck
88cbf22ef0
Optionally require mdm, as well
...
MSP-11412
2014-10-03 13:49:39 -05:00
Matt Buck
dabec92e61
Ensure require of metasploit/credential/engine is optional
2014-10-02 14:46:56 -05:00
Matt Buck
7ed1977d0b
Specific require all metasploit gem dependencies' engines
...
MSP-11412
2014-10-02 14:20:10 -05:00
sinn3r
7163b8c55a
Fixes #3915 - NoMethodError private method `rhost'
...
There's no self.rhost, but rhost is defined
2014-09-30 11:34:16 -05:00
David Maloney
5ff4a55cd2
smb connection error not setting result properly
...
if the initial connection from the SMB LoginScanner fails
it wouldn't set the target information on the result. this could cause
smb_login to throw a stack trace when it calls invalidate_login
2014-09-16 15:24:14 -05:00
David Maloney
e5aa5c4014
missing postgres rescues
2014-09-16 15:04:07 -05:00
sinn3r
169d04020d
Land #3571 - Add Wordpress XML-RPC Login Scanner (with LoginScanner)
2014-09-16 14:51:24 -05:00
David Maloney
aeed66b694
missing mysql rescue
2014-09-16 13:41:03 -05:00
David Maloney
d708de07a3
return the lgoinscanner class name in an invalid exception
...
when a loginScanner throws an Invalid exception , the message
will now include the classname of the Scanner that threw it.
2014-09-16 13:24:08 -05:00
David Maloney
6decd3cbd2
fix exceptions thrown in telnet loginscanner too
2014-09-16 10:09:59 -05:00
David Maloney
bf8f7221c7
rescue exceptions in check_setup
2014-09-15 13:52:17 -05:00
jvazquez-r7
7d4c4c3658
Land #3699 , @dmaloney-r7's ipboard login refactor
2014-09-15 08:29:42 -05:00
jvazquez-r7
917a7ffa1e
Add specs for valid IPBoard application
2014-09-12 16:08:03 -05:00
Cucumber
b80519dc16
Lands #3779 , specs
...
MSP-11343
Merge specs that I missed during last merge.
2014-09-12 14:49:26 -05:00
jvazquez-r7
0d054d8354
Update with master changes
2014-09-12 09:52:32 -05:00
jvazquez-r7
b8d31891f8
Clean YARD documentation
2014-09-12 09:32:32 -05:00
Joe Vennix
55519d8867
Land #3781 , my addition of Metasploit::Concern to msf.
2014-09-11 16:57:24 -05:00
Luke Imhoff
706655f755
Land #3779 , Glassfish LoginScanner exception
...
MSP-11343
2014-09-11 15:57:47 -05:00
Joe Vennix
8654b63c58
Make sure Metasploit::Concern is accessible everywhere.
2014-09-11 14:46:35 -05:00
David Maloney
0663355237
catch connectionreset in ftp login scanner
...
add exception rescue for Errno::ECONNRESET
2014-09-11 14:39:36 -05:00
James Lee
a8e3ff0c0f
Add specs to verify server header matching
2014-09-11 11:42:38 -05:00
James Lee
9151c2c79d
Add docstrings and avoid multiple returns
2014-09-11 10:50:42 -05:00
James Lee
20e48a233a
Explicitly set @version to nil if we can't detect
2014-09-11 10:30:52 -05:00
Cenk Kalpakoğlu
11004ab7c6
typo fix
2014-09-11 16:27:35 +03:00
James Lee
8aa06b8605
Better api for check_setup
2014-09-10 23:43:54 -05:00
James Lee
c1658e5d51
Add a check_setup method
2014-09-10 20:09:46 -05:00
James Lee
84e4db9035
Don't raise in the middle
...
MSP-11343
This means we don't bomb out with an unhandled exception, instead
continuing attempting logins against the host even though it will never
succeed. Next up: verify state before running scan!()
2014-09-10 20:09:33 -05:00
David Maloney
2ac15f2088
some fixes based on Christruncer's feedback
...
fixed some stuff i borked, back to you chris
2014-09-08 15:27:01 -05:00
David Maloney
cd3cdc5384
Merge branch 'master' into feature/ipboard-login-refactor
2014-09-08 14:48:37 -05:00
David Maloney
b84142715f
rescue mysql host blocked
...
rbmysql can throw an exception if the
server blocked this host due to too many connection errors
2014-09-08 12:45:10 -05:00
jvazquez-r7
10bb77af9f
Land #3716 , @wchen-r7's Glassfish LoginScanner update
2014-09-07 21:54:34 -05:00
jvazquez-r7
768b50974f
Redo try_glassfish_3 specs
2014-09-07 21:04:43 -05:00
jvazquez-r7
07238ef7b3
Redo try_glassfish_2 specs
2014-09-07 20:47:54 -05:00
sinn3r
6df7658267
Very small change to the doc
2014-09-06 01:54:52 -05:00
jvazquez-r7
78cf75c4d5
Clean YARD documentation
2014-09-06 00:24:39 -05:00
sinn3r
0dcf481d76
This one is good to go
2014-09-04 14:13:33 -05:00
David Maloney
28427ccee3
add VHOST and useragent support to loginscanner
2014-09-04 10:59:07 -05:00
sinn3r
e1694ec3e5
LoginScanner update for hp_sys_mgmt_login
...
Work in progress
2014-09-03 16:23:57 -05:00
sinn3r
61e58dc6d3
Yard doc
2014-09-02 20:48:07 -05:00
sinn3r
954475c0bf
Add rspec and update about secure admin
2014-09-02 20:35:25 -05:00
David Maloney
928aeffcba
add wordpress_rpc loginscanner and specs
2014-08-29 13:06:12 -05:00
Samuel Huckins
fa77caa819
Merge branch 'bug/MSP-11153/database-config-overrides'
...
MSP-11153 #land
2014-08-28 17:12:37 -05:00
Luke Imhoff
20177c7c23
Restore backup database.yml when retesting after interrupt
...
MSP-11153
Restore the config/database.yml backed up to
config/database.yml.cucumber.bak in the db:config:restore task, which is
made a dependency of the environment rake task so that
config/database.yml is restored before Rails tries to use it in the
environment task. This specifically, allows for rake cucumber to be
interrupted when the config/database.yml has been moved to
config/database.yml.cucumber.bak and a subsequence rake cucumber to
succeed and restore config/database.yml, but any task that depends on
environment will restore the config/database.yml.
2014-08-28 15:20:53 -05:00
sinn3r
f097ef96e0
Use &&
2014-08-28 12:13:03 -05:00
sinn3r
d0d9949d91
Do SSL options correctly
2014-08-28 12:04:14 -05:00
Luke Imhoff
275fa5cb50
Remove unnecessary return
...
MSP-11153
Leftover from earlier design.
2014-08-27 16:58:45 -05:00
Luke Imhoff
83b6f268b4
Remove unnecessary realpath
...
MSP-11153
Causes errors on machines that don't have ~/.msf4 like travis-ci.
2014-08-27 16:58:05 -05:00
sinn3r
df215a380d
Do not send 2 content-length headers
2014-08-27 16:05:08 -05:00
sinn3r
a32ffc4c26
Add the final portion for Glassfish login module
2014-08-27 15:09:11 -05:00
Luke Imhoff
951ce15b44
Move database.yml selection to Metasploit::Framework::Database
...
MSP-11153
Test the following paths in order and only return them if the path
exists:
1. MSF_DATABASE_CONFIG environment variable
2. ~/.msf4/database.yml
3. <project>/config/database.yml
2014-08-27 12:01:43 -05:00
sinn3r
5d8cbe0544
Early version of Glassfish using LoginScanner
2014-08-27 01:23:02 -05:00
Tom Sellers
4a1b037af0
Remaining files..
2014-08-26 18:15:58 -05:00
David Maloney
c42517a14a
missing exception rescue
...
needed to also rescue Errno::ETIMEDOUT
2014-08-26 13:58:34 -05:00
David Maloney
32b1a5ea23
add ipboard loginscanner
...
add loginscanner class for IPBoard with specs
this should replicate the functionality originally written
by Chris Truncer, but move it into a testable, reusable class
2014-08-25 13:58:30 -05:00
Joe Vennix
95fbb8f1b7
Land PR #3672 , dmaloney-r7's login scanner credential rework.
2014-08-22 11:15:32 -05:00
Brandon Turner
05f0d09828
Merge branch staging/electro-release into master
...
On August 15, shuckins-r7 merged the Metasploit 4.10.0 branch
(staging/electro-release) into master. Rather than merging with
history, he squashed all history into two commits (see
149c3ecc63
and
82760bf5b3
).
We want to preserve history (for things like git blame, git log, etc.).
So on August 22, we reverted the commits above (see
19ba7772f3
).
This merge commit merges the staging/electro-release branch
(62b81d6814
) into master
(48f0743d1b
). It ensures that any changes
committed to master since the original squashed merge are retained.
As a side effect, you may see this merge commit in history/blame for the
time period between August 15 and August 22.
2014-08-22 10:50:38 -05:00
Brandon Turner
19ba7772f3
Revert "Various merge resolutions from master <- staging"
...
This reverts commit 149c3ecc63
.
Conflicts:
lib/metasploit/framework/command/base.rb
lib/metasploit/framework/common_engine.rb
lib/metasploit/framework/require.rb
lib/msf/core/modules/namespace.rb
modules/auxiliary/analyze/jtr_postgres_fast.rb
modules/auxiliary/scanner/smb/smb_login.rb
msfconsole
2014-08-22 10:17:44 -05:00
James Lee
c3e8bc8fa0
Fix a crash when we can't connect to PG, again
2014-08-20 11:02:46 -05:00
James Lee
fa27def41f
Revert "Fix a crash when we can't connect to PG"
...
This reverts commit b6deb6a342
.
2014-08-20 11:01:29 -05:00
James Lee
b6deb6a342
Fix a crash when we can't connect to PG
...
MSP-11061
No Postgres, no cry
2014-08-19 15:30:24 -05:00
David Maloney
473b92a060
Merge branch 'master' into feature/MSP-10992/scanner-dry
...
Conflicts:
Gemfile.lock
lib/metasploit/framework/command/console.rb
lib/metasploit/framework/common_engine.rb
lib/metasploit/framework/credential.rb
lib/metasploit/framework/credential_collection.rb
lib/metasploit/framework/login_scanner/afp.rb
lib/metasploit/framework/login_scanner/axis2.rb
lib/metasploit/framework/login_scanner/db2.rb
lib/metasploit/framework/login_scanner/ftp.rb
lib/metasploit/framework/login_scanner/http.rb
lib/metasploit/framework/login_scanner/mssql.rb
lib/metasploit/framework/login_scanner/mysql.rb
lib/metasploit/framework/login_scanner/pop3.rb
lib/metasploit/framework/login_scanner/postgres.rb
lib/metasploit/framework/login_scanner/result.rb
lib/metasploit/framework/login_scanner/smb.rb
lib/metasploit/framework/login_scanner/snmp.rb
lib/metasploit/framework/login_scanner/ssh.rb
lib/metasploit/framework/login_scanner/telnet.rb
lib/metasploit/framework/login_scanner/vnc.rb
lib/metasploit/framework/parsed_options/console.rb
lib/metasploit/framework/require.rb
lib/metasploit/framework/version.rb
lib/msf/core/modules/namespace.rb
modules/auxiliary/analyze/jtr_postgres_fast.rb
modules/auxiliary/scanner/afp/afp_login.rb
modules/auxiliary/scanner/db2/db2_auth.rb
modules/auxiliary/scanner/ftp/ftp_login.rb
modules/auxiliary/scanner/http/axis_login.rb
modules/auxiliary/scanner/http/http_login.rb
modules/auxiliary/scanner/http/tomcat_mgr_login.rb
modules/auxiliary/scanner/mssql/mssql_login.rb
modules/auxiliary/scanner/mysql/mysql_login.rb
modules/auxiliary/scanner/pop3/pop3_login.rb
modules/auxiliary/scanner/postgres/postgres_login.rb
modules/auxiliary/scanner/snmp/snmp_login.rb
modules/auxiliary/scanner/ssh/ssh_login.rb
modules/auxiliary/scanner/ssh/ssh_login_pubkey.rb
modules/auxiliary/scanner/telnet/telnet_login.rb
modules/auxiliary/scanner/vnc/vnc_login.rb
modules/auxiliary/scanner/winrm/winrm_login.rb
spec/lib/metasploit/framework/credential_spec.rb
spec/lib/msf/core/framework_spec.rb
2014-08-19 10:30:16 -05:00
James Lee
b9e449f5e2
Fix crash when database.yml doesn't exist
2014-08-18 12:40:57 -05:00
Samuel Huckins
82760bf5b3
Deprecation warnings hidden for non-listeners
2014-08-15 12:33:44 -05:00