Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use the rubyntlm gem #7009

Merged
merged 6 commits into from Jun 28, 2016
Merged

Use the rubyntlm gem #7009

merged 6 commits into from Jun 28, 2016

Conversation

egypt
Copy link
Contributor

@egypt egypt commented Jun 22, 2016
edited by thelightcosine

This changeset replaces our old vendored and modified NTLM implementation with https://github.com/WinRb/rubyntlm

Verification

  • Start msfconsole
  • use auxiliary/scanner/smb/smb_login
    • Verify works with local accounts
    • Verify works with AD accounts
    • Verify works against a Domain Controller (important because of mandatory signing)
    • Verify bad creds don't give a false positive
  • use auxiliary/scanner/mssql/mssql_login
    • Check MSSQL authentication
      • Verify works with MSSQL accounts (e.g. sa)
    • Check Windows authentication
      • set DOMAIN to the hostname (not fqdn) of the target system. For some reason . and WORKSTATION both fail, but this is existing behavior before these changes.
      • Verify works with local Windows accounts
      • Verify works with AD accounts
      • Verify bad creds don't give a false positive
  • use auxiliary/scanner/mssql/mssql_hashdump (this is important because it's different code from the login scanner)
    • Check MSSQL authentication
      • Verify works with MSSQL accounts (e.g. sa)
    • Check Windows authentication
      • set DOMAIN to the hostname (not fqdn) of the target system. For some reason . and WORKSTATION both fail, but this is existing behavior before these changes.
      • Verify works with local Windows accounts
      • Verify works with AD accounts
      • Verify bad creds don't give a false positive
  • use auxiliary/scanner/http/http_login
    • NTLM and Negotiate are the same code, so either one will work

@thelightcosine thelightcosine self-assigned this Jun 24, 2016
thelightcosine pushed a commit to thelightcosine/metasploit-framework that referenced this pull request Jun 28, 2016
Land rapid7#7009, egypt's rubyntlm cleanup
d90f077 
Land egypt's PR to replace all of our NTLM code with
the rubyntlm gem
@thelightcosine thelightcosine merged commit 0126ec6 into rapid7:master Jun 28, 2016
egypt added a commit to egypt/metasploit-framework that referenced this pull request Jul 5, 2016
@egypt
Revert "Land rapid7#7009, egypt's rubyntlm cleanup"
1164c02 
This reverts commit d90f077, reversing
changes made to e3e360c.
@egypt egypt mentioned this pull request Jul 5, 2016
Merged
3 tasks
egypt added a commit to egypt/metasploit-framework that referenced this pull request Jul 5, 2016
@egypt
Revert "Revert "Land rapid7#7009, egypt's rubyntlm cleanup""
26ff829 
This reverts commit 1164c02.
@egypt egypt mentioned this pull request Jul 7, 2016
Closed
egypt added a commit to egypt/metasploit-framework that referenced this pull request Jul 7, 2016
@egypt
Revert "Revert "Land rapid7#7009, egypt's rubyntlm cleanup""
cfb5621 
This reverts commit 1164c02.
@egypt egypt mentioned this pull request Sep 6, 2016
Merged
8 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@thelightcosine thelightcosine

Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@egypt @thelightcosine @wchen-r7 @tdoan-r7