Merge pull request rapid7#1 from jvazquez-r7/update_3305

Make Cisco SSL VPN Privilege Escalation landable

Author: Jonathan Claudius

.gitignore

@@ -1,20 +1,28 @@
 .bundle
+Gemfile.local
+Gemfile.local.lock
 # Rubymine project directory
 .idea
 # Sublime Text project directory (not created by ST by default)
 .sublime-project
 # RVM control file, keep this to avoid backdooring Metasploit
 .rvmrc
+# Allow for a local choice of (unsupported / semi-supported) ruby versions
+# See PR #4136 for usage, but example usage for rvm:
+#   rvm --create --versions-conf use 2.1.4@metasploit-framework
+# Because rbenv doesn't use .versions.conf, to achieve this same functionality, run:
+#   rbenv shell 2.1.4
+.versions.conf
 # YARD cache directory
 .yardoc
 # Mac OS X files
 .DS_Store
 # database config for testing
 config/database.yml
+# target config file for testing
+features/support/targets.yml
 # simplecov coverage data
 coverage
-data/meterpreter/ext_server_pivot.x86.dll
-data/meterpreter/ext_server_pivot.x64.dll
 doc/
 external/source/meterpreter/java/bin
 external/source/meterpreter/java/build
@@ -48,6 +56,30 @@ tags
 *.opensdf
 *.user
 
+# Rails log directory
+/log
+# Rails tmp directory
+/tmp
+
 # ignore release/debug folders for exploits
 external/source/exploits/**/Debug
 external/source/exploits/**/Release
+
+# Avoid checking in Meterpreter binaries. These are supplied upstream by
+# the meterpreter_bins gem.
+data/meterpreter/elevator.*.dll
+data/meterpreter/ext_server_espia.*.dll
+data/meterpreter/ext_server_extapi.*.dll
+data/meterpreter/ext_server_incognito.*.dll
+data/meterpreter/ext_server_kiwi.*.dll
+data/meterpreter/ext_server_lanattacks.*.dll
+data/meterpreter/ext_server_mimikatz.*.dll
+data/meterpreter/ext_server_priv.*.dll
+data/meterpreter/ext_server_stdapi.*.dll
+data/meterpreter/metsrv.*.dll
+data/meterpreter/screenshot.*.dll
+
+# Avoid checking in Meterpreter libs that are built from
+# private source. If you're interested in this functionality,
+# check out Metasploit Pro: http://metasploit.com/download
+data/meterpreter/ext_server_pivot.*.dll

.mailmap

@@ -18,6 +18,7 @@ todb-r7 <todb-r7@github>           Tod Beardsley <tod_beardsley@rapid7.com>
 todb-r7 <todb-r7@github>           Tod Beardsley <todb@metasploit.com>
 todb-r7 <todb-r7@github>           Tod Beardsley <todb@packetfu.com>
 trosen-r7 <trosen-r7@github>       Trevor Rosen <Trevor_Rosen@rapid7.com>
+trosen-r7 <trosen-r7@github>       Trevor Rosen <trevor@catapult-creative.com>
 wchen-r7 <wchen-r7@github>         sinn3r <msfsinn3r@gmail.com> # aka sinn3r
 wchen-r7 <wchen-r7@github>         sinn3r <wei_chen@rapid7.com>
 wchen-r7 <wchen-r7@github>         Wei Chen <Wei_Chen@rapid7.com>

.rspec

@@ -1,2 +1,3 @@
 --color
 --format Fivemat
+--require spec_helper

.rubocop.yml

@@ -0,0 +1,84 @@
+# This list was intially created by analyzing the last three months (51
+# modules) committed to Metasploit Framework. Many, many older modules
+# will have offenses, but this should at least provide a baseline for
+# new modules.
+#
+# Updates to this file should include a 'Description' parameter for any
+# explaination needed.
+
+# inherit_from: .rubocop_todo.yml
+
+Metrics/ClassLength:
+  Description: 'Most Metasploit modules are quite large. This is ok.'
+  Enabled: true
+  Exclude:
+    - 'modules/**/*'
+
+Style/Documentation:
+  Enabled: true
+  Description: 'Most Metasploit modules do not have class documentation.'
+  Exclude:
+    - 'modules/**/*'
+
+Style/Encoding:
+  Enabled: true
+  Description: 'We prefer binary to UTF-8.'
+  EnforcedStyle: 'when_needed'
+
+Metrics/LineLength:
+  Description: >-
+                  Metasploit modules often pattern match against very
+                  long strings when identifying targets.
+  Enabled: true
+  Max: 180
+
+Metrics/MethodLength:
+  Enabled: true
+  Description: >-
+                  While the style guide suggests 10 lines, exploit definitions
+                  often exceed 200 lines.
+  Max: 300
+
+# Basically everything in metasploit needs binary encoding, not UTF-8.
+# Disable this here and enforce it through msftidy
+Style/Encoding:
+  Enabled: false
+
+# %q() is super useful for long strings split over multiple lines and
+# is very common in module constructors for things like descriptions
+Style/UnneededPercentQ:
+  Enabled: false
+
+Style/NumericLiterals:
+  Enabled: false
+  Description: 'This often hurts readability for exploit-ish code.'
+
+Style/SpaceInsideBrackets:
+  Enabled: false
+  Description: 'Until module template are final, most modules will fail this.'
+
+Style/StringLiterals:
+  Enabled: false
+  Description: 'Single vs double quote fights are largely unproductive.'
+
+Style/WordArray:
+  Enabled: false
+  Description: 'Metasploit prefers consistent use of []'
+
+Style/RedundantBegin:
+  Exclude:
+    # this pattern is very common and somewhat unavoidable
+    # def run_host(ip)
+    #   begin
+    #     ...
+    #   rescue ...
+    #     ...
+    #   ensure
+    #     disconnect
+    #   end
+    # end
+    - 'modules/**/*'
+
+Documentation:
+  Exclude:
+    - 'modules/**/*'

.ruby-version

@@ -1 +1 @@
-ruby-1.9.3-p547
+1.9.3-p551

.simplecov

@@ -39,7 +39,6 @@ SimpleCov.configure do
 	# Other library groups
 	#
 
-	add_group 'Fastlib', 'lib/fastlib'
 	add_group 'Metasm', 'lib/metasm'
 	add_group 'PacketFu', 'lib/packetfu'
 	add_group 'Rex', 'lib/rex'

.travis.yml

@@ -1,4 +1,12 @@
+env:
+  - RAKE_TASK=cucumber
+  - RAKE_TASK=cucumber:boot
+  - RAKE_TASK=spec SPEC_OPTS="--tag content"
+  - RAKE_TASK=spec SPEC_OPTS="--tag ~content"
+
 language: ruby
+matrix:
+  fast_finish: true
 before_install:
   - rake --version
   - sudo apt-get update -qq
@@ -14,10 +22,13 @@ before_script:
   - bundle exec rake --version
   - bundle exec rake db:create
   - bundle exec rake db:migrate
+script:
+  # fail build if db/schema.rb update is not committed
+  - git diff --exit-code && bundle exec rake $RAKE_TASK
 
 rvm:
-  #- '1.8.7'
   - '1.9.3'
+  - '2.1'
 
 notifications:
   irc: "irc.freenode.org#msfnotify"

.yardopts

@@ -3,5 +3,8 @@
 --exclude \.ut\.rb/
 --exclude \.ts\.rb/
 --files CONTRIBUTING.md,COPYING,HACKING,LICENSE
+app/**/*.rb
 lib/msf/**/*.rb
+lib/metasploit/**/*.rb
 lib/rex/**/*.rb
+plugins/**/*.rb

CONTRIBUTING.md

@@ -1,14 +1,33 @@
-# Contributing to Metasploit
+# Hello, World!
 
 Thanks for your interest in making Metasploit -- and therefore, the
-world -- a better place! What you see here in CONTRIBUTING.md is a
-bullet-point list of the do's and don'ts of how to make sure *your*
-valuable contributions actually make it into Metasploit's master branch.
+world -- a better place!
+
+Are you about to report a bug? Sorry to hear it.
+
+Here's our [Issue tracker](https://github.com/rapid7/metasploit-framework/issues).
+Please try to be as specific as you can about your problem, include steps
+to reproduce (cut and paste from your console output if it's helpful), and
+what you were expecting to happen.
+
+Are you about to report a security vulnerability in Metasploit itself?
+How ironic! Please take a look at Rapid7's [Vulnerability
+Disclosure Policy](https://www.rapid7.com/disclosure.jsp), and send
+your report to security@rapid7.com using [our PGP key](http://pgp.mit.edu:11371/pks/lookup?op=vindex&search=0x2380F85B8AD4DB8D).
+
+Are you about to contribute some new functionality, a bug fix, or a new
+Metasploit module? If so, read on...
+
+# Contributing to Metasploit
+
+What you see here in CONTRIBUTING.md is a bullet-point list of the do's
+and don'ts of how to make sure *your* valuable contributions actually
+make it into Metasploit's master branch.
 
 If you care not to follow these rules, your contribution **will** be
 closed (*Road House* style). Sorry!
 
-Incidentally, this is a **short** list. The
+This is intended to be a **short** list. The
 [wiki](https://github.com/rapid7/metasploit-framework/wiki) is much more
 exhaustive and reveals many mysteries. If you read nothing else, take a
 look at the standard [development environment setup
@@ -18,7 +37,10 @@ and Metasploit's [Common Coding Mistakes](https://github.com/rapid7/metasploit-f
 ## Code Contributions
 
 * **Do** stick to the [Ruby style guide](https://github.com/bbatsov/ruby-style-guide).
+* **Do** get [Rubocop](https://rubygems.org/search?query=rubocop) relatively quiet against the code you are adding or modifying.
 * **Do** follow the [50/72 rule](http://tbaggery.com/2008/04/19/a-note-about-git-commit-messages.html) for Git commit messages.
+* **Don't** use the default merge messages when merging from other
+   branches.
 * **Do** create a [topic branch](http://git-scm.com/book/en/Git-Branching-Branching-Workflows#Topic-Branches) to work on instead of working directly on `master`.
 
 ### Pull Requests
@@ -35,7 +57,7 @@ Pull requests [#2940](https://github.com/rapid7/metasploit-framework/pull/2940)
 #### New Modules
 
 * **Do** run `tools/msftidy.rb` against your module and fix any errors or warnings that come up. Even better would be to set up `msftidy.rb` as a [pre-commit hook](https://github.com/rapid7/metasploit-framework/blob/master/tools/dev/pre-commit-hook.rb).
-* **Do** use the [many module mixin APIs](https://dev.metasploit.com/documents/api/). Wheel improvements are welcome; wheel reinventions, not so much.
+* **Do** use the [many module mixin APIs](https://dev.metasploit.com/api/). Wheel improvements are welcome; wheel reinventions, not so much.
 * **Don't** include more than one module per pull request.
 
 #### Library Code
@@ -48,18 +70,14 @@ Pull requests [#2940](https://github.com/rapid7/metasploit-framework/pull/2940)
 #### Bug Fixes
 
 * **Do** include reproduction steps in the form of verification steps.
-* **Do** include a link to the corresponding [Redmine](https://dev.metasploit.com/redmine/projects/framework) issue in the format of `SeeRM #1234` in your commit description.
+* **Do** include a link to any corresponding [Issue](https://github.com/rapid7/metasploit-framework/issues) in the format of `See #1234` in your commit description.
 
 ## Bug Reports
 
-* **Do** report vulnerabilities in Rapid7 software to security@rapid7.com.
-* **Do** create a Redmine account and report your bug there.
+* **Do** report vulnerabilities in Rapid7 software directly to security@rapid7.com.
 * **Do** write a detailed description of your bug and use a descriptive title.
 * **Do** include reproduction steps, stack traces, and anything else that might help us verify and fix your bug.
 * **Don't** file duplicate reports - search for your bug before filing a new report.
-* **Don't** report a bug on GitHub. Use [Redmine](https://dev.metasploit.com/redmine/projects/framework) instead.
-
-Redmine issues [#8762](https://dev.metasploit.com/redmine/issues/8762) and [#8764](https://dev.metasploit.com/redmine/issues/8764) are a couple good examples to follow.
 
 If you need some more guidance, talk to the main body of open
 source contributors over on the [Freenode IRC channel](http://webchat.freenode.net/?channels=%23metasploit&uio=d4)

COPYING

@@ -1,4 +1,4 @@
-Copyright (C) 2006-2013, Rapid7, Inc.
+Copyright (C) 2006-2014, Rapid7, Inc.
 All rights reserved.
 
 Redistribution and use in source and binary forms, with or without modification,