infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
25,992 Commits
7 Branches
556 Tags
421 MiB
Commit Graph

8032 Commits (e789d5350b31fd65267d7f740ba705053073c422)

Author SHA1 Message Date
Trevor Rosen e789d5350b
No idea why this didn't fail before 
MSP-10724
 2014-07-17 10:15:22 -05:00
cdoughty-r7 1ad04eb2d9 Merge pull request #111 from rapid7/bug/MSP-10714-gem-version 
Fix gem version to support rubygems < 2.1
 2014-07-16 13:23:33 -05:00
Brandon Turner e637237574
Use the Rubygems 2.2 version convention 
Substitute version dashes with ".pre.".

MSP-10714
 2014-07-16 11:13:14 -05:00
David Maloney 52a29856b3
Merge branch 'master' into staging/electro-release 
Conflicts:
	Gemfile
	Gemfile.lock
 2014-07-16 09:38:44 -05:00
Brandon Turner 044fdb8c55
Fix gem version to support rubygems < 2.1 
MSP-10714
 2014-07-15 19:02:39 -05:00
sinn3r f8e47a5c61
Land #3524 - WPTouch fileupload exploit 2014-07-15 16:29:59 -05:00
David Maloney ea57ad0126
fix connection error on base 
missed a reference to connection_error on the
loginscanner base. this would prevent us from
bailing out early if we have too many connection errors
 2014-07-15 16:21:13 -05:00
David Maloney 7ac6640cfd
Merge branch 'staging/electro-release' into feature/MSP-10711/login-status 
Conflicts:
	Gemfile
	Gemfile.lock
	modules/auxiliary/scanner/smb/smb_login.rb
 2014-07-15 15:12:33 -05:00
dmaloney-r7 4d3bfcf9d0 Merge pull request #109 from rapid7/bug/MSP-10713/smb-error-code 
Move error_name to InvalidPacket and check for nil
 2014-07-15 15:10:37 -05:00
James Lee 51a9a763c0
Move error_name to InvalidPacket and check for nil 
MSP-10713
 2014-07-15 15:02:53 -05:00
David Maloney 34635ab968
module login status cleanup 
cleanup several bruteforce module to
use the loginstatus constants for result status
 2014-07-15 14:55:41 -05:00
David Maloney 9857bac6b1
add NO_AUTH_REQUIRED 2014-07-15 14:38:41 -05:00
Trevor Rosen 6a1149c1ed
Add missing origin 
MSP-9948
 2014-07-15 13:27:08 -05:00
David Maloney 939e585658
refactor all loginscanners 
loginscanners now use LoginStatus constants
for the result statuses
 2014-07-15 13:17:56 -05:00
David Maloney 846679bef9
change Result status 
result bojects now use Login::status constants
for their status
 2014-07-15 11:39:38 -05:00
Christian Mehlmauer 29bb788d96
Better login detection for wordpress 2014-07-15 07:04:14 +02:00
Trevor Rosen 0966949203
Merge branch 'staging/electro-release' into feature/MSP-9948/update-db-import 
Upstream merge

Conflicts:
	Gemfile
	Gemfile.lock
 2014-07-14 17:59:54 -05:00
Trevor Rosen aca627489e
Pass workspace down in import of creds dump 
MSP-9948
 2014-07-14 16:40:41 -05:00
James Lee de22aeba41
Land #3481, meterpreter bins 2014-07-14 15:57:52 -05:00
dmaloney-r7 f3ec386240 Merge pull request #106 from rapid7/feature/MSP-10686/stop-after-user-success 
Feature/msp 10686/stop after user success
 2014-07-14 14:56:23 -05:00
Christian Mehlmauer 144c6aecba
Added WPTouch fileupload exploit 2014-07-14 21:35:18 +02:00
dmaloney-r7 7184d2ed5e Merge pull request #107 from rapid7/feature/MSP-9704/pop3-module-refactor 
Refactor pop3_login
 2014-07-14 13:27:11 -05:00
Tod Beardsley 96554a4967
Remove this errant test::unit test 2014-07-14 10:57:32 -05:00
Trevor Rosen b05b2657bc
Now importing creds dumps inside msf zips 
MSP-9948
 2014-07-13 11:07:01 -05:00
James Lee e68dcdbb06
Refactor pop3_login 
Also adjusts timeout in the scanner class to account for Dovecot's
default "Authentication Penalty" delay.

See http://wiki2.dovecot.org/Authentication/Penalty
 2014-07-11 17:26:49 -05:00
William Vu 79603c9a73
Land #3505, a bunch o' Linux post module fixes 2014-07-11 12:39:31 -05:00
Trevor Rosen cc93dbbe29 Merge pull request #102 from rapid7/feature/MSP-9707/smb-bruteforce-refactor 
Feature/msp 9707/smb bruteforce refactor

MSP-9707 #land
 2014-07-11 11:33:12 -05:00
James Lee 4b16985eb8
Stop trying more creds for a user after success 
This is more like the behavior of the old AuthBrute mixin, where a
scanner module was expected to return :next_user in the block given to
each_user_pass when it successfully authenticated.

The advantage is a reduced number of attempts that are very unlikely to
be successful since we already know the password. However, note that
since we don't compare realms, this will cause a false negative in the
rare case where the same username exists with different realms on the
same service.

MSP-10686
 2014-07-10 17:48:58 -05:00
Joshua Smith dbe9b47937
lands 3469, fixes handler deadlock in corner cases 
May affect the following RM issues which need to be retested:
  https://dev.metasploit.com/redmine/issues/8407
  https://dev.metasploit.com/redmine/issues/4314
  https://dev.metasploit.com/redmine/issues/6829
 2014-07-10 16:20:33 -05:00
James Lee 097d5d68ce
Display 'realm\user' for AD instead of 'user@realm' 2014-07-10 14:31:42 -05:00
James Lee e4039c2382
Merge branch 'staging/electro-release' into feature/MSP-10679/refactor-invalidate-login 2014-07-10 14:00:28 -05:00
Tod Beardsley 688c31cc44
Switch to a space. It gets eaten anyway. 2014-07-10 13:59:30 -05:00
James Lee 147c6d8160
Merge branch 'feature/MSP-10660/realm_adjustments' into staging/electro-release 2014-07-10 13:52:21 -05:00
Tod Beardsley 5bb3c8a581
Make merged module descriptions more grammar. 2014-07-10 13:31:57 -05:00
David Maloney 818bd1946d
final tweak for the http case 
the only scenario in our final else that
would have a realm in the credential is the
http case in which case we want the realm to be there
still. otherwise the credential in this case has no
realm anyways so there is no need to strip one off
 2014-07-10 12:39:01 -05:00
David Maloney 7dc58d060e
make only one each method 
made the one true enumerator of credentials
for the login_scanner.

also covered the wierd http case where it can have a realm key
but no default realm.
 2014-07-10 12:35:09 -05:00
Samuel Huckins 5b1dc39caf
Filler task dropped, login results in task assoc 
MSP-10683

* Task constraint now optional, so no need for filler
* Task ID now in service_data so it's passed to the core and the login
creation methods
 2014-07-10 12:32:40 -05:00
David Maloney a319d5270e
set default connection tiemouts 
loginscanners should have a default connection timeout
 2014-07-10 11:35:10 -05:00
David Maloney 87e6ede123
Merge branch 'master' into staging/electro-release 2014-07-10 08:44:12 -05:00
David Maloney 1a0200f711
one more strip 2014-07-09 17:50:28 -05:00
David Maloney 25ee278097
strip vestigial realms 
in the cases where we don't want a realm we should be
stripping it from the credential so we can build accurate results
 2014-07-09 17:46:56 -05:00
James Lee bb3525419e
Rescue the right thing 
MSP-9707
 2014-07-09 17:44:53 -05:00
Tod Beardsley 038d1e210a
Merge upstream/master to deconflict. 
Conflicts:
	Gemfile.lock
 2014-07-09 17:43:42 -05:00
David Maloney 0c4e53ce5a
fix up specs 
a whole bunch of spec changes needed for
these changes.

alos the axis2 spec was actually testing the winrm
class due to copypasta error.
 2014-07-09 16:32:59 -05:00
David Maloney c7b37743ef
working realm coercion 
LoginScanners will now figure out
the right thing to do about Realms
based on attributes of the Scanner itself
 2014-07-09 15:56:39 -05:00
David Maloney 24fced822e
coerce realm_key when it exists 
if the cred has a realm and the loginscanner
has a realm_key, make the credential use the
scanner's realm key
 2014-07-09 14:58:20 -05:00
David Maloney 766b50b5e0
REALM_KEY not _TYPE 
arg typos
 2014-07-09 14:01:41 -05:00
James Lee 7d9c0da691
Record correct creds with non-success status 2014-07-09 13:26:49 -05:00
James Lee afe36ab6ad
Merge branch 'staging/electro-release' into feature/MSP-9707/smb-bruteforce-refactor 
Conflicts:
	lib/metasploit/framework/login_scanner/smb.rb
 2014-07-09 12:50:24 -05:00
David Maloney 7325cfec64
add default realm values 
for the scanners that take a realm
we know what the default realm to try is
so the Scanner should hold that info
 2014-07-09 11:19:25 -05:00