Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use the rubyntlm gem #7009

Merged
merged 6 commits into from Jun 28, 2016
Merged

Use the rubyntlm gem #7009

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
c2a063c
Start using rubyntlm for ssp auth
egypt May 14, 2016
039e8f5
Use rubyntlm for HTTP Negotiate auth
egypt Jun 9, 2016
4b3f6c5
Use rubyntlm for mssql login scanner
egypt Jun 10, 2016
07f7e5e
Convert non-loginscanner MSSQL to rubyntlm
egypt Jun 10, 2016
b3f59eb
Whitespace
egypt Jun 10, 2016
0126ec6
Style
egypt Jun 10, 2016
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
1 change: 1 addition & 0 deletions Gemfile.lock
View file
Open in desktop
Expand Up @@ -30,6 +30,7 @@ PATH
redcarpet
robots
rubyzip
rubyntlm
sqlite3
tzinfo
tzinfo-data
Expand Down
283 changes: 126 additions & 157 deletions lib/metasploit/framework/mssql/client.rb
View file
Open in desktop

Large diffs are not rendered by default.

25 changes: 0 additions & 25 deletions lib/msf/core/exploit/http/client.rb
View file
Open in desktop
Expand Up @@ -2,10 +2,6 @@

require 'uri'
require 'digest'
require 'rex/proto/ntlm/crypt'
require 'rex/proto/ntlm/constants'
require 'rex/proto/ntlm/utils'
require 'rex/proto/ntlm/exceptions'
module Msf

###
Expand All @@ -16,15 +12,6 @@ module Msf
###
module Exploit::Remote::HttpClient
include Msf::Auxiliary::Report
include Exploit::Remote::NTLM::Client

#
# Constants
#
NTLM_CRYPT = Rex::Proto::NTLM::Crypt
NTLM_CONST = Rex::Proto::NTLM::Constants
NTLM_UTILS = Rex::Proto::NTLM::Utils
NTLM_XCEPT = Rex::Proto::NTLM::Exceptions

#
# Initializes an exploit module that exploits a vulnerability in an HTTP
Expand Down Expand Up @@ -193,12 +180,6 @@ def connect(opts={})
'uri_fake_end' => datastore['HTTP::uri_fake_end'],
'uri_fake_params_start' => datastore['HTTP::uri_fake_params_start'],
'header_folding' => datastore['HTTP::header_folding'],
'usentlm2_session' => datastore['NTLM::UseNTLM2_session'],
'use_ntlmv2' => datastore['NTLM::UseNTLMv2'],
'send_lm' => datastore['NTLM::SendLM'],
'send_ntlm' => datastore['NTLM::SendNTLM'],
'SendSPN' => datastore['NTLM::SendSPN'],
'UseLMKey' => datastore['NTLM::UseLMKey'],
'domain' => datastore['DOMAIN'],
'DigestAuthIIS' => datastore['DigestAuthIIS']
)
Expand Down Expand Up @@ -255,12 +236,6 @@ def configure_http_login_scanner(conf)
evade_uri_fake_end: datastore['HTTP::uri_fake_end'],
evade_uri_fake_params_start: datastore['HTTP::uri_fake_params_start'],
evade_header_folding: datastore['HTTP::header_folding'],
ntlm_use_ntlmv2_session: datastore['NTLM::UseNTLM2_session'],
ntlm_use_ntlmv2: datastore['NTLM::UseNTLMv2'],
ntlm_send_lm: datastore['NTLM::SendLM'],
ntlm_send_ntlm: datastore['NTLM::SendNTLM'],
ntlm_send_spn: datastore['NTLM::SendSPN'],
ntlm_use_lm_key: datastore['NTLM::UseLMKey'],
ntlm_domain: datastore['DOMAIN'],
digest_auth_iis: datastore['DigestAuthIIS']
}.merge(conf)
Expand Down