064d624322
changing Credential == operator
...
it should no longer raise no method errors when comparing a credential to
an object that doesnt respond to public, private, or realm
2014-07-23 16:17:09 -05:00
baff003ecc
extracted check version to module
...
also added some wordpress specs and applied
rubocop
2014-07-22 17:02:35 +02:00
14fa49cdeb
Update spec to handle Mdm::Service#proto sequence
...
MSP-10029
Mdm::Service factories were changed in metasploit_data_models 0.19.0 to
use a sequence that cycles between 'tcp' and 'udp'. To make the spec
clearer, just hard-code the protos under test instead of relying on
default behavior.
2014-07-22 09:47:35 -05:00
ef12a632f6
Change filename
2014-07-22 08:20:32 -05:00
72c2c07495
Add the specs, really
2014-07-21 17:39:51 -05:00
ffafd4c01f
Add NTP fuzzer from @jhart-r7
...
Looks good to me!
2014-07-21 12:38:12 -05:00
474ee81807
Merge remote-tracking branch 'upstream/master' into pr2075
2014-07-20 21:01:54 +01:00
b28343842f
Address @jhart-r7's comments
2014-07-20 21:00:34 +01:00
8fe508207c
Merge Meatballs' gpp_again pull into new branch
2014-07-19 11:10:14 -05:00
25f74b79b8
Land #3484 , bad pack/unpack specifier fix
2014-07-16 14:52:23 -05:00
7583ed4950
Merge remote-tracking branch 'upstream/master' into pr2075
2014-07-16 20:34:34 +01:00
4fb58202fa
Land #3529 - Handle Rex::AddressInUse exception
2014-07-16 13:57:41 -05:00
52a29856b3
Merge branch 'master' into staging/electro-release
...
Conflicts:
Gemfile
Gemfile.lock
2014-07-16 09:38:44 -05:00
eff2defdde
Fix bug due to Metasploit::Model::Login::Status refactor
...
MSP-10718
2014-07-16 04:14:45 -05:00
939e585658
refactor all loginscanners
...
loginscanners now use LoginStatus constants
for the result statuses
2014-07-15 13:17:56 -05:00
4098979448
Add spec
2014-07-15 13:06:53 -05:00
846679bef9
change Result status
...
result bojects now use Login::status constants
for their status
2014-07-15 11:39:38 -05:00
4b16985eb8
Stop trying more creds for a user after success
...
This is more like the behavior of the old AuthBrute mixin, where a
scanner module was expected to return :next_user in the block given to
each_user_pass when it successfully authenticated.
The advantage is a reduced number of attempts that are very unlikely to
be successful since we already know the password. However, note that
since we don't compare realms, this will cause a false negative in the
rare case where the same username exists with different realms on the
same service.
MSP-10686
2014-07-10 17:48:58 -05:00
e4039c2382
Merge branch 'staging/electro-release' into feature/MSP-10679/refactor-invalidate-login
2014-07-10 14:00:28 -05:00
147c6d8160
Merge branch 'feature/MSP-10660/realm_adjustments' into staging/electro-release
2014-07-10 13:52:21 -05:00
8833429987
make shared example usage more readable
...
this seems less obtuse
2014-07-10 12:58:13 -05:00
7dc58d060e
make only one each method
...
made the one true enumerator of credentials
for the login_scanner.
also covered the wierd http case where it can have a realm key
but no default realm.
2014-07-10 12:35:09 -05:00
87e6ede123
Merge branch 'master' into staging/electro-release
2014-07-10 08:44:12 -05:00
0daa395007
Fix specs for LoginError cases
2014-07-09 18:11:20 -05:00
25ee278097
strip vestigial realms
...
in the cases where we don't want a realm we should be
stripping it from the credential so we can build accurate results
2014-07-09 17:46:56 -05:00
038d1e210a
Merge upstream/master to deconflict.
...
Conflicts:
Gemfile.lock
2014-07-09 17:43:42 -05:00
0c4e53ce5a
fix up specs
...
a whole bunch of spec changes needed for
these changes.
alos the axis2 spec was actually testing the winrm
class due to copypasta error.
2014-07-09 16:32:59 -05:00
c7b37743ef
working realm coercion
...
LoginScanners will now figure out
the right thing to do about Realms
based on attributes of the Scanner itself
2014-07-09 15:56:39 -05:00
24fced822e
coerce realm_key when it exists
...
if the cred has a realm and the loginscanner
has a realm_key, make the credential use the
scanner's realm key
2014-07-09 14:58:20 -05:00
766b50b5e0
REALM_KEY not _TYPE
...
arg typos
2014-07-09 14:01:41 -05:00
afe36ab6ad
Merge branch 'staging/electro-release' into feature/MSP-9707/smb-bruteforce-refactor
...
Conflicts:
lib/metasploit/framework/login_scanner/smb.rb
2014-07-09 12:50:24 -05:00
aeda74f394
Merge branch 'master' into staging/electro-release
...
Conflicts:
Gemfile
Gemfile.lock
2014-07-07 16:41:23 -05:00
2c13ff4038
Merge branch 'staging/electro-release' into feature/MSP-10656/unify-ssh-scanners
2014-07-07 16:32:39 -05:00
db8b0c907b
Merge pull request #94 from rapid7/feature/MSP-10648/login-scanner-creation
...
Feature/msp 10648/login scanner creation
2014-07-07 16:04:09 -05:00
c4c7ff519f
Merge pull request #96 from rapid7/feature/MSP-10657/add-private-type
...
Add private_type and realm_key accessors to Framework::Credential
2014-07-07 15:43:18 -05:00
4d4b8078f8
Unify SSH specs as well
2014-07-07 13:41:08 -05:00
71cbbc5388
Merge branch 'feature/MSP-10648/login-scanner-creation' into feature/MSP-10656/unify-ssh-scanners
2014-07-07 13:19:34 -05:00
b7cfc927c4
Add private_type and realm_key accessors
2014-07-07 13:07:28 -05:00
cff2e1a1c1
And remove specs referencing obsolete accessors
2014-07-07 12:37:14 -05:00
325d2d25b9
Fix requires and derp typos
2014-07-07 10:09:45 -05:00
14b1ed5290
Add spec for comma separated cookies
2014-07-06 16:23:43 -05:00
311f43f1e4
Constpocalypse
2014-07-03 18:49:46 -05:00
405de05e4b
Add specs for module_flavors
2014-07-03 10:31:39 -05:00
bc3ac1ee36
Correct private message format, update tests
2014-07-03 08:27:27 -07:00
b7a55d402d
Add likely service ports and names for HTTP
2014-07-02 23:41:31 -05:00
9dde47a0bc
Add a simple classes_for_service method
2014-07-02 23:31:56 -05:00
1830bdc7a5
Add rspec coverage for Rex::Proto::NTP
2014-07-01 12:29:47 -07:00
4ff211ec8d
Fix the spec to allow for 1 or more spaces between
2014-06-30 13:18:43 -05:00
8b63d3d467
Revert the revert of #3446
...
This reverts commit 9b35b0e13a
2014-06-29 17:22:21 -05:00
0a6a5a0a12
Merge pull request #92 from rapid7/feature/MSP-9912/metamodule-refactor-ssh-key
...
Feature/msp 9912/metamodule refactor ssh key
2014-06-27 11:48:57 -05:00
c1877cfba2
fixing the broken to_credential test
...
MSP-9912
2014-06-27 10:06:38 -05:00
1b4b4fd1c0
Update the cmdstager spec ArgumentError text
2014-06-27 08:34:57 -04:00
dcd0e77f9e
Change #compatible? method name because it's used by Module
2014-06-27 08:34:56 -04:00
af568c856a
Add CMStager specs
2014-06-27 08:34:56 -04:00
b5351eec2b
adding .to_credential
...
Metasploit::Framework::Credential and Metasploit::Credential::Core
need to be consumable by the login scanners. the easiest way to do this
was to create a shared to_credential method on both that return Metasploit::Framework::Credential
MSP-9912
2014-06-26 11:05:59 -05:00
9cec330f05
Merge branch 'master' into staging/electro-release
2014-06-26 10:22:30 -05:00
27ef12bafe
Land #3478 , disallow port 0 for portspec
...
[Closes #3478 ]
2014-06-25 15:46:30 -05:00
07d548caeb
dropping lib from shared examples
...
MSP-9912
2014-06-25 14:32:43 -05:00
42bfe8ba4f
make portspec specs not insane
...
the specs for the portspec_to_portlist method
need a lot of work. this gives us some btter minimum coverage
2014-06-25 14:10:06 -05:00
9b35b0e13a
Revert "Land #3446 -- Meterpreter bins gem switch" due to build failures
...
This reverts commit bba8bd3498002234993f
2014-06-25 13:24:07 -05:00
f225ac92ab
Refactor smb_login
...
Maintains the new admin check functionality added in
rapid7/metasploit-framework#3330
2014-06-25 04:13:37 -05:00
bba8bd3498
Land #3446 -- Meterpreter bins gem switch
2014-06-25 03:00:11 +10:00
85611702f9
Merge branch 'upstream-master' into feature/MSP-9707/smb-bruteforce-refactor
2014-06-23 23:58:47 -05:00
c71eb1aa4e
Add specs for changed object UI
2014-06-22 13:05:17 -05:00
53d0aba305
Add some specs for changed object Priv
2014-06-22 12:54:10 -05:00
05d4a1ab2c
Land #3342 , Support negation in portspec
2014-06-21 18:14:50 -04:00
f90e8f00e5
Add the first few specs
...
Coverage for meterpreter and client core, just the bits I'm changing. I
intend to make liberal use of doubles, since they're easier than mocks
and all I care about is the changed behavior. I refuse to fall into a
trap where I need to first spec out aaaaaalllll of Metepreter just to
make this one change.
2014-06-20 13:18:55 -05:00
99b1702559
Merge branch 'master' into staging/electro-release
...
Conflicts:
lib/msfenv.rb
2014-06-20 11:38:47 -05:00
4203e75777
Land #3408 , @m-1-k-3's exploit for D-Link hedwig.cgi OSVDB 95950
2014-06-20 10:27:32 -05:00
330caa8c13
Fix specs
2014-06-20 00:08:55 -05:00
ee62428248
Add specs
2014-06-19 18:13:14 -05:00
af99c0c01e
Remove `should_receive(:with_connection)` from specs
...
MSP-10127
Causes specs to randomly fail when with_connection calls from
before(:each) or after(:each) are intercepted by the should_receive
call.
2014-06-19 16:24:53 -05:00
d9b7a320ae
fix more broken specs
2014-06-19 14:07:39 -05:00
2ac2dc9d7a
2 minor spec fixes
2014-06-19 13:23:37 -05:00
b606448976
Merge branch 'feature/MSP-9689/jtr_cracker' into staging/electro-release
2014-06-19 10:14:57 -05:00
f1a39ef973
enumerators all done with specs
...
the enumeration chains are now all complete with specs
so we can enumerate all the words generated by the given options.
2014-06-16 13:31:30 -05:00
9af811a2ed
we need to pass in a workspace
2014-06-15 15:52:57 -05:00
897b0b1ee5
wordlist enumerators with some specs
...
started the enumerators on the wordlist class
and began adding the specs for them
2014-06-15 13:37:50 -05:00
a00ff5aeef
yield custom_wordlist words
2014-06-15 12:16:21 -05:00
8ada0804bd
add valid! spec
2014-06-15 11:22:43 -05:00
41d6b326f2
specs for wordlist validations
...
added specs to cover the validations on
the JtR wordlist class.
2014-06-15 11:14:11 -05:00
a5fb898904
actually set max run time
...
make maxrutnime affect the crack command
2014-06-14 20:03:56 -05:00
33519b1fcd
cracker validations and specs
...
more validations and specs for the cracker class
2014-06-14 19:59:59 -05:00
466576d03f
jtr wordlist validations started
...
start adding validations and exceptions for the
JtR Wordlist class.
2014-06-14 16:16:30 -05:00
873d6e5b99
add all the specs
2014-06-14 12:28:17 -05:00
300baa577c
moar specs!
2014-06-13 17:34:16 -05:00
b784bea48e
slow roll of specs for jtr cracker
...
slowly adding spec coverage for the JtR cracker
2014-06-13 16:08:56 -05:00
7187138134
start injecting sanity
2014-06-13 14:53:56 -05:00
a9bcb8b3bd
add skeleton for JtR Cracker
...
starting work on creating the JtR Cracker class
2014-06-13 11:10:12 -05:00
d215b8e5b2
Merge pull request #47 from rapid7/feature/MSP-9712/winrm-bruteforce
...
45 merged, steps passing.
MSP-9712 #land
2014-06-12 16:04:17 -05:00
ed84336149
Merge pull request #60 from rapid7/feature/MSP-9992/creds-command
...
Refactor the creds command
2014-06-12 12:24:09 -05:00
b756395eaa
Merge branch 'staging/electro-release' into feature/MSP-9712/winrm-bruteforce
...
Conflicts:
lib/metasploit/framework/credential_collection.rb
spec/lib/metasploit/framework/credential_collection_spec.rb
2014-06-11 16:21:59 -05:00
3a8f6236ad
Add ability to prepend creds to a collection
2014-06-11 14:30:45 -05:00
c0c1bd40a9
Fix help spec
2014-06-10 17:28:55 -05:00
552899ef13
Add a couple more specs for CredentialCollection
...
Also fixes some typos in docs
2014-06-06 12:12:32 -05:00
9b9de12a38
Merge branch 'master' into staging/electro-release
...
Conflicts:
lib/msf/core/framework.rb
2014-06-06 12:04:53 -05:00
ff8e6d2c50
Merge pull request #45 from rapid7/feature/MSP-9988/credential-collection
...
Add a CredCollection class and refactor WinRM bruteforce module
2014-06-06 11:53:28 -05:00
90b52814b1
fix some spec issues for recent changes
2014-06-06 11:52:49 -05:00
82464bd6aa
Update version spec
2014-06-06 10:16:44 -05:00
f2a56c041b
Merge branch 'staging/electro-release' into feature/MSP-9653/use-metasploit-concern-in-pro
...
MSP-9653
Conflicts:
Gemfile
Gemfile.lock
2014-06-05 16:22:02 -05:00
darkbushido
Christian Mehlmauer
Luke Imhoff
jvazquez-r7
Tod Beardsley
Meatballs
scriptjunkie
William Vu
sinn3r
David Maloney
Matt Buck
James Lee
Jon Hart
HD Moore
Lance Sanchez
Spencer McIntyre
Matt Buck
Chris Doughty
OJ
Samuel Huckins
Brandon Turner