Whitespace fixes, grammar fixes, and breaking up a multiline SOAP
request.
Squashed commit of the following:
commit 2dfd2472f7afc1a05d3647c7ace0d031797c03d9
Author: Tod Beardsley <todb@metasploit.com>
Date: Wed Feb 1 10:58:53 2012 -0600
Break up the multiline SOAP thing
commit 747e62c5be2e6ba99f70c03ecd436fc444fda99e
Author: Tod Beardsley <todb@metasploit.com>
Date: Wed Feb 1 10:48:16 2012 -0600
More whitespace and indent
commit 12c42aa1efdbf633773096418172e60277162e22
Author: Tod Beardsley <todb@metasploit.com>
Date: Wed Feb 1 10:39:36 2012 -0600
Whitespace fixes
commit 32d57444132fef3306ba2bc42743bfa063e498df
Author: Tod Beardsley <todb@metasploit.com>
Date: Wed Feb 1 10:35:37 2012 -0600
Grammar fixes for new modules.
-Sequence Filters (No More False Positives)
-Msf::Exploit::Capture (Use built-in MSF libs over manual threading)
-Immediate Feedback (Don't need to wait until complete to print results)
-Timeout (Includes user configurable timeout)
* Detect additional SOAP faults to reduce false positives
* More obviously support SSL
* Report http/https
* Make it obvious when a SOAP endpoint falls over mid-scan
* Add a few more nouns/verbs
* Add an optional SLEEP to play nice with old/slow SOAP endpoints
https://dev.metasploit.com/redmine/issues/6249
Apologies to the authors whose names I am now intentionally misspelling.
Maybe in another 10 years, we can guarantee that all terminals and
machine parsers are okay with unicode suddenly popping up in strings.
Also adds a check in msftidy for stray unicode.
'Enabled' in the data field was useless since the note existing
already tells you webdav is enabled.
The path that webdav was running on wasn't kept anywhere though.
Pubkeys are now stored as loot, and the Cred model has new and exciting
ways to discover which pubkeys match which privkeys.
Squashed commit of the following:
commit 036d2eb61500da7e161f50d348a44fbf615f6e17
Author: Tod Beardsley <todb@metasploit.com>
Date: Sun Jan 8 22:23:32 2012 -0600
Updates ssh credentials to easily find common keys
Instead of making the modules do all the work of cross-checking keys,
this introduces a few new methods to the Cred model to make this more
universal.
Also includes the long-overdue workspace() method for credentials.
So far, nothing actually implements it, but it's nice that it's there
now.
commit c28430a721fc6272e48329bed902dd5853b4a75a
Author: Tod Beardsley <todb@metasploit.com>
Date: Sun Jan 8 20:10:40 2012 -0600
Adding back cross-checking for privkeys.
Needs to test to see if anything depends on order, but should
be okay to mark up the privkey proof with this as well.
commit dd3563995d4d3c015173e730eebacf471c671b4f
Author: Tod Beardsley <todb@metasploit.com>
Date: Sun Jan 8 16:49:56 2012 -0600
Add SSHKey gem, convert PEM pubkeys to SSH pubkeys
commit 11fc363ebda7bda2c3ad6d940299bf4cbafac6fd
Author: Tod Beardsley <todb@metasploit.com>
Date: Sun Jan 8 13:51:55 2012 -0600
Store pubkeys as loot for reuse.
Yanked cross checking for now, will drop back in before pushing.
commit aad12b31a897db2952999f7be0161df1f59b6000
Author: Tod Beardsley <todb@metasploit.com>
Date: Sun Jan 8 02:10:12 2012 -0600
Fixes up a couple typos in ssh_identify_pubkeys
commit 48937728a92b9ae52d0b93cdcd20bb83f15f8803
Author: Tod Beardsley <todb@metasploit.com>
Date: Sat Jan 7 17:18:33 2012 -0600
Updates to ssh_identify_pubkeys and friends
Switches reporting to cred-based rather than note-based, accurately deal
with DSA keys, adds disable_agent option to other ssh modules, and
reports successful ssh_login attempts pubkey fingerprints as well.
This last thing Leads to some double accounting of creds, so I'm not
super-thrilled, but it sure makes searching for ssh_pubkey types a lot
easier.... maybe a better solution is to just have a special method for
the cred model, though.
Fixes the console to display loot not associated with a host, as when
the CorpWatch modules save loot. Also fixes a typo on
corpwatch_lookup_id.rb
Fixes#6177
- Use 'Actions' to configure which OWA version to try
- Fix a bug where the USER_AS_PASS option might overwrite PASSWORD (and not restoring it) even though a password is already set.
- Increase timeout to 25
- Update description
Can't actually require FILENAME or REMOTE_FILENAME because I don't know
if you're going to upload or download. However, there shouldn't be a
stacktrace when you just try to go with neither.
get() should get get_once() (intent is to get 4 bytes,
not timeout after 4 seconds), no need to escape equals
signs in regexes, no need to newline the unexpected
responses.
Also refers to port 264/TCP as the SecuRemote service instead of the
Topology service (I believe this is correct)
Reporting is initially conservative -- if we don't get something for
fw_hostname, then don't bother reporting at all; assume we're
mis-identifying the target.
See #5291. Adds an option to mess with the block size in case someone
wants to write a fuzzer or exploit that leverages that. Adds a cleanup
method to the module (pretty much required, it turns out). Looking
nearly final, just need to rename the module and I think we're good to
push to master.
Commenting the tricksy parts a little better for general usage.
Adding the ability to set FILEDATA instead of FILENAME, in case
only short bits of data are desired and the user doesn't want
to go to the trouble of creating a source file to upload.
Still need to deal with the use case of not passing a block; blocks
should not be required, it should be okay to invoke and just wait for
the complete attribute to be true. You'll miss out on error messages but
eh, maybe those should be return values.
Adds error checking and some helpful messaging in the event of an error.
In the event of a failed transfer the module exits immediately, but in
success, I'm still hanging around for several seconds after. Not a deal
breaker but can be annoying.
Also, need to implement a read as well as a write and store it as loot,
to be actually useful for most TFTP checking.
Fixes#3289.
This commit adds back the bit-struct library because in the end,
it is useful for some modules, especially pello's. It's small
and it has a nice license, so why not. After all, it /is/
useful for quicky application headers. Eventually, should
be replaced by StructFu, but that requires some doc work
on my part to get that transition in place.
This also adds pello's DNS fuzzer module which makes use of
BitStruct to create sometimes malformed-on-purpose DNS headers.
Tested against 3 different DNS servers, caused one to reboot,
so I'd say it works.