9421beedb3
Refactor http_login
2014-06-19 14:12:21 -05:00
0ff8708e6d
some minor fixes
2014-06-19 13:08:43 -05:00
b606448976
Merge branch 'feature/MSP-9689/jtr_cracker' into staging/electro-release
2014-06-19 10:14:57 -05:00
2d9c6f832a
Moar parens!!1!!
2014-06-19 10:07:21 -05:00
fd0e24cdb2
moar docs!
2014-06-18 11:38:07 -05:00
4b4d9796c5
more minor cleanup
...
cleanup from code review
2014-06-18 11:24:55 -05:00
9f11170c3b
some minor cleanup on jtr stuff
...
minor cleanup to code nstyling stuff
2014-06-18 10:57:41 -05:00
d473d86ef0
use tr instead of gsub for mutation
...
this should be another slight performance
increase as straight up string replacement
should require less overhead then multiple
runs of regex replacement.
2014-06-17 10:29:09 -05:00
6237d56398
Refactor ssh_login_pubkey
...
* Fix a bug in LoginScanner::SSHKey (which was copy-pasted from SSH)
where the ssh_socket accessor was not being set because of a
shadowing local var
* Fix a bug in the db command dispatcher where an extra column was
added to the table, causing an unhandled exception when running the
creds command
* Add a big, ugly, untested class for imitating
Metasploit::Framework::CredentialCollection for ssh keys. This class
continues the current behavoir of silently ignoring files that are a)
encrypted or b) not private keys.
* Remove unnecessary proof gathering in the module (it's already
handled by the LoginScanner class)
2014-06-16 18:38:20 -05:00
a81b0ed17b
rename method to_file
...
change method name from write to to_file
as it makes more sense for what it is is doing
and what it returns
2014-06-16 18:03:06 -05:00
95beaa4f7e
correct self-eating array nature
...
we never noticed we were modifying the array in place
because we were reculaculating. now with a memoized
version we would get decreasing results
2014-06-16 17:37:18 -05:00
a92a58417f
memoize the mutation keys
...
it was recalculating the mutation rules
everytime, and there is no reason to do this
2014-06-16 17:18:52 -05:00
f1a39ef973
enumerators all done with specs
...
the enumeration chains are now all complete with specs
so we can enumerate all the words generated by the given options.
2014-06-16 13:31:30 -05:00
9af811a2ed
we need to pass in a workspace
2014-06-15 15:52:57 -05:00
897b0b1ee5
wordlist enumerators with some specs
...
started the enumerators on the wordlist class
and began adding the specs for them
2014-06-15 13:37:50 -05:00
a00ff5aeef
yield custom_wordlist words
2014-06-15 12:16:21 -05:00
41d6b326f2
specs for wordlist validations
...
added specs to cover the validations on
the JtR wordlist class.
2014-06-15 11:14:11 -05:00
a5fb898904
actually set max run time
...
make maxrutnime affect the crack command
2014-06-14 20:03:56 -05:00
33519b1fcd
cracker validations and specs
...
more validations and specs for the cracker class
2014-06-14 19:59:59 -05:00
10f3531bbb
add exectuable validator
...
like the filepath validator but also checks
to see if the file is exectuable by the current
users.
2014-06-14 18:01:24 -05:00
21f29c4da9
more filepath validators
...
added filepath validations to cracker
also made them all conditional validations
2014-06-14 17:54:37 -05:00
1dd69a5228
wordlist validators
...
added custom fielpath vaidator and
added validations to the wordlist class
2014-06-14 17:49:47 -05:00
466576d03f
jtr wordlist validations started
...
start adding validations and exceptions for the
JtR Wordlist class.
2014-06-14 16:16:30 -05:00
19231b7c8f
starting skeleton on wordlist class
...
start framing out JtR wordlist class that
will generate Wordlists to be passed to our
JtR cracker.
2014-06-14 15:48:25 -05:00
41f7bc1372
add common root words wordlist
...
this adds a new wordlist to the data directory.
This wordlist is compiled from statistical analysis of
common Numeric passwords and Common rootwords across
6 years of colleted password breach dumps. Every word in
this list has been seen thousands of times in password
breaches
2014-06-14 14:13:59 -05:00
873d6e5b99
add all the specs
2014-06-14 12:28:17 -05:00
b784bea48e
slow roll of specs for jtr cracker
...
slowly adding spec coverage for the JtR cracker
2014-06-13 16:08:56 -05:00
7187138134
start injecting sanity
2014-06-13 14:53:56 -05:00
a9bcb8b3bd
add skeleton for JtR Cracker
...
starting work on creating the JtR Cracker class
2014-06-13 11:10:12 -05:00
f452652f54
Merge pull request #61 from rapid7/feature/MSP-9708/ssh-bruteforce
...
Functional steps updated and passing, along with specs. Proof being maintained seemed off, but it's not persisted, just used for setting platform.
MSP-9708 #land
2014-06-12 18:37:44 -05:00
d215b8e5b2
Merge pull request #47 from rapid7/feature/MSP-9712/winrm-bruteforce
...
45 merged, steps passing.
MSP-9712 #land
2014-06-12 16:04:17 -05:00
df705c2edc
Gotta keep 'em sepArated.
...
MSP-9712
2014-06-12 16:03:02 -05:00
5fd117a015
fix userpass file stack trace
...
if an improperly formated userpass file was
supplied it could cause a stack trace. add some guarding around it
2014-06-12 12:39:36 -05:00
c074ebda7b
refactor telnet_login
2014-06-11 17:46:42 -05:00
c8e1fab6ec
Merge branch 'staging/electro-release' into feature/MSP-9708/ssh-bruteforce
...
Conflicts:
lib/metasploit/framework/credential.rb
2014-06-11 16:28:01 -05:00
b756395eaa
Merge branch 'staging/electro-release' into feature/MSP-9712/winrm-bruteforce
...
Conflicts:
lib/metasploit/framework/credential_collection.rb
spec/lib/metasploit/framework/credential_collection_spec.rb
2014-06-11 16:21:59 -05:00
9affc753c0
Merge pull request #66 from rapid7/feature/cred-collection-prepend
...
Add ability to prepend creds to a collection
2014-06-11 14:34:54 -05:00
3a8f6236ad
Add ability to prepend creds to a collection
2014-06-11 14:30:45 -05:00
84aa0d42ed
Merge pull request #57 from rapid7/bug/MSP-10004/rubyzip
...
Trevor added a 0.4.1 tag right before this PR landed, making this unmergable. Pulled in staging/electro-release, specs passing.
2014-06-11 13:48:03 -05:00
fb8c1f4c4b
Refactor ssh_login to use LoginScanner stuffs
...
Also, Metasploit::Credential::Creation stuffs.
2014-06-10 17:30:06 -05:00
4d923a4809
Update to Rubyzip 1.X API
...
MSP-10004
`require 'zip'` instead of `'zip/zip'` and rename all classes to remove
redundant Zip prefix inside the Zip namespace.
2014-06-10 13:41:42 -05:00
e9d9806408
invalidate_login
...
added invalidate_login call
also made to_s on credential drop the @
if there is no realm present
2014-06-10 11:07:15 -05:00
552899ef13
Add a couple more specs for CredentialCollection
...
Also fixes some typos in docs
2014-06-06 12:12:32 -05:00
4d53c18ac4
fix version
2014-06-06 12:07:22 -05:00
ff8e6d2c50
Merge pull request #45 from rapid7/feature/MSP-9988/credential-collection
...
Add a CredCollection class and refactor WinRM bruteforce module
2014-06-06 11:53:28 -05:00
f2a56c041b
Merge branch 'staging/electro-release' into feature/MSP-9653/use-metasploit-concern-in-pro
...
MSP-9653
Conflicts:
Gemfile
Gemfile.lock
2014-06-05 16:22:02 -05:00
c61b47063d
vnc add missing exception catch
...
linux throws a different exception than osx
when the vnc client fails to connect
this caused issues with the specs running. this now
catches that additional exception
2014-06-05 15:32:08 -05:00
b1136752be
Add Credential#== to facilitate specs
2014-06-05 11:37:48 -05:00
8b6e188ba8
Add support for realm in CredentialCollection
...
MSP-9988
2014-06-04 17:03:52 -05:00
b1ff6b95b5
Better docs
2014-06-04 14:44:53 -05:00
James Lee