Commit Graph

115 Commits (967800eed09f82bca52bdae67098e5e7d9c0a4b9)

Author SHA1 Message Date
Samuel Huckins 0dfd8e25b8
Land #3846, Rex::ImageSource specs 2014-10-02 12:33:56 -05:00
sinn3r 9e5826c4eb
Land #3844 - Add the JSObfu mixin to Firefox exploits 2014-09-29 11:15:14 -05:00
jvazquez-r7 45011ae87f Add shared examples 2014-09-22 12:15:04 -05:00
Joe Vennix ec88957ff4
Whitespace tweaks. 2014-09-21 23:57:58 -05:00
Joe Vennix d9e6f2896f
Add the JSObfu mixin to a lot of places. 2014-09-21 23:45:59 -05:00
Luke Imhoff b863978028
Remove fastlib
MSP-11368
MSP-11143

Remove fastlib as it slows down the code loading process.  From the
previous commit, the mean loading for
`METASPLOIT_FRAMEWORK_PROFILE=true msfconsole -q -x exit` was
27.9530±0.3485 seconds (N=10).  The mean after removal of fastlib
was 17.9820±0.6497 seconds (N=10).  This means an average 35.67%
reduction in boot time.
2014-09-18 15:24:21 -05:00
jvazquez-r7 3f5fdaebb4 Add specs for Rex::Encoder::NDR 2014-09-15 13:49:18 -05:00
James Lee f68628c487 Add minimal specs for rex/proto/http/packet/header 2014-09-12 14:30:27 -05:00
jvazquez-r7 fdb66d978b Fix remainings be_truthy and be_falsey conditionals 2014-09-02 13:22:21 -05:00
jvazquez-r7 9cec62d52b
Merge branch 'specs_its' into fix_deprecation_warnings 2014-09-02 13:14:21 -05:00
jvazquez-r7 d7af3a628d Avoid its on Msf::ModuleManager::Cache shared examples specs 2014-09-02 12:02:26 -05:00
jvazquez-r7 b37e1a5421 Solve conflicts 2014-08-26 17:51:37 -05:00
Joshua Smith 1fa26e2afb cleans up a bunch of spec msftidy issues 2014-08-26 15:24:08 -05:00
jvazquez-r7 042b8a3672 Switch from pending to skip in specs 2014-08-26 15:17:00 -05:00
jvazquez-r7 41420a97d5 Solve conflicts 2014-08-26 09:04:05 -05:00
jvazquez-r7 60ecf4e8c4 Use be_truthy instead of be_true 2014-08-25 23:58:08 -05:00
jvazquez-r7 dd1c015e4e Use be_falsey 2014-08-25 17:34:55 -05:00
Brandon Turner 91bb0b6e10 Metasploit Framework 4.9.3-2014072301
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJT0CeVAAoJEJMMBVMNnmqO/7AP/0CBRHjtgiR9VnFKSQ+iWTQV
 iPNMBevn0mpSRq/gpoKCeFBZ6b+YQYrOLXDKVk62VV9LCslkr/P8LW8ul+m+JtB0
 mM6V5esUXM1XhgGEyTnTLRx6BR/WQU1RHlb56ae3nZjQlwCuH/5zEmcy5toZxpsY
 6HO46zE0GGBoLr/VgyYlfT08bfoQ+ICyJN0H5ixoovCc3iW0K1MNqLMfdani8zBJ
 gYJaMysV7XtepumWWQMSC+b/EuertdXXzWDy2bwe0Q3cQXNXzrkPAvtMqucWG+gy
 783OLKCPtVoEZiX87xAptkwmVCRdNGPclaWH7YRZDAh1tqBfRQUg72V/TIrOHCP1
 /lYO7yp5pBQg+1UNnpH+xI2YePFfYdHpYDNT5FSQGOnQjJg30ll4SqCm7cVmo2h5
 BRSYXkPCsQeXGaFarxGERNb8e+qN/WzSrHzY45tQw8mDuhg94tlf3VtDag3FXxhj
 zCxd6bu+tdboVm7FERS85T46kxzmeIycZ4p+Sf7d8gXitl2RKbBdKFNDi1gzeK1T
 yN7bDl4sL7qtDgZLXjFrnyC8vXyAqIrAgmFr2JywMBRm6TiCGQvgnrs+sScU3RFU
 W2tblGbKQq+CwDeC59uQPqxRkm72SMUrKX9448VEQ+9XbKE3TMQ5Q4qCxmnw31Op
 aJ0QgKJz8thZgafZc89I
 =e1z9
 -----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABCgAGBQJT4pb8AAoJEA+Ckxyj7hsHn+8P/3FlEYCmoqQ/JzsVtmP3Yi4Q
 gBRva+crY831mCCQXFrPJBvWfmy5HOzVh+Zh7zWF0GQ1WuuMppHfR5ARFVwmiDs3
 qwndhXwziDzBnznf0JKSgT5eJsH23s/ots1lyWymKJvPuT6hn6MRAHUawgnNmYR9
 ttnawmHvCM9Iha2oz3nmkLcNd+83bdBfEWi5l8AQ7jJxwMC2/8VPpMscVVwXqPzd
 CoQugAYZW5VeaEiGio5+19Ix9EPkIDvs6wnfGBtfPfeaOIDZV4XOFoIFUtEeZd5o
 olvEpYvdqscy4Qujzn4C++3wX3bUxkIbHTJHgrKmlD83dI7Cu1JH716G+yfLoJo0
 pQBWTGeWYKEh6leK/9J5Bo1/tOJ/ylbcbvH0Y0tmdu4icHar6uYe1QBrCB9xIdh1
 F+xo4guYnVo616DXJQSwjIye83b5dBxACrfA3bqCnFVFgTM5jXGV1cqiBgs9Dl++
 tIDPgUJkCe/bIdQ7PntlGRzxKihHahlxhCa++YaGKqSq7gXie8Rl4qgloIrbfNZ/
 z3XsoOLNdbMGO7ip88Zjwq4Khj5WZu7ijfCtXO7GU1UJZL1tJ2yK2ic7ZDLc251Y
 8EGMSTG53+6yvZYFtWMZeQzjwD2cpuF04dOmHOKi6KGJJ7KRPhn6gpsbc6U1mbH9
 AjGcfOzhhcsY+WAQ7OG+
 =Pjob
 -----END PGP SIGNATURE-----

Merge tag '2014072301' into staging/electro-release

Conflicts:
	Gemfile.lock
	modules/post/windows/gather/credentials/gpp.rb

This removes the active flag in the gpp.rb module.  According to Lance,
the active flag is no longer used.
2014-08-06 15:58:12 -05:00
darkbushido ad6eed01a2
.to_credential now assigns a parent
Metasploit::Credential::Core#to_credential will set the parent to the original core objext
Metasploit::Framework::Credential#to_credential also sets the parent to itself.
2014-07-31 14:52:27 -05:00
David Maloney 939e585658
refactor all loginscanners
loginscanners now use LoginStatus constants
for the result statuses
2014-07-15 13:17:56 -05:00
David Maloney 846679bef9
change Result status
result bojects now use Login::status constants
for their status
2014-07-15 11:39:38 -05:00
James Lee 4b16985eb8
Stop trying more creds for a user after success
This is more like the behavior of the old AuthBrute mixin, where a
scanner module was expected to return :next_user in the block given to
each_user_pass when it successfully authenticated.

The advantage is a reduced number of attempts that are very unlikely to
be successful since we already know the password. However, note that
since we don't compare realms, this will cause a false negative in the
rare case where the same username exists with different realms on the
same service.

MSP-10686
2014-07-10 17:48:58 -05:00
David Maloney 8833429987
make shared example usage more readable
this seems less obtuse
2014-07-10 12:58:13 -05:00
David Maloney 7dc58d060e
make only one each method
made the one true enumerator of credentials
for the login_scanner.

also covered the wierd http case where it can have a realm key
but no default realm.
2014-07-10 12:35:09 -05:00
David Maloney 25ee278097
strip vestigial realms
in the cases where we don't want a realm we should be
stripping it from the credential so we can build accurate results
2014-07-09 17:46:56 -05:00
David Maloney c7b37743ef
working realm coercion
LoginScanners will now figure out
the right thing to do about Realms
based on attributes of the Scanner itself
2014-07-09 15:56:39 -05:00
David Maloney 24fced822e
coerce realm_key when it exists
if the cred has a realm and the loginscanner
has a realm_key, make the credential use the
scanner's realm key
2014-07-09 14:58:20 -05:00
David Maloney 766b50b5e0
REALM_KEY not _TYPE
arg typos
2014-07-09 14:01:41 -05:00
James Lee cff2e1a1c1
And remove specs referencing obsolete accessors 2014-07-07 12:37:14 -05:00
HD Moore 4ff211ec8d Fix the spec to allow for 1 or more spaces between 2014-06-30 13:18:43 -05:00
Lance Sanchez c1877cfba2
fixing the broken to_credential test
MSP-9912
2014-06-27 10:06:38 -05:00
Lance Sanchez b5351eec2b
adding .to_credential
Metasploit::Framework::Credential and Metasploit::Credential::Core
need to be consumable by the login scanners. the easiest way to do this
was to create a shared to_credential method on both that return Metasploit::Framework::Credential

MSP-9912
2014-06-26 11:05:59 -05:00
Lance Sanchez 07d548caeb
dropping lib from shared examples
MSP-9912
2014-06-25 14:32:43 -05:00
Luke Imhoff af99c0c01e
Remove `should_receive(:with_connection)` from specs
MSP-10127

Causes specs to randomly fail when with_connection calls from
before(:each) or after(:each) are intercepted by the should_receive
call.
2014-06-19 16:24:53 -05:00
dmaloney-r7 ff8e6d2c50 Merge pull request #45 from rapid7/feature/MSP-9988/credential-collection
Add a CredCollection class and refactor WinRM bruteforce module
2014-06-06 11:53:28 -05:00
David Maloney 90b52814b1
fix some spec issues for recent changes 2014-06-06 11:52:49 -05:00
Luke Imhoff 5ae5448005
Join killed threads to ensure cleanup
MSP-9653
2014-06-05 12:40:24 -05:00
Luke Imhoff ca63d2201e
Update init_module_paths spec to match Rails::Engine behavior
MSP-9653
2014-06-02 14:26:35 -05:00
James Lee 5d1a0397ed
Add Tomcat login scanner 2014-05-21 14:28:54 -05:00
James Lee 9582d82fba Merge remote-tracking branch 'private/staging/electro-release' into feature/MSP-9687/winrm-loginscanner 2014-05-15 13:59:48 -05:00
James Lee 99f8fbbc9c
Add WinRM login scanner
* Genericizes HTTP a bit to make these kinds of HTTP-based scanners
  simpler and easier
* Adds support for default ports to HTTP. This should probably be
  rafactored up into Base
* Removes spec that complains about port being unset (which now fails
  because defaults ensure it's always set)
2014-05-14 14:35:49 -05:00
dmaloney-r7 acaf713229 Merge pull request #17 from rapid7/feature/MSP-9606/metasploit-credential
Run migrations from Metasploit::Credential and initialize its concerns which patch Mdm
2014-05-14 11:15:07 -05:00
James Lee 08a7acef3f
Make sure fail case is correct
`rand(1000)` would return 0 one in a thousand times, causing this test to
randomly fail at that interval
2014-05-14 10:22:47 -05:00
Luke Imhoff 3370465d84
Use railties to load Metasploit::Credential correctly
MSP-9606

In order to support Metasploit::Credential correctly,
metasploit-framework needs to support Metasploit::Concern, which does
all its magic using a Rails::Engine initializer, so the easiest path is
to make metasploit-framework be able to use Rails::Engines.  To make
Rails::Engine use Rails::Engine, make a dummy Rails::Application
subclass so that all the initializers will be run when anything requires
msfenv.
2014-05-12 15:03:51 -05:00
James Lee 3831042dca
Add specs, validations for LoginScanner::SMB 2014-05-09 18:58:49 -05:00
David Maloney acbff23c32
final wrap-up specs
successkid.jpg
2014-05-07 16:07:18 -05:00
David Maloney ec974535ac
create base object for mssql scanner
created skeleton for MSSQL Loginscanner
included concerns.

also added an NTLM concern and shared example group
2014-05-07 14:43:15 -05:00
David Maloney 507fe566a4
Merge branch 'master' into staging/electro_release 2014-05-06 11:36:19 -05:00
David Maloney 5e6f57f711
fix up some more specs
some spec cleanup and added basic specs
to the HTTP LoginScanner
2014-05-01 12:10:51 -05:00
David Maloney 0dd22395eb
use credential objects inside results
altered results to just hold a credential
object instead of duplicating attributes
2014-04-30 17:17:57 -05:00