adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
25,805 Commits 27 Branches 1,043 Tags
7d1cd22acab75faef3d9d7e6ae4e68839e2dcdfd
Commit Graph

8001 Commits

Author SHA1 Message Date
James Lee 7d1cd22aca Quick and dirty import of cred zip 2014-07-17 15:59:16 -05:00
dmaloney-r7 4d3bfcf9d0 Merge pull request #109 from rapid7/bug/MSP-10713/smb-error-code 
Move error_name to InvalidPacket and check for nil
 2014-07-15 15:10:37 -05:00
James Lee 51a9a763c0 Move error_name to InvalidPacket and check for nil 
MSP-10713
 2014-07-15 15:02:53 -05:00
Trevor Rosen 6a1149c1ed Add missing origin 
MSP-9948
 2014-07-15 13:27:08 -05:00
Trevor Rosen 0966949203 Merge branch 'staging/electro-release' into feature/MSP-9948/update-db-import 
Upstream merge

Conflicts:
	Gemfile
	Gemfile.lock
 2014-07-14 17:59:54 -05:00
Trevor Rosen aca627489e Pass workspace down in import of creds dump 
MSP-9948
 2014-07-14 16:40:41 -05:00
dmaloney-r7 f3ec386240 Merge pull request #106 from rapid7/feature/MSP-10686/stop-after-user-success 
Feature/msp 10686/stop after user success
 2014-07-14 14:56:23 -05:00
dmaloney-r7 7184d2ed5e Merge pull request #107 from rapid7/feature/MSP-9704/pop3-module-refactor 
Refactor pop3_login
 2014-07-14 13:27:11 -05:00
Trevor Rosen b05b2657bc Now importing creds dumps inside msf zips 
MSP-9948
 2014-07-13 11:07:01 -05:00
James Lee e68dcdbb06 Refactor pop3_login 
Also adjusts timeout in the scanner class to account for Dovecot's
default "Authentication Penalty" delay.

See http://wiki2.dovecot.org/Authentication/Penalty
 2014-07-11 17:26:49 -05:00
Trevor Rosen cc93dbbe29 Merge pull request #102 from rapid7/feature/MSP-9707/smb-bruteforce-refactor 
Feature/msp 9707/smb bruteforce refactor

MSP-9707 #land
 2014-07-11 11:33:12 -05:00
James Lee 4b16985eb8 Stop trying more creds for a user after success 
This is more like the behavior of the old AuthBrute mixin, where a
scanner module was expected to return :next_user in the block given to
each_user_pass when it successfully authenticated.

The advantage is a reduced number of attempts that are very unlikely to
be successful since we already know the password. However, note that
since we don't compare realms, this will cause a false negative in the
rare case where the same username exists with different realms on the
same service.

MSP-10686
 2014-07-10 17:48:58 -05:00
James Lee 097d5d68ce Display 'realm\user' for AD instead of 'user@realm' 2014-07-10 14:31:42 -05:00
James Lee e4039c2382 Merge branch 'staging/electro-release' into feature/MSP-10679/refactor-invalidate-login 2014-07-10 14:00:28 -05:00
James Lee 147c6d8160 Merge branch 'feature/MSP-10660/realm_adjustments' into staging/electro-release 2014-07-10 13:52:21 -05:00
David Maloney 818bd1946d final tweak for the http case 
the only scenario in our final else that
would have a realm in the credential is the
http case in which case we want the realm to be there
still. otherwise the credential in this case has no
realm anyways so there is no need to strip one off
 2014-07-10 12:39:01 -05:00
David Maloney 7dc58d060e make only one each method 
made the one true enumerator of credentials
for the login_scanner.

also covered the wierd http case where it can have a realm key
but no default realm.
 2014-07-10 12:35:09 -05:00
Samuel Huckins 5b1dc39caf Filler task dropped, login results in task assoc 
MSP-10683

* Task constraint now optional, so no need for filler
* Task ID now in service_data so it's passed to the core and the login
creation methods
 2014-07-10 12:32:40 -05:00
David Maloney a319d5270e set default connection tiemouts 
loginscanners should have a default connection timeout
 2014-07-10 11:35:10 -05:00
David Maloney 87e6ede123 Merge branch 'master' into staging/electro-release 2014-07-10 08:44:12 -05:00
David Maloney 1a0200f711 one more strip 2014-07-09 17:50:28 -05:00
David Maloney 25ee278097 strip vestigial realms 
in the cases where we don't want a realm we should be
stripping it from the credential so we can build accurate results
 2014-07-09 17:46:56 -05:00
James Lee bb3525419e Rescue the right thing 
MSP-9707
 2014-07-09 17:44:53 -05:00
David Maloney 0c4e53ce5a fix up specs 
a whole bunch of spec changes needed for
these changes.

alos the axis2 spec was actually testing the winrm
class due to copypasta error.
 2014-07-09 16:32:59 -05:00
David Maloney c7b37743ef working realm coercion 
LoginScanners will now figure out
the right thing to do about Realms
based on attributes of the Scanner itself
 2014-07-09 15:56:39 -05:00
David Maloney 24fced822e coerce realm_key when it exists 
if the cred has a realm and the loginscanner
has a realm_key, make the credential use the
scanner's realm key
 2014-07-09 14:58:20 -05:00
David Maloney 766b50b5e0 REALM_KEY not _TYPE 
arg typos
 2014-07-09 14:01:41 -05:00
James Lee 7d9c0da691 Record correct creds with non-success status 2014-07-09 13:26:49 -05:00
James Lee afe36ab6ad Merge branch 'staging/electro-release' into feature/MSP-9707/smb-bruteforce-refactor 
Conflicts:
	lib/metasploit/framework/login_scanner/smb.rb
 2014-07-09 12:50:24 -05:00
David Maloney 7325cfec64 add default realm values 
for the scanners that take a realm
we know what the default realm to try is
so the Scanner should hold that info
 2014-07-09 11:19:25 -05:00
David Maloney bc18ca5762 add REALM_KEY to each LoginScanner 
each LoginScanner should now know
what kind of REALM it takes
 2014-07-09 10:53:37 -05:00
Trevor Rosen a27c1d7dcc Importing old export, making new models 
MSP-9948
 2014-07-08 19:14:26 -05:00
dmaloney-r7 b65989ff0c Merge pull request #100 from rapid7/bug/MSP-10661/glob-rb-files 
Use glob instead of entries
 2014-07-08 14:29:24 -05:00
Trevor Rosen 79054fae20 Remove credentials exportation from XML 
MSP-9948
 2014-07-08 12:03:32 -05:00
William Vu 4eeab66ebe Land #3497, comma-separated get_cookies 2014-07-08 11:00:40 -05:00
James Lee 567435f508 Use glob instead of entries 
Fixes the case where a non-ruby file exists in the login_scanner/
directory
 2014-07-08 11:00:33 -05:00
Trevor Rosen 8436adb5f8 Make XML export work with new backend 
MSP-9948

* XML data looks ok in spot check
 2014-07-08 09:40:15 -05:00
David Maloney 38419dae83 fix to_credential on core 
the Metasploit::Credential::Core to_credential
method now seats private_type and realm_key correctly
 2014-07-07 18:05:04 -05:00
David Maloney aeda74f394 Merge branch 'master' into staging/electro-release 
Conflicts:
	Gemfile
	Gemfile.lock
 2014-07-07 16:41:23 -05:00
David Maloney 2c13ff4038 Merge branch 'staging/electro-release' into feature/MSP-10656/unify-ssh-scanners 2014-07-07 16:32:39 -05:00
dmaloney-r7 db8b0c907b Merge pull request #94 from rapid7/feature/MSP-10648/login-scanner-creation 
Feature/msp 10648/login scanner creation
 2014-07-07 16:04:09 -05:00
Trevor Rosen 1d7de8fef9 Mid-work commit 
MSP-9848
 2014-07-07 15:44:29 -05:00
dmaloney-r7 c4c7ff519f Merge pull request #96 from rapid7/feature/MSP-10657/add-private-type 
Add private_type and realm_key accessors to Framework::Credential
 2014-07-07 15:43:18 -05:00
David Maloney b52c13228c make private_type validation conditional 
there are times when this won't be filled in
but the credential is still valid
 2014-07-07 15:40:52 -05:00
James Lee 2a9ac0a007 Axe SSHKey in favor of a unified SSH 2014-07-07 13:35:17 -05:00
James Lee 71cbbc5388 Merge branch 'feature/MSP-10648/login-scanner-creation' into feature/MSP-10656/unify-ssh-scanners 2014-07-07 13:19:34 -05:00
James Lee b7cfc927c4 Add private_type and realm_key accessors 2014-07-07 13:07:28 -05:00
James Lee 5c406a2aa5 Remove successes and failures 
No reason to store them and they could fill a ton of unnecessary memory.
 2014-07-07 12:33:15 -05:00
James Lee 7035064f3d Assignment alignment for Dave 2014-07-07 12:30:04 -05:00
OJ bdf27b1834 Fix up the TLVs that are now QWORD values in MSF 
Various values were adjusted to become QWORD values in MSF an windows
meterpreter, but the changes were not ported over to python, php and
java. This commit fixes this inconsistency.
 2014-07-07 10:42:58 -05:00