Merge pull request #1 from Meatballs1/land_2551

Some changes and cleanup.

Author: jamesbcook

.gitignore

@@ -41,3 +41,13 @@ tags
 *~
 # Ignore backups of retabbed files
 *.notab
+
+# ignore Visual Studio external source garbage
+*.suo
+*.sdf
+*.opensdf
+*.user
+
+# ignore release/debug folders for exploits
+external/source/exploits/**/Debug
+external/source/exploits/**/Release

.gitmodules

@@ -0,0 +1,3 @@
+[submodule "external/source/ReflectiveDLLInjection"]
+	path = external/source/ReflectiveDLLInjection
+	url = https://github.com/rapid7/ReflectiveDLLInjection.git

.mailmap

@@ -2,22 +2,27 @@ bturner-r7 <bturner-r7@github>     Brandon Turner <[email protected]>
 dmaloney-r7 <dmaloney-r7@github>   David Maloney <[email protected]>
 dmaloney-r7 <dmaloney-r7@github>   David Maloney <[email protected]> # aka TheLightCosine
 ecarey-r7 <ecarey-r7@github>       Erran Carey <[email protected]>
+farias-r7 <farias-r7@github>       Fernando Arias <[email protected]>
 hmoore-r7 <hmoore-r7@github>       HD Moore <[email protected]>
 hmoore-r7 <hmoore-r7@github>       HD Moore <[email protected]>
 jlee-r7 <jlee-r7@github>           egypt <[email protected]> # aka egypt
 jlee-r7 <jlee-r7@github>           James Lee <[email protected]> # aka egypt
 jlee-r7 <jlee-r7@github>           James Lee <[email protected]>
+joev-r7 <joev-r7@github>           joev <[email protected]>
 joev-r7 <joev-r7@github>           Joe Vennix <[email protected]>
 jvazquez-r7 <jvazquez-r7@github>   jvazquez-r7 <[email protected]>
+jvazquez-r7 <jvazquez-r7@github>   jvazquez-r7 <[email protected]>
 limhoff-r7 <limhoff-r7@github>     Luke Imhoff <[email protected]>
 shuckins-r7 <shuckins-r7@github>   Samuel Huckins <[email protected]>
-tasos-r7 <tasos-r7@github>         Tasos Laskos <[email protected]>
 todb-r7 <todb-r7@github>           Tod Beardsley <[email protected]>
 todb-r7 <todb-r7@github>           Tod Beardsley <[email protected]>
+todb-r7 <todb-r7@github>           Tod Beardsley <[email protected]>
+trosen-r7 <trosen-r7@github>       Trevor Rosen <[email protected]>
 wchen-r7 <wchen-r7@github>         sinn3r <[email protected]> # aka sinn3r
 wchen-r7 <wchen-r7@github>         sinn3r <[email protected]>
 wchen-r7 <wchen-r7@github>         Wei Chen <[email protected]>
 wvu-r7 <wvu-r7@github>             William Vu <[email protected]>
+wvu-r7 <wvu-r7@github>             William Vu <[email protected]>
 wvu-r7 <wvu-r7@github>             William Vu <[email protected]>
 
 # Above this line are current Rapid7 employees. Below this paragraph are
@@ -38,8 +43,8 @@ Chao-mu <Chao-Mu@github>               chao-mu <[email protected]>
 Chao-mu <Chao-Mu@github>               chao-mu <chao@confusion.(none)>
 ChrisJohnRiley <ChrisJohnRiley@github> Chris John Riley <[email protected]>
 ChrisJohnRiley <ChrisJohnRiley@github> Chris John Riley <[email protected]>
-corelanc0d3er <corelanc0d3er@github>   corelanc0d3r <[email protected]>
-corelanc0d3er <corelanc0d3er@github>   Peter Van Eeckhoutte (corelanc0d3r) <[email protected]>
+corelanc0d3r <corelanc0d3r@github>     corelanc0d3r <[email protected]>
+corelanc0d3r <corelanc0d3r@github>     Peter Van Eeckhoutte (corelanc0d3r) <[email protected]>
 darkoperator <darkoperator@github>     Carlos Perez <[email protected]>
 efraintorres <efraintorres@github>     efraintorres <[email protected]>
 efraintorres <efraintorres@github>     et <>
@@ -66,11 +71,22 @@ nevdull77 <nevdull77@github>           Patrik Karlsson <[email protected]>
 nmonkee <nmonkee@github>               nmonkee <[email protected]> 
 nullbind <nullbind@github>             nullbind <[email protected]>
 ohdae <ohdae@github>                   ohdae <[email protected]>
+OJ <oj@github>                         OJ Reeves <[email protected]>
+OJ <oj@github>                         OJ <[email protected]>
 r3dy <r3dy@github>                     Royce Davis <[email protected]>
 r3dy <r3dy@github>                     Royce Davis <[email protected]>
+Rick Flores <[email protected]>  Rick Flores (nanotechz9l) <[email protected]>
 rsmudge <rsmudge@github>               Raphael Mudge <[email protected]> # Aka `butane
 schierlm <schierlm@github>             Michael Schierl <[email protected]> # Aka mihi
 scriptjunkie <scriptjunkie@github>     Matt Weeks <[email protected]>
 skape <skape@???>                      Matt Miller <[email protected]>
 spoonm <spoonm@github>                 Spoon M <[email protected]>
 swtornio <swtornio@github>             Steve Tornio <[email protected]>
+Tasos Laskos <[email protected]> Tasos Laskos <[email protected]>
+TrustedSec <[email protected]>      trustedsec <[email protected]>
+
+# Aliases for utility author names. Since they're fake, typos abound
+
+Tab Assassin <[email protected]> Tabasssassin <[email protected]>
+Tab Assassin <[email protected]> Tabassassin <[email protected]>
+Tab Assassin <[email protected]> TabAssassin <[email protected]>

.rspec

@@ -1,2 +1,2 @@
 --color
---format documentation
+--format Fivemat

.ruby-version

@@ -1 +1 @@
-1.9.3-p448
+1.9.3-p484

.travis.yml

@@ -1,11 +1,15 @@
 language: ruby
+env: MSF_SPOTCHECK_RECENT=1
 before_install:
+  - rake --version
   - sudo apt-get update -qq
   - sudo apt-get install -qq libpcap-dev
 before_script:
+  - ./tools/msftidy.rb
   - cp config/database.yml.travis config/database.yml
-  - rake db:create
-  - rake db:migrate
+  - bundle exec rake --version
+  - bundle exec rake db:create
+  - bundle exec rake db:migrate
 
 rvm:
   #- '1.8.7'

CONTRIBUTING.md

@@ -1,44 +1,68 @@
 # Contributing to Metasploit
 
-## Reporting Bugs
-
-If you would like to report a bug, please take a look at [our Redmine
-issue
-tracker](https://dev.metasploit.com/redmine/projects/framework/issues?query_id=420)
--- your bug may already have been reported there! Simply [searching](https://dev.metasploit.com/redmine/projects/framework/search) for some appropriate keywords may save everyone a lot of hassle.
-
-If your bug is new and you'd like to report it you will need to
-[register
-first](https://dev.metasploit.com/redmine/account/register). Don't
-worry, it's easy and fun and takes about 30 seconds.
-
-When you file a bug report, please include your **steps to reproduce**,
-full copy-pastes of Ruby stack traces, and any relevant details about
-your environment. Without repro steps, your bug will likely be closed.
-With repro steps, your bugs will likely be fixed.
-
-## Contributing Metasploit Modules
-
-If you have an exploit that you'd like to contribute to the Metasploit
-Framework, please familiarize yourself with the
-**[HACKING](https://github.com/rapid7/metasploit-framework/blob/master/HACKING)**
-document in the
-Metasploit-Framework repository. There are many mysteries revealed in
-HACKING concerning code style and content.
-
-[Pull requests](https://github.com/rapid7/metasploit-framework/pulls)
-should corellate with modules at a 1:1 ratio
--- there is rarely a good reason to have two, three, or ten modules on
-one pull request, as this dramatically increases the review time
-required to land (commit) any of those modules.
-
-Pull requests tend to be very collaborative for Metasploit -- do not be
-surprised if your pull request to rapid7/metasploit-framework triggers a
-pull request back to your own fork. In this way, we can isolate working
-changes before landing your PR to the Metasploit master branch.
-
-To save yourself the embarrassment of committing common errors, you will
-want to symlink the `msftidy.rb` utility to your pre-commit hooks by
-running `ln -s ../../tools/dev/pre-commit-hook.rb .git/hooks/pre-commit`
-from the top-level directory of your metasploit-framework clone. This
-will prevent you from committing modules that raise WARNINGS or ERRORS.
+Thanks for your interest in making Metasploit -- and therefore, the
+world -- a better place! What you see here in CONTRIBUTING.md is a
+bullet-point list of the do's and don'ts of how to make sure *your*
+valuable contributions actually make it into Metasploit's master branch.
+
+If you care not to follow these rules, your contribution **will** be
+closed (*Road House* style). Sorry!
+
+Incidentally, this is a **short** list. The
+[wiki](https://github.com/rapid7/metasploit-framework/wiki) is much more
+exhaustive and reveals many mysteries. If you read nothing else, take a
+look at the standard [development environment setup
+guide](https://github.com/rapid7/metasploit-framework/wiki/Setting-Up-a-Metasploit-Development-Environment)
+and Metasploit's [Common Coding Mistakes](https://github.com/rapid7/metasploit-framework/wiki/Common-Metasploit-Module-Coding-Mistakes).
+
+## Code Contributions
+
+* **Do** stick to the [Ruby style guide](https://github.com/bbatsov/ruby-style-guide).
+* **Do** follow the [50/72 rule](http://tbaggery.com/2008/04/19/a-note-about-git-commit-messages.html) for Git commit messages.
+* **Do** create a [topic branch](http://git-scm.com/book/en/Git-Branching-Branching-Workflows#Topic-Branches) to work on instead of working directly on `master`.
+
+### Pull Requests
+
+* **Do** specify a descriptive title to make searching for your pull request easier.
+* **Do** include [console output](https://help.github.com/articles/github-flavored-markdown#fenced-code-blocks), especially for witnessable effects in `msfconsole`.
+* **Do** list [verification steps](https://help.github.com/articles/writing-on-github#task-lists) so your code is testable.
+* **Don't** leave your pull request description blank.
+* **Don't** abandon your pull request. Being responsive helps us land your code faster.
+
+Pull requests [#2940](https://github.com/rapid7/metasploit-framework/pull/2940) and [#3043](https://github.com/rapid7/metasploit-framework/pull/3043) are a couple good examples to follow.
+
+#### New Modules
+
+* **Do** run `tools/msftidy.rb` against your module and fix any errors or warnings that come up. Even better would be to set up `msftidy.rb` as a [pre-commit hook](https://github.com/rapid7/metasploit-framework/blob/master/tools/dev/pre-commit-hook.rb).
+* **Do** use the [API](https://dev.metasploit.com/documents/api/). Wheel improvements are welcome; wheel reinventions, not so much.
+* **Don't** include more than one module per pull request.
+
+#### Library Code
+
+* **Do** write [RSpec](http://rspec.info/) tests - even the smallest change in library land can thoroughly screw things up.
+* **Do** follow [Better Specs](http://betterspecs.org/) - it's like the style guide for specs.
+* **Do** write [YARD](http://yardoc.org/) documentation - this makes it easier for people to use your code.
+
+#### Bug Fixes
+
+* **Do** include reproduction steps in the form of verification steps.
+* **Do** include a link to the corresponding [Redmine](https://dev.metasploit.com/redmine/projects/framework) issue in the format of `SeeRM #1234` in your commit description.
+
+## Bug Reports
+
+* **Do** report vulnerabilities in Rapid7 software to [email protected].
+* **Do** create a Redmine account and report your bug there.
+* **Do** write a detailed description of your bug and use a descriptive title.
+* **Do** include reproduction steps, stack traces, and anything else that might help us verify and fix your bug.
+* **Don't** file duplicate reports - search for your bug before filing a new report.
+* **Don't** report a bug on GitHub. Use [Redmine](https://dev.metasploit.com/redmine/projects/framework) instead.
+
+Redmine issues [#8762](https://dev.metasploit.com/redmine/issues/8762) and [#8764](https://dev.metasploit.com/redmine/issues/8764) are a couple good examples to follow.
+
+If you need some more guidance, talk to the main body of open
+source contributors over on the [Freenode IRC channel](http://webchat.freenode.net/?channels=%23metasploit&uio=d4)
+or e-mail us at [metasploit-hackers](https://lists.sourceforge.net/lists/listinfo/metasploit-hackers)
+mailing list.
+
+Also, **thank you** for taking the few moments to read this far! You're
+already way ahead of the curve, so keep it up!

COPYING

@@ -1,4 +1,4 @@
-Copyright (C) 2006-2013, Rapid7 Inc.
+Copyright (C) 2006-2013, Rapid7, Inc.
 All rights reserved.
 
 Redistribution and use in source and binary forms, with or without modification,

Gemfile

@@ -2,6 +2,8 @@ source 'https://rubygems.org'
 
 # Need 3+ for ActiveSupport::Concern
 gem 'activesupport', '>= 3.0.0'
+# Needed for some admin modules (cfme_manageiq_evm_pass_reset.rb)
+gem 'bcrypt-ruby'
 # Needed for some admin modules (scrutinizer_add_user.rb)
 gem 'json'
 # Needed by msfgui and other rpc components
@@ -14,48 +16,50 @@ gem 'robots'
 gem 'packetfu', '1.1.9'
 
 group :db do
-	# Needed for Msf::DbManager
-	gem 'activerecord'
-	# Database models shared between framework and Pro.
-	gem 'metasploit_data_models', '~> 0.16.6'
-	# Needed for module caching in Mdm::ModuleDetails
-	gem 'pg', '>= 0.11'
+  # Needed for Msf::DbManager
+  gem 'activerecord'
+  # Database models shared between framework and Pro.
+  gem 'metasploit_data_models', '~> 0.17.0'
+  # Needed for module caching in Mdm::ModuleDetails
+  gem 'pg', '>= 0.11'
 end
 
 group :pcap do
   gem 'network_interface', '~> 0.0.1'
-	# For sniffer and raw socket modules
-	gem 'pcaprub'
+  # For sniffer and raw socket modules
+  gem 'pcaprub'
 end
 
 group :development do
-	# Markdown formatting for yard
-	gem 'redcarpet'
-	# generating documentation
-	gem 'yard'
+  # Markdown formatting for yard
+  gem 'redcarpet'
+  # generating documentation
+  gem 'yard'
 end
 
 group :development, :test do
-	# supplies factories for producing model instance for specs
-	# Version 4.1.0 or newer is needed to support generate calls without the
-	# 'FactoryGirl.' in factory definitions syntax.
-	gem 'factory_girl', '>= 4.1.0'
-	# running documentation generation tasks and rspec tasks
-	gem 'rake', '>= 10.0.0'
+  # supplies factories for producing model instance for specs
+  # Version 4.1.0 or newer is needed to support generate calls without the
+  # 'FactoryGirl.' in factory definitions syntax.
+  gem 'factory_girl', '>= 4.1.0'
+  # Make rspec output shorter and more useful
+  gem 'fivemat', '1.2.1'
+  # running documentation generation tasks and rspec tasks
+  gem 'rake', '>= 10.0.0'
 end
 
 group :test do
-	# Removes records from database created during tests.  Can't use rspec-rails'
-	# transactional fixtures because multiple connections are in use so
-	# transactions won't work.
-	gem 'database_cleaner'
-	# testing framework
-	gem 'rspec', '>= 2.12'
-	gem 'shoulda-matchers'
-	# code coverage for tests
-	# any version newer than 0.5.4 gives an Encoding error when trying to read the source files.
-	# see: https://github.com/colszowka/simplecov/issues/127 (hopefully fixed in 0.8.0)
-	gem 'simplecov', '0.5.4', :require => false
-	# Manipulate Time.now in specs
-	gem 'timecop'
+  # Removes records from database created during tests.  Can't use rspec-rails'
+  # transactional fixtures because multiple connections are in use so
+  # transactions won't work.
+  gem 'database_cleaner'
+  # testing framework
+  gem 'rspec', '>= 2.12'
+  gem 'shoulda-matchers'
+  # code coverage for tests
+  # any version newer than 0.5.4 gives an Encoding error when trying to read the source files.
+  # see: https://github.com/colszowka/simplecov/issues/127 (hopefully fixed in 0.8.0)
+  gem 'simplecov', '0.5.4', :require => false
+  # Manipulate Time.now in specs
+  gem 'timecop'
 end

Gemfile.lock

@@ -13,14 +13,16 @@ GEM
       i18n (~> 0.6, >= 0.6.4)
       multi_json (~> 1.0)
     arel (3.0.2)
+    bcrypt-ruby (3.1.2)
     builder (3.0.4)
     database_cleaner (1.1.1)
     diff-lcs (1.2.4)
     factory_girl (4.2.0)
       activesupport (>= 3.0.0)
+    fivemat (1.2.1)
     i18n (0.6.5)
     json (1.8.0)
-    metasploit_data_models (0.16.6)
+    metasploit_data_models (0.17.0)
       activerecord (>= 3.2.13)
       activesupport
       pg
@@ -60,10 +62,12 @@ PLATFORMS
 DEPENDENCIES
   activerecord
   activesupport (>= 3.0.0)
+  bcrypt-ruby
   database_cleaner
   factory_girl (>= 4.1.0)
+  fivemat (= 1.2.1)
   json
-  metasploit_data_models (~> 0.16.6)
+  metasploit_data_models (~> 0.17.0)
   msgpack
   network_interface (~> 0.0.1)
   nokogiri