adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
55,054 Commits 27 Branches 1,043 Tags
94de45d856b7d4ea32456bbdc7531af67bfbcaa1
Commit Graph

1363 Commits

Author SHA1 Message Date
David Maloney 846679bef9 change Result status 
result bojects now use Login::status constants
for their status
 2014-07-15 11:39:38 -05:00
dmaloney-r7 f3ec386240 Merge pull request #106 from rapid7/feature/MSP-10686/stop-after-user-success 
Feature/msp 10686/stop after user success
 2014-07-14 14:56:23 -05:00
dmaloney-r7 7184d2ed5e Merge pull request #107 from rapid7/feature/MSP-9704/pop3-module-refactor 
Refactor pop3_login
 2014-07-14 13:27:11 -05:00
James Lee e68dcdbb06 Refactor pop3_login 
Also adjusts timeout in the scanner class to account for Dovecot's
default "Authentication Penalty" delay.

See http://wiki2.dovecot.org/Authentication/Penalty
 2014-07-11 17:26:49 -05:00
Trevor Rosen cc93dbbe29 Merge pull request #102 from rapid7/feature/MSP-9707/smb-bruteforce-refactor 
Feature/msp 9707/smb bruteforce refactor

MSP-9707 #land
 2014-07-11 11:33:12 -05:00
James Lee 4b16985eb8 Stop trying more creds for a user after success 
This is more like the behavior of the old AuthBrute mixin, where a
scanner module was expected to return :next_user in the block given to
each_user_pass when it successfully authenticated.

The advantage is a reduced number of attempts that are very unlikely to
be successful since we already know the password. However, note that
since we don't compare realms, this will cause a false negative in the
rare case where the same username exists with different realms on the
same service.

MSP-10686
 2014-07-10 17:48:58 -05:00
James Lee 097d5d68ce Display 'realm\user' for AD instead of 'user@realm' 2014-07-10 14:31:42 -05:00
James Lee e4039c2382 Merge branch 'staging/electro-release' into feature/MSP-10679/refactor-invalidate-login 2014-07-10 14:00:28 -05:00
David Maloney 818bd1946d final tweak for the http case 
the only scenario in our final else that
would have a realm in the credential is the
http case in which case we want the realm to be there
still. otherwise the credential in this case has no
realm anyways so there is no need to strip one off
 2014-07-10 12:39:01 -05:00
David Maloney 7dc58d060e make only one each method 
made the one true enumerator of credentials
for the login_scanner.

also covered the wierd http case where it can have a realm key
but no default realm.
 2014-07-10 12:35:09 -05:00
David Maloney a319d5270e set default connection tiemouts 
loginscanners should have a default connection timeout
 2014-07-10 11:35:10 -05:00
David Maloney 1a0200f711 one more strip 2014-07-09 17:50:28 -05:00
David Maloney 25ee278097 strip vestigial realms 
in the cases where we don't want a realm we should be
stripping it from the credential so we can build accurate results
 2014-07-09 17:46:56 -05:00
James Lee bb3525419e Rescue the right thing 
MSP-9707
 2014-07-09 17:44:53 -05:00
David Maloney 0c4e53ce5a fix up specs 
a whole bunch of spec changes needed for
these changes.

alos the axis2 spec was actually testing the winrm
class due to copypasta error.
 2014-07-09 16:32:59 -05:00
David Maloney c7b37743ef working realm coercion 
LoginScanners will now figure out
the right thing to do about Realms
based on attributes of the Scanner itself
 2014-07-09 15:56:39 -05:00
David Maloney 24fced822e coerce realm_key when it exists 
if the cred has a realm and the loginscanner
has a realm_key, make the credential use the
scanner's realm key
 2014-07-09 14:58:20 -05:00
David Maloney 766b50b5e0 REALM_KEY not _TYPE 
arg typos
 2014-07-09 14:01:41 -05:00
James Lee afe36ab6ad Merge branch 'staging/electro-release' into feature/MSP-9707/smb-bruteforce-refactor 
Conflicts:
	lib/metasploit/framework/login_scanner/smb.rb
 2014-07-09 12:50:24 -05:00
David Maloney 7325cfec64 add default realm values 
for the scanners that take a realm
we know what the default realm to try is
so the Scanner should hold that info
 2014-07-09 11:19:25 -05:00
David Maloney bc18ca5762 add REALM_KEY to each LoginScanner 
each LoginScanner should now know
what kind of REALM it takes
 2014-07-09 10:53:37 -05:00
dmaloney-r7 b65989ff0c Merge pull request #100 from rapid7/bug/MSP-10661/glob-rb-files 
Use glob instead of entries
 2014-07-08 14:29:24 -05:00
James Lee 567435f508 Use glob instead of entries 
Fixes the case where a non-ruby file exists in the login_scanner/
directory
 2014-07-08 11:00:33 -05:00
David Maloney 38419dae83 fix to_credential on core 
the Metasploit::Credential::Core to_credential
method now seats private_type and realm_key correctly
 2014-07-07 18:05:04 -05:00
David Maloney 2c13ff4038 Merge branch 'staging/electro-release' into feature/MSP-10656/unify-ssh-scanners 2014-07-07 16:32:39 -05:00
dmaloney-r7 db8b0c907b Merge pull request #94 from rapid7/feature/MSP-10648/login-scanner-creation 
Feature/msp 10648/login scanner creation
 2014-07-07 16:04:09 -05:00
dmaloney-r7 c4c7ff519f Merge pull request #96 from rapid7/feature/MSP-10657/add-private-type 
Add private_type and realm_key accessors to Framework::Credential
 2014-07-07 15:43:18 -05:00
David Maloney b52c13228c make private_type validation conditional 
there are times when this won't be filled in
but the credential is still valid
 2014-07-07 15:40:52 -05:00
James Lee 2a9ac0a007 Axe SSHKey in favor of a unified SSH 2014-07-07 13:35:17 -05:00
James Lee 71cbbc5388 Merge branch 'feature/MSP-10648/login-scanner-creation' into feature/MSP-10656/unify-ssh-scanners 2014-07-07 13:19:34 -05:00
James Lee b7cfc927c4 Add private_type and realm_key accessors 2014-07-07 13:07:28 -05:00
James Lee 5c406a2aa5 Remove successes and failures 
No reason to store them and they could fill a ton of unnecessary memory.
 2014-07-07 12:33:15 -05:00
James Lee 7035064f3d Assignment alignment for Dave 2014-07-07 12:30:04 -05:00
James Lee 8df3ada087 Better docs 2014-07-07 10:18:42 -05:00
James Lee 325d2d25b9 Fix requires and derp typos 2014-07-07 10:09:45 -05:00
James Lee 311f43f1e4 Constpocalypse 2014-07-03 18:49:46 -05:00
James Lee b7a55d402d Add likely service ports and names for HTTP 2014-07-02 23:41:31 -05:00
James Lee 9dde47a0bc Add a simple classes_for_service method 2014-07-02 23:31:56 -05:00
Lance Sanchez b5351eec2b adding .to_credential 
Metasploit::Framework::Credential and Metasploit::Credential::Core
need to be consumable by the login scanners. the easiest way to do this
was to create a shared to_credential method on both that return Metasploit::Framework::Credential

MSP-9912
 2014-06-26 11:05:59 -05:00
James Lee f225ac92ab Refactor smb_login 
Maintains the new admin check functionality added in
rapid7/metasploit-framework#3330
 2014-06-25 04:13:37 -05:00
James Lee 35c0ef0c68 Merge branch 'feature/MSP-9716/mssql_crack' into staging/electro-release 2014-06-20 12:39:07 -05:00
David Maloney 3c85601426 not every version has dupe supression 2014-06-19 16:28:23 -05:00
David Maloney 4453dcdc8e some minor fixes 2014-06-19 15:45:24 -05:00
James Lee 9421beedb3 Refactor http_login 2014-06-19 14:12:21 -05:00
David Maloney 0ff8708e6d some minor fixes 2014-06-19 13:08:43 -05:00
James Lee b606448976 Merge branch 'feature/MSP-9689/jtr_cracker' into staging/electro-release 2014-06-19 10:14:57 -05:00
James Lee 2d9c6f832a Moar parens!!1!! 2014-06-19 10:07:21 -05:00
David Maloney fd0e24cdb2 moar docs! 2014-06-18 11:38:07 -05:00
David Maloney 4b4d9796c5 more minor cleanup 
cleanup from code review
 2014-06-18 11:24:55 -05:00
David Maloney 9f11170c3b some minor cleanup on jtr stuff 
minor cleanup to code nstyling stuff
 2014-06-18 10:57:41 -05:00