adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
73,452 Commits 27 Branches 1,043 Tags
3da170a43c7f288fe9bc88fe325da488733acac3
Commit Graph

288 Commits

Author SHA1 Message Date
Matthew Kienow 6709780817 Add entry to autoload PayloadDataProxy 2019-03-25 13:43:16 -04:00
Matthew Kienow 98401072e5 Remove duplicate autoload for WebDataProxy 2019-03-25 13:38:32 -04:00
Brent Cook 656ef8f970 Land #11533, Fix credential reporting service lookups 2019-03-06 20:13:41 -06:00
Brent Cook 841c07a42c restore rescue for now 2019-03-06 19:35:12 -06:00
Brent Cook 4f08d1e864 Fix credential reporting service lookups. 
Noted by @actuated, auxiliary/scanner/ipmi/ipmi_dumphashes was displaying an error when run against an IPMI endpoint that had a common hash. This was due to the services lookup in the database not extracting the first element of the results array.

```
[-] Auxiliary failed: NoMethodError undefined method `id' for #<Array:0x000055615614b970>
[-] Call stack:
[-]   /home/bcook/projects/metasploit-framework/lib/metasploit/framework/data_service/proxy/credential_data_proxy.rb:27:in `block (2 levels) in create_cracked_credential'
[-]   /home/bcook/.rvm/gems/ruby-2.6.1@metasploit-framework/gems/activerecord-4.2.11/lib/active_record/relation/delegation.rb:46:in `each'
[-]   /home/bcook/.rvm/gems/ruby-2.6.1@metasploit-framework/gems/activerecord-4.2.11/lib/active_record/relation/delegation.rb:46:in `each'
[-]   /home/bcook/projects/metasploit-framework/lib/metasploit/framework/data_service/proxy/credential_data_proxy.rb:25:in `block in create_cracked_credential'
[-]   /home/bcook/projects/metasploit-framework/lib/metasploit/framework/data_service/proxy/core.rb:166:in `data_service_operation'
[-]   /home/bcook/projects/metasploit-framework/lib/metasploit/framework/data_service/proxy/credential_data_proxy.rb:15:in `create_cracked_credential'
[-]   /home/bcook/projects/metasploit-framework/lib/msf/core/auxiliary/report.rb:26:in `create_cracked_credential'
[-]   /home/bcook/projects/metasploit-framework/modules/auxiliary/scanner/ipmi/ipmi_dumphashes.rb:317:in `report_cracked_cred'
[-]   /home/bcook/projects/metasploit-framework/modules/auxiliary/scanner/ipmi/ipmi_dumphashes.rb:244:in `block (2 levels) in run_host'
[-]   /home/bcook/projects/metasploit-framework/modules/auxiliary/scanner/ipmi/ipmi_dumphashes.rb:237:in `each'
[-]   /home/bcook/projects/metasploit-framework/modules/auxiliary/scanner/ipmi/ipmi_dumphashes.rb:237:in `block in run_host'
[-]   /home/bcook/projects/metasploit-framework/modules/auxiliary/scanner/ipmi/ipmi_dumphashes.rb:100:in `each'
[-]   /home/bcook/projects/metasploit-framework/modules/auxiliary/scanner/ipmi/ipmi_dumphashes.rb:100:in `run_host'
[-]   /home/bcook/projects/metasploit-framework/lib/msf/core/auxiliary/scanner.rb:111:in `block (2 levels) in run'
[-]   /home/bcook/projects/metasploit-framework/lib/msf/core/thread_manager.rb:106:in `block in spawn'
[*] Auxiliary module execution completed
```
 2019-03-06 17:08:34 -06:00
Matthew Kienow 6bcdda4bd1 Add entry to autoload RemotePayloadDataService 2019-03-06 13:41:08 -05:00
Matthew Kienow 63c1903032 Remove empty file 2019-03-06 13:11:34 -05:00
Matthew Kienow b658cf5d76 Use data_service_operation block to perform work 2019-03-06 12:11:27 -05:00
Aaron Soto 822f5357a2 Land #10675, DB manager for payloads: Resolve conflicts, add 'create!' to trigger database write 2019-03-04 14:58:03 -06:00
James Barnett 9e3a39bcf9 Dont try to process empty loot 2019-01-25 12:34:52 -06:00
James Barnett 42c9553283 Dont do a separate lookup for loot.host, use the included JSON 
This is just a temporary change. Eventually we should be doing separate
lookups for associated objects as that is the RESTful way of doing it.
Implementing this now to prevent extra load on the server until we can
put a better system in place of doing multiple lookups with a single call.
 2019-01-15 12:47:37 -06:00
James Barnett e168458861 Make calls to get the associated host when getting loot 2019-01-14 15:51:51 -06:00
Brent Cook f125526e09 Land #11207, implement db_import for web service 2019-01-10 10:28:29 -06:00
James Barnett 4074913b60 Dont log every request when using HTTP data service 2019-01-10 00:30:54 -06:00
Matthew Kienow 8c29319b25 Add session_events method 2019-01-08 14:02:40 -05:00
Matthew Kienow fa783256eb Remove unnecessary argument default value 2019-01-08 14:02:39 -05:00
James Barnett 466b0004e1 Land #11163, add API endpoint for retrieving Mdm::Events 2019-01-08 09:26:53 -06:00
Erin Bleiweiss 6641c606b2 Add support for db import from remote data service 2019-01-07 14:32:27 -06:00
James Barnett 5f43ec0a79 Address code review comment 2019-01-04 15:10:20 -06:00
James Barnett 10cceb0e9b Fix a couple of bugs introduced by symbolizing to_ar 2019-01-04 15:10:20 -06:00
James Barnett bcfe434d1e Update to_ar to use symbolized keys 2019-01-04 15:10:19 -06:00
Matthew Kienow 7e10b38421 Add events method 2018-12-21 21:37:42 -05:00
Matthew Kienow eec7a3dafc Remove debug code 2018-12-14 13:33:16 -05:00
Matthew Kienow ad6b80bd08 Remove unused session_dto flag 2018-12-14 13:01:20 -05:00
Matthew Kienow b6cdf7aa9d Add update_session method 2018-12-14 12:04:55 -05:00
Matthew Kienow a8ed971f12 Move convert_msf_session_to_hash to data proxy 2018-12-14 11:46:12 -05:00
James Barnett 8799c550e1 Parse public and private as correct sub-type 2018-12-04 10:57:54 -06:00
Jeffrey Martin 1eb4a79410 adjust error message on impart 2018-11-21 14:42:48 -06:00
Matthew Kienow 2571c8cd86 Use data_service_operation block to perform work 2018-11-12 23:45:29 -05:00
Matthew Kienow eb9dd311ce Add check that data service is active 2018-10-25 23:07:31 -04:00
Matthew Kienow 2f8aacbf8d Remove debug output 2018-10-25 14:44:11 -04:00
Matthew Kienow 64f8852797 Use data_service_operation block to perform work 
This fixes the session report issue when the database is disabled,
because no exceptions are thrown from the DataProxy under these
conditions.
 2018-10-25 14:38:13 -04:00
Matthew Kienow 7f8aeeb498 Raise RuntimeError rather than Exception 2018-10-25 14:29:24 -04:00
Matthew Kienow 8e2d6a62b1 Add block process data service operation method 2018-10-25 14:24:47 -04:00
Green-m 3c5aa93a0d Fix for style consistency. 2018-10-24 15:17:37 +08:00
Green-m 129425ca94 Fix session report bug when database disabled. 2018-10-24 14:48:03 +08:00
Erin Bleiweiss 4c39ac8aa5 Update get_payload function name for naming consistency 2018-09-20 16:21:30 -05:00
Erin Bleiweiss 9b5326994f Add remote data endpoint support for searching payloads 2018-09-18 15:50:55 -05:00
Erin Bleiweiss c8f48d4272 Add stubs for remote data payload 2018-09-14 10:21:24 -05:00
Erin Bleiweiss 1ec1b3b493 Save payloads and urls in database when running a module 2018-09-07 17:02:54 -05:00
James Barnett 68aca395a4 Remove debug logging 2018-08-21 15:06:30 -05:00
James Barnett b6401dbe56 Add db_save command 2018-08-21 11:10:43 -05:00
James Barnett f05844d8f4 Refactor options handling and help printing 2018-08-15 11:48:03 -05:00
James Barnett 387d784ddc Implement db_disconnect for remote data service 
And a couple of fixes for db_connect for remote data services
 2018-08-07 14:03:38 -05:00
Erin Bleiweiss 3e8efea57a Merge branch 'conform_to_api_standards' into exploit-query 
Prepare for new JSON format.
 2018-07-31 14:48:37 -05:00
James Barnett eb240892fc Fix but with origin display in console 
Also prevent adding workspace to opts when id is present
 2018-07-31 14:03:53 -05:00
James Barnett 0843e6789d Fix private data not displaying for creds 
Also fix issue where delete and update cred were not using the data format
 2018-07-30 15:31:38 -05:00
James Barnett d1f09ca81c Add path selection for GET requests 
Also remove instances where workspace is passed for
single object lookups since it is no longer required
 2018-07-30 13:56:34 -05:00
James Barnett 9e08bf6ec2 Fix logic issue when processing HTTP requests 2018-07-28 15:23:56 -05:00
James Barnett 829b43f743 Address minor code review comments 2018-07-27 16:19:17 -05:00