adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
41,886 Commits 27 Branches 1,043 Tags
f8a94de6710abe3042a26a9dca38dcccff2c93be
Commit Graph

782 Commits

Author SHA1 Message Date
James Lee 5c406a2aa5 Remove successes and failures 
No reason to store them and they could fill a ton of unnecessary memory.
 2014-07-07 12:33:15 -05:00
James Lee 7035064f3d Assignment alignment for Dave 2014-07-07 12:30:04 -05:00
James Lee 8df3ada087 Better docs 2014-07-07 10:18:42 -05:00
James Lee 325d2d25b9 Fix requires and derp typos 2014-07-07 10:09:45 -05:00
James Lee 311f43f1e4 Constpocalypse 2014-07-03 18:49:46 -05:00
James Lee b7a55d402d Add likely service ports and names for HTTP 2014-07-02 23:41:31 -05:00
James Lee 9dde47a0bc Add a simple classes_for_service method 2014-07-02 23:31:56 -05:00
Lance Sanchez b5351eec2b adding .to_credential 
Metasploit::Framework::Credential and Metasploit::Credential::Core
need to be consumable by the login scanners. the easiest way to do this
was to create a shared to_credential method on both that return Metasploit::Framework::Credential

MSP-9912
 2014-06-26 11:05:59 -05:00
James Lee f225ac92ab Refactor smb_login 
Maintains the new admin check functionality added in
rapid7/metasploit-framework#3330
 2014-06-25 04:13:37 -05:00
James Lee 35c0ef0c68 Merge branch 'feature/MSP-9716/mssql_crack' into staging/electro-release 2014-06-20 12:39:07 -05:00
David Maloney 3c85601426 not every version has dupe supression 2014-06-19 16:28:23 -05:00
David Maloney 4453dcdc8e some minor fixes 2014-06-19 15:45:24 -05:00
James Lee 9421beedb3 Refactor http_login 2014-06-19 14:12:21 -05:00
David Maloney 0ff8708e6d some minor fixes 2014-06-19 13:08:43 -05:00
James Lee b606448976 Merge branch 'feature/MSP-9689/jtr_cracker' into staging/electro-release 2014-06-19 10:14:57 -05:00
James Lee 2d9c6f832a Moar parens!!1!! 2014-06-19 10:07:21 -05:00
David Maloney fd0e24cdb2 moar docs! 2014-06-18 11:38:07 -05:00
David Maloney 4b4d9796c5 more minor cleanup 
cleanup from code review
 2014-06-18 11:24:55 -05:00
David Maloney 9f11170c3b some minor cleanup on jtr stuff 
minor cleanup to code nstyling stuff
 2014-06-18 10:57:41 -05:00
David Maloney d473d86ef0 use tr instead of gsub for mutation 
this should be another slight performance
increase as straight up string replacement
should require less overhead then multiple
runs of regex replacement.
 2014-06-17 10:29:09 -05:00
James Lee 6237d56398 Refactor ssh_login_pubkey 
* Fix a bug in LoginScanner::SSHKey (which was copy-pasted from SSH)
   where the ssh_socket accessor was not being set because of a
   shadowing local var
 * Fix a bug in the db command dispatcher where an extra column was
   added to the table, causing an unhandled exception when running the
   creds command
 * Add a big, ugly, untested class for imitating
   Metasploit::Framework::CredentialCollection for ssh keys. This class
   continues the current behavoir of silently ignoring files that are a)
   encrypted or b) not private keys.
 * Remove unnecessary proof gathering in the module (it's already
   handled by the LoginScanner class)
 2014-06-16 18:38:20 -05:00
David Maloney a81b0ed17b rename method to_file 
change method name from write to to_file
as it makes more sense for what it is is doing
and what it returns
 2014-06-16 18:03:06 -05:00
David Maloney 95beaa4f7e correct self-eating array nature 
we never noticed we were modifying the array in place
because we were reculaculating. now with a memoized
version we would get decreasing results
 2014-06-16 17:37:18 -05:00
David Maloney a92a58417f memoize the mutation keys 
it was recalculating the mutation rules
everytime, and there is no reason to do this
 2014-06-16 17:18:52 -05:00
David Maloney f1a39ef973 enumerators all done with specs 
the enumeration chains are now all complete with specs
so we can enumerate all the words generated by the given options.
 2014-06-16 13:31:30 -05:00
David Maloney 9af811a2ed we need to pass in a workspace 2014-06-15 15:52:57 -05:00
David Maloney 897b0b1ee5 wordlist enumerators with some specs 
started the enumerators on the wordlist class
and began adding the specs for them
 2014-06-15 13:37:50 -05:00
David Maloney a00ff5aeef yield custom_wordlist words 2014-06-15 12:16:21 -05:00
David Maloney 41d6b326f2 specs for wordlist validations 
added specs to cover the validations on
the JtR wordlist class.
 2014-06-15 11:14:11 -05:00
David Maloney a5fb898904 actually set max run time 
make maxrutnime affect the crack command
 2014-06-14 20:03:56 -05:00
David Maloney 33519b1fcd cracker validations and specs 
more validations and specs for the cracker class
 2014-06-14 19:59:59 -05:00
David Maloney 10f3531bbb add exectuable validator 
like the filepath validator but also checks
to see if the file is exectuable by the current
users.
 2014-06-14 18:01:24 -05:00
David Maloney 21f29c4da9 more filepath validators 
added filepath validations to cracker
also made them all conditional validations
 2014-06-14 17:54:37 -05:00
David Maloney 1dd69a5228 wordlist validators 
added custom fielpath vaidator and
added validations to the wordlist class
 2014-06-14 17:49:47 -05:00
David Maloney 466576d03f jtr wordlist validations started 
start adding validations and exceptions for the
JtR Wordlist class.
 2014-06-14 16:16:30 -05:00
David Maloney 19231b7c8f starting skeleton on wordlist class 
start framing out JtR wordlist class that
will generate Wordlists to be passed to our
JtR cracker.
 2014-06-14 15:48:25 -05:00
David Maloney 41f7bc1372 add common root words wordlist 
this adds a new wordlist to the data directory.
This wordlist is compiled from statistical analysis of
common Numeric passwords and Common rootwords across
6 years of colleted password breach dumps. Every word in
this list has been seen thousands of times in password
breaches
 2014-06-14 14:13:59 -05:00
David Maloney 873d6e5b99 add all the specs 2014-06-14 12:28:17 -05:00
David Maloney b784bea48e slow roll of specs for jtr cracker 
slowly adding spec coverage for the JtR cracker
 2014-06-13 16:08:56 -05:00
David Maloney 7187138134 start injecting sanity 2014-06-13 14:53:56 -05:00
David Maloney a9bcb8b3bd add skeleton for JtR Cracker 
starting work on creating the JtR Cracker class
 2014-06-13 11:10:12 -05:00
Samuel Huckins f452652f54 Merge pull request #61 from rapid7/feature/MSP-9708/ssh-bruteforce 
Functional steps updated and passing, along with specs. Proof being maintained seemed off, but it's not persisted, just used for setting platform.

MSP-9708 #land
 2014-06-12 18:37:44 -05:00
Samuel Huckins d215b8e5b2 Merge pull request #47 from rapid7/feature/MSP-9712/winrm-bruteforce 
45 merged, steps passing.

MSP-9712 #land
 2014-06-12 16:04:17 -05:00
Samuel Huckins df705c2edc Gotta keep 'em sepArated. 
MSP-9712
 2014-06-12 16:03:02 -05:00
David Maloney 5fd117a015 fix userpass file stack trace 
if an improperly formated userpass file was
supplied it could cause a stack trace. add some guarding around it
 2014-06-12 12:39:36 -05:00
David Maloney c074ebda7b refactor telnet_login 2014-06-11 17:46:42 -05:00
James Lee c8e1fab6ec Merge branch 'staging/electro-release' into feature/MSP-9708/ssh-bruteforce 
Conflicts:
	lib/metasploit/framework/credential.rb
 2014-06-11 16:28:01 -05:00
James Lee b756395eaa Merge branch 'staging/electro-release' into feature/MSP-9712/winrm-bruteforce 
Conflicts:
	lib/metasploit/framework/credential_collection.rb
	spec/lib/metasploit/framework/credential_collection_spec.rb
 2014-06-11 16:21:59 -05:00
dmaloney-r7 9affc753c0 Merge pull request #66 from rapid7/feature/cred-collection-prepend 
Add ability to prepend creds to a collection
 2014-06-11 14:34:54 -05:00
James Lee 3a8f6236ad Add ability to prepend creds to a collection 2014-06-11 14:30:45 -05:00