From 89dc901383bf31d35347798348076d48f01136a5 Mon Sep 17 00:00:00 2001 From: Arne De Herdt Date: Mon, 11 Nov 2024 11:25:33 +0100 Subject: [PATCH 01/40] MS-9682 Upgrade to Ruby on Rails 7.1 Upgrading the `rails` dependency to 7.1, and making sure the code works as well as having all tests pass. --- Gemfile.lock | 82 +++++++++++++------ config/application.rb | 4 - db/schema.rb | 2 +- lib/metasploit/framework/common_engine.rb | 4 - .../framework/rails_version_constraint.rb | 2 +- lib/msf/core/db_manager/migration.rb | 4 +- metasploit-framework.gemspec | 2 +- spec/allure_config.rb | 2 + .../examples/msf/db_manager/migration.rb | 2 +- 9 files changed, 64 insertions(+), 40 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index 81bf73fcf103..45bb9539f825 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -4,9 +4,9 @@ PATH metasploit-framework (6.4.37) aarch64 abbrev - actionpack (~> 7.0.0) - activerecord (~> 7.0.0) - activesupport (~> 7.0.0) + actionpack (~> 7.1.0) + activerecord (~> 7.1.0) + activesupport (~> 7.1.0) aws-sdk-ec2 aws-sdk-ec2instanceconnect aws-sdk-iam @@ -95,7 +95,7 @@ PATH ruby_smb (~> 3.3.3) rubyntlm rubyzip - sinatra + sinatra (~> 3) sqlite3 (= 1.7.3) sshkey swagger-blocks @@ -118,28 +118,40 @@ GEM aarch64 (2.1.0) racc (~> 1.6) abbrev (0.1.2) - actionpack (7.0.8.6) - actionview (= 7.0.8.6) - activesupport (= 7.0.8.6) - rack (~> 2.0, >= 2.2.4) + actionpack (7.1.5) + actionview (= 7.1.5) + activesupport (= 7.1.5) + nokogiri (>= 1.8.5) + racc + rack (>= 2.2.4) + rack-session (>= 1.0.1) rack-test (>= 0.6.3) - rails-dom-testing (~> 2.0) - rails-html-sanitizer (~> 1.0, >= 1.2.0) - actionview (7.0.8.6) - activesupport (= 7.0.8.6) + rails-dom-testing (~> 2.2) + rails-html-sanitizer (~> 1.6) + actionview (7.1.5) + activesupport (= 7.1.5) builder (~> 3.1) - erubi (~> 1.4) - rails-dom-testing (~> 2.0) - rails-html-sanitizer (~> 1.1, >= 1.2.0) - activemodel (7.0.8.6) - activesupport (= 7.0.8.6) - activerecord (7.0.8.6) - activemodel (= 7.0.8.6) - activesupport (= 7.0.8.6) - activesupport (7.0.8.6) + erubi (~> 1.11) + rails-dom-testing (~> 2.2) + rails-html-sanitizer (~> 1.6) + activemodel (7.1.5) + activesupport (= 7.1.5) + activerecord (7.1.5) + activemodel (= 7.1.5) + activesupport (= 7.1.5) + timeout (>= 0.4.0) + activesupport (7.1.5) + base64 + benchmark (>= 0.3) + bigdecimal concurrent-ruby (~> 1.0, >= 1.0.2) + connection_pool (>= 2.2.5) + drb i18n (>= 1.6, < 2) + logger (>= 1.4.2) minitest (>= 5.1) + mutex_m + securerandom (>= 0.3) tzinfo (~> 2.0) addressable (2.8.7) public_suffix (>= 2.0.2, < 7.0) @@ -186,6 +198,8 @@ GEM base64 (0.2.0) bcrypt (3.1.20) bcrypt_pbkdf (1.1.1) + bcrypt_pbkdf (1.1.1-x64-mingw-ucrt) + benchmark (0.4.0) bigdecimal (3.1.8) bindata (2.4.15) bootsnap (1.18.4) @@ -196,6 +210,7 @@ GEM chunky_png (1.4.0) coderay (1.1.3) concurrent-ruby (1.3.4) + connection_pool (2.4.1) cookiejar (0.3.4) crass (1.0.6) csv (3.3.0) @@ -242,6 +257,7 @@ GEM eventmachine (>= 0.12.0) websocket-driver (>= 0.5.1) ffi (1.16.3) + ffi (1.16.3-x64-mingw-ucrt) filesize (0.2.0) fivemat (1.3.7) getoptlong (0.2.1) @@ -343,6 +359,8 @@ GEM nokogiri (1.16.7) mini_portile2 (~> 2.8.2) racc (~> 1.4) + nokogiri (1.16.7-x64-mingw-ucrt) + racc (~> 1.4) nori (2.7.1) bigdecimal octokit (4.25.1) @@ -366,6 +384,7 @@ GEM ruby-rc4 ttfunk pg (1.5.9) + pg (1.5.9-x64-mingw-ucrt) pry (0.14.2) coderay (~> 1.1) method_source (~> 1.0) @@ -380,8 +399,13 @@ GEM rack-protection (3.2.0) base64 (>= 0.1.0) rack (~> 2.2, >= 2.2.4) + rack-session (1.0.2) + rack (< 3) rack-test (2.1.0) rack (>= 1.3) + rackup (1.0.1) + rack (< 3) + webrick rails-dom-testing (2.2.0) activesupport (>= 5.0.0) minitest @@ -389,13 +413,14 @@ GEM rails-html-sanitizer (1.6.0) loofah (~> 2.21) nokogiri (~> 1.14) - railties (7.0.8.6) - actionpack (= 7.0.8.6) - activesupport (= 7.0.8.6) - method_source + railties (7.1.5) + actionpack (= 7.1.5) + activesupport (= 7.1.5) + irb + rackup (>= 1.0.0) rake (>= 12.2) - thor (~> 1.0) - zeitwerk (~> 2.5) + thor (~> 1.0, >= 1.2.2) + zeitwerk (~> 2.6) rainbow (3.1.1) rake (13.2.1) rasn1 (0.13.0) @@ -511,6 +536,7 @@ GEM sawyer (0.9.2) addressable (>= 2.3.5) faraday (>= 0.17.3, < 3) + securerandom (0.3.2) simplecov (0.18.2) docile (~> 1.1) simplecov-html (~> 0.11) @@ -523,6 +549,7 @@ GEM tilt (~> 2.0) sqlite3 (1.7.3) mini_portile2 (~> 2.8.0) + sqlite3 (1.7.3-x64-mingw-ucrt) sshkey (3.0.0) strptime (0.2.5) swagger-blocks (3.0.0) @@ -574,6 +601,7 @@ GEM PLATFORMS ruby + x64-mingw-ucrt DEPENDENCIES allure-rspec diff --git a/config/application.rb b/config/application.rb index bda8166b912e..1d257121b1cb 100644 --- a/config/application.rb +++ b/config/application.rb @@ -49,10 +49,6 @@ class Application < Rails::Application when "production" config.eager_load = false end - - if ActiveRecord.respond_to?(:legacy_connection_handling=) - ActiveRecord.legacy_connection_handling = false - end end end end diff --git a/db/schema.rb b/db/schema.rb index 90d6436444c1..74f5b65d3a44 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -10,7 +10,7 @@ # # It's strongly recommended that you check this file into your version control system. -ActiveRecord::Schema[7.0].define(version: 2022_12_09_005658) do +ActiveRecord::Schema[7.1].define(version: 2022_12_09_005658) do # These are extensions that must be enabled in order to support this database enable_extension "plpgsql" diff --git a/lib/metasploit/framework/common_engine.rb b/lib/metasploit/framework/common_engine.rb index 6198dbc176bb..41d56f69f75c 100644 --- a/lib/metasploit/framework/common_engine.rb +++ b/lib/metasploit/framework/common_engine.rb @@ -40,10 +40,6 @@ module Metasploit::Framework::CommonEngine config.active_support.deprecation = :stderr - if ActiveRecord.respond_to?(:legacy_connection_handling=) - ActiveRecord.legacy_connection_handling = false - end - # @see https://github.com/rapid7/metasploit_data_models/blob/54a17149d5ccd0830db742d14c4987b48399ceb7/lib/metasploit_data_models/yaml.rb#L10 # @see https://github.com/rapid7/metasploit_data_models/blob/54a17149d5ccd0830db742d14c4987b48399ceb7/lib/metasploit_data_models/base64_serializer.rb#L28-L31 ActiveRecord.yaml_column_permitted_classes = (ActiveRecord.yaml_column_permitted_classes + MetasploitDataModels::YAML::PERMITTED_CLASSES).uniq diff --git a/lib/metasploit/framework/rails_version_constraint.rb b/lib/metasploit/framework/rails_version_constraint.rb index 474a5b494f6c..042643891782 100644 --- a/lib/metasploit/framework/rails_version_constraint.rb +++ b/lib/metasploit/framework/rails_version_constraint.rb @@ -3,7 +3,7 @@ module Metasploit module Framework module RailsVersionConstraint - RAILS_VERSION = '~> 7.0.0' + RAILS_VERSION = '~> 7.1.0' end end end diff --git a/lib/msf/core/db_manager/migration.rb b/lib/msf/core/db_manager/migration.rb index 32f5e0579eb8..e52a2dfeb838 100644 --- a/lib/msf/core/db_manager/migration.rb +++ b/lib/msf/core/db_manager/migration.rb @@ -66,7 +66,9 @@ def needs_migration? private def with_migration_context - yield ActiveRecord::MigrationContext.new(gather_engine_migration_paths) + ActiveRecord::Base.connection_pool.with_connection do + yield ActiveRecord::MigrationContext.new(gather_engine_migration_paths) + end end # @return [ActiveRecord::MigrationContext] diff --git a/metasploit-framework.gemspec b/metasploit-framework.gemspec index ddec5cf4b716..0e181c15dfaf 100644 --- a/metasploit-framework.gemspec +++ b/metasploit-framework.gemspec @@ -109,7 +109,7 @@ Gem::Specification.new do |spec| spec.add_runtime_dependency 'puma' spec.add_runtime_dependency 'ruby-mysql' spec.add_runtime_dependency 'thin' - spec.add_runtime_dependency 'sinatra' + spec.add_runtime_dependency 'sinatra', '~> 3' spec.add_runtime_dependency 'warden' spec.add_runtime_dependency 'swagger-blocks' # Required for JSON-RPC client diff --git a/spec/allure_config.rb b/spec/allure_config.rb index 97b9a34df4d5..84b0e33a9f7a 100644 --- a/spec/allure_config.rb +++ b/spec/allure_config.rb @@ -1,4 +1,6 @@ require "allure-rspec" +require "active_support" +require "active_support/core_ext/object" AllureRspec.configure do |config| config.results_directory = "tmp/allure-raw-data" diff --git a/spec/support/shared/examples/msf/db_manager/migration.rb b/spec/support/shared/examples/msf/db_manager/migration.rb index 1b3a8c2d8dc9..cde402a12cd0 100644 --- a/spec/support/shared/examples/msf/db_manager/migration.rb +++ b/spec/support/shared/examples/msf/db_manager/migration.rb @@ -55,7 +55,7 @@ def migrate end before(:example) do - mockContext = ActiveRecord::MigrationContext.new(nil, ActiveRecord::SchemaMigration) + mockContext = ActiveRecord::MigrationContext.new(nil) expect(ActiveRecord::MigrationContext).to receive(:new).and_return(mockContext) expect(mockContext).to receive(:needs_migration?).and_return(true) expect(mockContext).to receive(:migrate).and_raise(standard_error) From 6fa94bbeec1351b9323c9d852bf559d55324efd5 Mon Sep 17 00:00:00 2001 From: Arne De Herdt Date: Mon, 11 Nov 2024 11:57:37 +0100 Subject: [PATCH 02/40] Fix platform --- Gemfile.lock | 7 ------- 1 file changed, 7 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index 45bb9539f825..dfb6c56fea7b 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -198,7 +198,6 @@ GEM base64 (0.2.0) bcrypt (3.1.20) bcrypt_pbkdf (1.1.1) - bcrypt_pbkdf (1.1.1-x64-mingw-ucrt) benchmark (0.4.0) bigdecimal (3.1.8) bindata (2.4.15) @@ -257,7 +256,6 @@ GEM eventmachine (>= 0.12.0) websocket-driver (>= 0.5.1) ffi (1.16.3) - ffi (1.16.3-x64-mingw-ucrt) filesize (0.2.0) fivemat (1.3.7) getoptlong (0.2.1) @@ -359,8 +357,6 @@ GEM nokogiri (1.16.7) mini_portile2 (~> 2.8.2) racc (~> 1.4) - nokogiri (1.16.7-x64-mingw-ucrt) - racc (~> 1.4) nori (2.7.1) bigdecimal octokit (4.25.1) @@ -384,7 +380,6 @@ GEM ruby-rc4 ttfunk pg (1.5.9) - pg (1.5.9-x64-mingw-ucrt) pry (0.14.2) coderay (~> 1.1) method_source (~> 1.0) @@ -549,7 +544,6 @@ GEM tilt (~> 2.0) sqlite3 (1.7.3) mini_portile2 (~> 2.8.0) - sqlite3 (1.7.3-x64-mingw-ucrt) sshkey (3.0.0) strptime (0.2.5) swagger-blocks (3.0.0) @@ -601,7 +595,6 @@ GEM PLATFORMS ruby - x64-mingw-ucrt DEPENDENCIES allure-rspec From 2f7a2da7098523b44b79b723d7631d788d3014e7 Mon Sep 17 00:00:00 2001 From: Arne De Herdt Date: Mon, 11 Nov 2024 12:33:44 +0100 Subject: [PATCH 03/40] explicitly specify port --- config/database.yml.github_actions | 1 + 1 file changed, 1 insertion(+) diff --git a/config/database.yml.github_actions b/config/database.yml.github_actions index bd2fef7cb7df..6bd85084fe22 100644 --- a/config/database.yml.github_actions +++ b/config/database.yml.github_actions @@ -9,6 +9,7 @@ development: &pgsql adapter: postgresql database: metasploit_framework_development + port: 5432 host: localhost username: postgres password: postgres From 1788b0583f823e379d14e9970df53035a042ed71 Mon Sep 17 00:00:00 2001 From: Arne De Herdt Date: Mon, 11 Nov 2024 12:39:08 +0100 Subject: [PATCH 04/40] Fix rspec versions --- Gemfile | 2 +- Gemfile.lock | 10 +++++----- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/Gemfile b/Gemfile index 83b7b2811fbd..8f8e4795cb36 100644 --- a/Gemfile +++ b/Gemfile @@ -35,7 +35,7 @@ group :development, :test do gem 'rake' # Define `rake spec`. Must be in development AND test so that its available by default as a rake test when the # environment is development - gem 'rspec-rails' + gem 'rspec-rails', '~> 7.0' gem 'rspec-rerun' # Required during CI as well local development gem 'rubocop' diff --git a/Gemfile.lock b/Gemfile.lock index dfb6c56fea7b..171e8a70a123 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -425,7 +425,7 @@ GEM nokogiri redcarpet (3.6.0) regexp_parser (2.9.2) - reline (0.5.10) + reline (0.5.11) io-console (~> 0.5) require_all (3.0.0) rex-arch (0.1.16) @@ -490,7 +490,7 @@ GEM rspec-mocks (3.13.2) diff-lcs (>= 1.2.0, < 2.0) rspec-support (~> 3.13.0) - rspec-rails (7.0.1) + rspec-rails (7.1.0) actionpack (>= 7.0) activesupport (>= 7.0) railties (>= 7.0) @@ -569,7 +569,7 @@ GEM macaddr (~> 1.0) warden (1.2.9) rack (>= 2.0.9) - webrick (1.8.2) + webrick (1.9.0) websocket-driver (0.7.6) websocket-extensions (>= 0.1.0) websocket-extensions (0.1.5) @@ -591,7 +591,7 @@ GEM xmlrpc (0.3.3) webrick yard (0.9.37) - zeitwerk (2.6.18) + zeitwerk (2.7.1) PLATFORMS ruby @@ -607,7 +607,7 @@ DEPENDENCIES pry-byebug rake redcarpet - rspec-rails + rspec-rails (~> 7.0) rspec-rerun rubocop ruby-prof (= 1.4.2) From 25c2626b0d786c60fb1ecc1bc8d7f85a32eb800b Mon Sep 17 00:00:00 2001 From: Arne De Herdt Date: Mon, 11 Nov 2024 12:45:01 +0100 Subject: [PATCH 05/40] don't upgrade zeitwerk --- Gemfile.lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gemfile.lock b/Gemfile.lock index 171e8a70a123..704e3652bb56 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -591,7 +591,7 @@ GEM xmlrpc (0.3.3) webrick yard (0.9.37) - zeitwerk (2.7.1) + zeitwerk (2.6.18) PLATFORMS ruby From 051638f408152054944cdb695d62d68be8ae172f Mon Sep 17 00:00:00 2001 From: Arne De Herdt Date: Tue, 12 Nov 2024 09:57:34 +0100 Subject: [PATCH 06/40] Force `ActiveRecord::Base` to reconnect to the database. --- config/README.md | 11 ++++++++++- config/database.yml.example | 1 + config/database.yml.github_actions | 1 + config/database.yml.vagrant | 1 + 4 files changed, 13 insertions(+), 1 deletion(-) diff --git a/config/README.md b/config/README.md index 431188811c3c..5eb397d0fd43 100644 --- a/config/README.md +++ b/config/README.md @@ -1,3 +1,12 @@ +# Metasploit Framework Config Folder + Contains various files that help configure Metasploit. Most files here you'll never have to deal with, though `database.yml.example` might be useful for those looking to configure their database, and `openssl.conf` -might be helpful for those trying to troubleshoot OpenSSL issues in Metasploit. \ No newline at end of file +might be helpful for those trying to troubleshoot OpenSSL issues in Metasploit. + +> [!IMPORTANT] +> Because the behavior of Ruby on Rails changes between versions, +> and code needs to be considered thread-safe when dealing with Ruby on Rails, +> we ensure that the `reconnect: true` property is configured for our database +> connection. This allows the console/framework to reconnect when a thread messes +> up the connection pool. diff --git a/config/database.yml.example b/config/database.yml.example index b04aede6b087..1df94d345174 100644 --- a/config/database.yml.example +++ b/config/database.yml.example @@ -13,6 +13,7 @@ development: &pgsql port: 5432 pool: 200 timeout: 5 + reconnect: true # You will often want to seperate your databases between dev # mode and prod mode. Absent a production db, though, defaulting diff --git a/config/database.yml.github_actions b/config/database.yml.github_actions index 6bd85084fe22..25d9be8a891a 100644 --- a/config/database.yml.github_actions +++ b/config/database.yml.github_actions @@ -15,6 +15,7 @@ development: &pgsql password: postgres pool: 25 timeout: 5 + reconnect: true # Warning: The database defined as "test" will be erased and # re-generated from your development database when you run "rake". diff --git a/config/database.yml.vagrant b/config/database.yml.vagrant index d5a94c96b238..082359e61aba 100644 --- a/config/database.yml.vagrant +++ b/config/database.yml.vagrant @@ -7,6 +7,7 @@ development: &pgsql port: 5432 pool: 200 timeout: 5 + reconnect: true production: &production <<: *pgsql From 2e33402996058cedc53589f4db0f288185cda6bb Mon Sep 17 00:00:00 2001 From: Arne De Herdt Date: Tue, 12 Nov 2024 11:01:06 +0100 Subject: [PATCH 07/40] Force `ActiveRecord::Base` to reconnect to the database when using `REMOTE_DB` --- docker-compose.override.yml | 2 +- docker-compose.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/docker-compose.override.yml b/docker-compose.override.yml index 11f46b4dc280..8c62cb262eff 100644 --- a/docker-compose.override.yml +++ b/docker-compose.override.yml @@ -7,6 +7,6 @@ services: BUNDLER_ARGS: --jobs=8 image: metasploit:dev environment: - DATABASE_URL: postgres://postgres@db:5432/msf_dev?pool=200&timeout=5 + DATABASE_URL: postgres://postgres@db:5432/msf_dev?pool=200&timeout=5&reconnect=true volumes: - .:/usr/src/metasploit-framework diff --git a/docker-compose.yml b/docker-compose.yml index e4b1d12d7d5e..1edc215ef9d5 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -2,7 +2,7 @@ services: ms: image: metasploitframework/metasploit-framework:latest environment: - DATABASE_URL: postgres://postgres@db:5432/msf?pool=200&timeout=5 + DATABASE_URL: postgres://postgres@db:5432/msf?pool=200&timeout=5&reconnect=true links: - db ports: From daa63e931b9a4af2d664f67aea9a1072fe78361e Mon Sep 17 00:00:00 2001 From: Arne De Herdt Date: Tue, 12 Nov 2024 11:32:47 +0100 Subject: [PATCH 08/40] testing a hack to see if it solves the problem --- spec/spec_helper.rb | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb index 6e0463ca4672..3801b9bd314d 100644 --- a/spec/spec_helper.rb +++ b/spec/spec_helper.rb @@ -128,6 +128,12 @@ expectations.syntax = :expect end + # DEBUG: Hack to see if we can force the connection to reconnect + # to the database before each test, if this somehow affects the behavior. + before(:each) do + ::ActiveRecord::Base.connection.reconnect! unless ::ActiveRecord::Base.connected? + end + # rspec-mocks config goes here. You can use an alternate test double # library (such as bogus or mocha) by changing the `mock_with` option here. config.mock_with :rspec do |mocks| From 9d2c2d8e676a05ac52fee935ab334bf3d4ecf103 Mon Sep 17 00:00:00 2001 From: Arne De Herdt Date: Tue, 12 Nov 2024 11:38:39 +0100 Subject: [PATCH 09/40] revert hack --- spec/spec_helper.rb | 6 ------ 1 file changed, 6 deletions(-) diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb index 3801b9bd314d..6e0463ca4672 100644 --- a/spec/spec_helper.rb +++ b/spec/spec_helper.rb @@ -128,12 +128,6 @@ expectations.syntax = :expect end - # DEBUG: Hack to see if we can force the connection to reconnect - # to the database before each test, if this somehow affects the behavior. - before(:each) do - ::ActiveRecord::Base.connection.reconnect! unless ::ActiveRecord::Base.connected? - end - # rspec-mocks config goes here. You can use an alternate test double # library (such as bogus or mocha) by changing the `mock_with` option here. config.mock_with :rspec do |mocks| From 602cde55f73463eb5abc63191a4730d6e7b8a756 Mon Sep 17 00:00:00 2001 From: Arne De Herdt Date: Tue, 12 Nov 2024 11:52:36 +0100 Subject: [PATCH 10/40] Throw in some Rails 7.1 configuration. --- config/application.rb | 3 +++ 1 file changed, 3 insertions(+) diff --git a/config/application.rb b/config/application.rb index 1d257121b1cb..804bccfb44fa 100644 --- a/config/application.rb +++ b/config/application.rb @@ -40,12 +40,15 @@ class Application < Rails::Application config.paths['log'] = "#{Msf::Config.log_directory}/#{Rails.env}.log" config.paths['config/database'] = [Metasploit::Framework::Database.configurations_pathname.try(:to_path)] config.autoloader = :zeitwerk + config.load_defaults = 7.1 + config.active_support.cache_format_version = 7.1 case Rails.env when "development" config.eager_load = false when "test" config.eager_load = false + config.enable_reloading = false when "production" config.eager_load = false end From 59ec25f195ddbea202d2f0ddf93bfeb2d55ea5b9 Mon Sep 17 00:00:00 2001 From: Arne De Herdt Date: Tue, 12 Nov 2024 12:29:31 +0100 Subject: [PATCH 11/40] fix configuration --- config/application.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/application.rb b/config/application.rb index 804bccfb44fa..002c4207768d 100644 --- a/config/application.rb +++ b/config/application.rb @@ -40,7 +40,7 @@ class Application < Rails::Application config.paths['log'] = "#{Msf::Config.log_directory}/#{Rails.env}.log" config.paths['config/database'] = [Metasploit::Framework::Database.configurations_pathname.try(:to_path)] config.autoloader = :zeitwerk - config.load_defaults = 7.1 + config.load_defaults 7.1 config.active_support.cache_format_version = 7.1 case Rails.env From f4338cba3e83afc557ecaebf148971e92d00eac3 Mon Sep 17 00:00:00 2001 From: Arne De Herdt Date: Tue, 12 Nov 2024 12:38:36 +0100 Subject: [PATCH 12/40] Rails 7.1: Set the default column serialization coder. --- config/application.rb | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/config/application.rb b/config/application.rb index 002c4207768d..f67590872941 100644 --- a/config/application.rb +++ b/config/application.rb @@ -40,14 +40,22 @@ class Application < Rails::Application config.paths['log'] = "#{Msf::Config.log_directory}/#{Rails.env}.log" config.paths['config/database'] = [Metasploit::Framework::Database.configurations_pathname.try(:to_path)] config.autoloader = :zeitwerk + + # Load the Rails 7.1 defaults. config.load_defaults 7.1 + + # The cache behavior changed with Rails 7.1, and requires the desired version to be set. config.active_support.cache_format_version = 7.1 + # The default column serializer was YAML prior to Rails 7.1 + config.active_record.default_column_serializer = ::YAML + case Rails.env when "development" config.eager_load = false when "test" config.eager_load = false + # Disable file reloading in test config.enable_reloading = false when "production" config.eager_load = false From b9a9ee04a76f2feded700b903cbe432043fceb9f Mon Sep 17 00:00:00 2001 From: Arne De Herdt Date: Tue, 12 Nov 2024 12:43:57 +0100 Subject: [PATCH 13/40] Rails 7.1: active_record is not loaded in all code paths --- config/application.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/application.rb b/config/application.rb index f67590872941..684fb9f2a7f7 100644 --- a/config/application.rb +++ b/config/application.rb @@ -48,7 +48,7 @@ class Application < Rails::Application config.active_support.cache_format_version = 7.1 # The default column serializer was YAML prior to Rails 7.1 - config.active_record.default_column_serializer = ::YAML + config.active_record.default_column_serializer = ::YAML if config.respond_to?(:active_record) # might not be loaded case Rails.env when "development" From 285e69f3bbc244dfa4036307565ba7229006c41b Mon Sep 17 00:00:00 2001 From: Arne De Herdt Date: Tue, 12 Nov 2024 13:21:20 +0100 Subject: [PATCH 14/40] Rails 7.1: more configuration --- config/application.rb | 23 +++++++++---------- .../examples/msf/db_manager/migration.rb | 17 +++++++------- 2 files changed, 20 insertions(+), 20 deletions(-) diff --git a/config/application.rb b/config/application.rb index 684fb9f2a7f7..b53d68bf1016 100644 --- a/config/application.rb +++ b/config/application.rb @@ -37,8 +37,9 @@ module Framework class Application < Rails::Application include Metasploit::Framework::CommonEngine - config.paths['log'] = "#{Msf::Config.log_directory}/#{Rails.env}.log" + config.paths['log'] = "#{Msf::Config.log_directory}/#{Rails.env}.log" config.paths['config/database'] = [Metasploit::Framework::Database.configurations_pathname.try(:to_path)] + config.autoloader = :zeitwerk # Load the Rails 7.1 defaults. @@ -47,19 +48,17 @@ class Application < Rails::Application # The cache behavior changed with Rails 7.1, and requires the desired version to be set. config.active_support.cache_format_version = 7.1 - # The default column serializer was YAML prior to Rails 7.1 - config.active_record.default_column_serializer = ::YAML if config.respond_to?(:active_record) # might not be loaded + if config.respond_to?(:active_record) + # The default column serializer was YAML prior to Rails 7.1 + config.active_record.default_column_serializer = ::YAML - case Rails.env - when "development" - config.eager_load = false - when "test" - config.eager_load = false - # Disable file reloading in test - config.enable_reloading = false - when "production" - config.eager_load = false + # Timezone settings + config.active_record.default_timezone = :utc end + + # We never eager load files. + config.eager_load = false + config.enable_reloading = ::Rails.env.test? end end end diff --git a/spec/support/shared/examples/msf/db_manager/migration.rb b/spec/support/shared/examples/msf/db_manager/migration.rb index cde402a12cd0..196c6825649b 100644 --- a/spec/support/shared/examples/msf/db_manager/migration.rb +++ b/spec/support/shared/examples/msf/db_manager/migration.rb @@ -1,7 +1,7 @@ RSpec.shared_examples_for 'Msf::DBManager::Migration' do if ENV['REMOTE_DB'] - before {skip("Migration is not tested for a remote DB")} + before { skip('Migration is not tested for a remote DB') } end it { is_expected.to be_a Msf::DBManager::Migration } @@ -30,13 +30,12 @@ def migrate migrate end - it 'should return an ActiveRecord::MigrationContext with known migrations' do - migrations_paths = [File.expand_path("../../../../../file_fixtures/migrate", __dir__)] + migrations_paths = [File.expand_path('../../../../../file_fixtures/migrate', __dir__)] expect(ActiveRecord::Migrator).to receive(:migrations_paths).and_return(migrations_paths).exactly(1).times result = migrate expect(result.size).to eq 1 - expect(result[0].name).to eq "TestDbMigration" + expect(result[0].name).to eq 'TestDbMigration' end it 'should reset the column information' do @@ -55,10 +54,12 @@ def migrate end before(:example) do - mockContext = ActiveRecord::MigrationContext.new(nil) - expect(ActiveRecord::MigrationContext).to receive(:new).and_return(mockContext) - expect(mockContext).to receive(:needs_migration?).and_return(true) - expect(mockContext).to receive(:migrate).and_raise(standard_error) + ::ActiveRecord::Base.connection_pool.with_connection do |connection| + mockContext = ActiveRecord::MigrationContext.new(ActiveRecord::Migrator.migrations_paths, connection.schema_migration) + expect(ActiveRecord::MigrationContext).to receive(:new).and_return(mockContext) + expect(mockContext).to receive(:needs_migration?).and_return(true) + expect(mockContext).to receive(:migrate).and_raise(standard_error) + end end it 'should set Msf::DBManager#error' do From bda812812d3b95dd8662282a3a9d7b3bc6d052a3 Mon Sep 17 00:00:00 2001 From: Arne De Herdt Date: Tue, 12 Nov 2024 14:12:54 +0100 Subject: [PATCH 15/40] Rails 7.1: update tests to account for timezone. --- .../krb5_ccache_presenter_spec.rb | 28 +++++----- .../admin/kerberos/forge_ticket_spec.rb | 20 +++---- .../admin/kerberos/inspect_ticket_spec.rb | 56 +++++++++---------- .../auxiliary/admin/kerberos/keytab_spec.rb | 28 +++++----- 4 files changed, 66 insertions(+), 66 deletions(-) diff --git a/spec/lib/rex/proto/kerberos/credential_cache/krb5_ccache_presenter_spec.rb b/spec/lib/rex/proto/kerberos/credential_cache/krb5_ccache_presenter_spec.rb index b23f7a9eaff7..4f27e89e3296 100644 --- a/spec/lib/rex/proto/kerberos/credential_cache/krb5_ccache_presenter_spec.rb +++ b/spec/lib/rex/proto/kerberos/credential_cache/krb5_ccache_presenter_spec.rb @@ -124,10 +124,10 @@ Addresses: 0 Authdatas: 0 Times: - Auth time: #{Time.parse('2022-11-28 15:51:29 +0000').to_time} - Start time: #{Time.parse('2022-11-28 15:51:29 +0000').to_time} - End time: #{Time.parse('2032-11-25 15:51:29 +0000').to_time} - Renew Till: #{Time.parse('2032-11-25 15:51:29 +0000').to_time} + Auth time: #{Time.parse('2022-11-28 16:51:29 +0100').to_time} + Start time: #{Time.parse('2022-11-28 16:51:29 +0100').to_time} + End time: #{Time.parse('2032-11-25 16:51:29 +0100').to_time} + Renew Till: #{Time.parse('2032-11-25 16:51:29 +0100').to_time} Ticket: Ticket Version Number: 5 Realm: WINDOMAIN.LOCAL @@ -157,10 +157,10 @@ Addresses: 0 Authdatas: 0 Times: - Auth time: #{Time.parse('2022-11-28 15:51:29 +0000').to_time} - Start time: #{Time.parse('2022-11-28 15:51:29 +0000').to_time} - End time: #{Time.parse('2032-11-25 15:51:29 +0000').to_time} - Renew Till: #{Time.parse('2032-11-25 15:51:29 +0000').to_time} + Auth time: #{Time.parse('2022-11-28 16:51:29 +0100').to_time} + Start time: #{Time.parse('2022-11-28 16:51:29 +0100').to_time} + End time: #{Time.parse('2032-11-25 16:51:29 +0100').to_time} + Renew Till: #{Time.parse('2032-11-25 16:51:29 +0100').to_time} Ticket: Ticket Version Number: 5 Realm: WINDOMAIN.LOCAL @@ -170,10 +170,10 @@ Key Version Number: 2 Decrypted (with key: 4b912be0366a6f37f4a7d571bee18b1173d93195ef76f8d1e3e81ef6172ab326): Times: - Auth time: #{Time.parse('2022-11-28 15:51:29 +0000').to_time} - Start time: #{Time.parse('2022-11-28 15:51:29 +0000').to_time} - End time: #{Time.parse('2032-11-25 15:51:29 +0000').to_time} - Renew Till: #{Time.parse('2032-11-25 15:51:29 +0000').to_time} + Auth time: #{Time.parse('2022-11-28 16:51:29 +0100').to_time} + Start time: #{Time.parse('2022-11-28 16:51:29 +0100').to_time} + End time: #{Time.parse('2032-11-25 16:51:29 +0100').to_time} + Renew Till: #{Time.parse('2032-11-25 16:51:29 +0100').to_time} Client Addresses: 0 Transited: tr_type: 0, Contents: "" Client Name: 'Administrator' @@ -183,7 +183,7 @@ Flags: 0x50e00000 (FORWARDABLE, PROXIABLE, RENEWABLE, INITIAL, PRE_AUTHENT) PAC: Validation Info: - Logon Time: #{Time.parse('2022-11-28 15:51:29 +0000').to_time} + Logon Time: #{Time.parse('2022-11-28 16:51:29 +0100').to_time} Logoff Time: Never Expires (inf) Kick Off Time: Never Expires (inf) Password Last Set: No Time Set (0) @@ -284,7 +284,7 @@ Logon Domain Name: 'WINDOMAIN.LOCAL' Client Info: Name: 'Administrator' - Client ID: #{Time.parse('2022-11-28 15:51:29 +0000').to_time} + Client ID: #{Time.parse('2022-11-28 16:51:29 +0100').to_time} Pac Server Checksum: Signature: 5eb9400bcab42babcd598210 Pac Privilege Server Checksum: diff --git a/spec/modules/auxiliary/admin/kerberos/forge_ticket_spec.rb b/spec/modules/auxiliary/admin/kerberos/forge_ticket_spec.rb index b64200d39776..65740bc6b65e 100644 --- a/spec/modules/auxiliary/admin/kerberos/forge_ticket_spec.rb +++ b/spec/modules/auxiliary/admin/kerberos/forge_ticket_spec.rb @@ -56,10 +56,10 @@ Addresses: 0 Authdatas: 0 Times: - Auth time: #{Time.parse('2022-07-15 13:33:40 +0100').to_time} - Start time: #{Time.parse('2022-07-15 13:33:40 +0100').to_time} - End time: #{Time.parse('2032-07-12 13:33:40 +0100').to_time} - Renew Till: #{Time.parse('2032-07-12 13:33:40 +0100').to_time} + Auth time: #{Time.parse('2022-07-15 14:33:40 +0200').to_time} + Start time: #{Time.parse('2022-07-15 14:33:40 +0200').to_time} + End time: #{Time.parse('2032-07-12 14:33:40 +0200').to_time} + Renew Till: #{Time.parse('2032-07-12 14:33:40 +0200').to_time} Ticket: Ticket Version Number: 5 Realm: DEMO.LOCAL @@ -69,10 +69,10 @@ Key Version Number: 2 Decrypted (with key: 767400b2c71afa35a5dca216f2389cd9): Times: - Auth time: #{Time.parse('2022-07-15 12:33:40 UTC').to_time} - Start time: #{Time.parse('2022-07-15 12:33:40 UTC').to_time} - End time: #{Time.parse('2032-07-12 12:33:40 UTC').to_time} - Renew Till: #{Time.parse('2032-07-12 12:33:40 UTC').to_time} + Auth time: #{Time.parse('2022-07-15 14:33:40 +0200').to_time} + Start time: #{Time.parse('2022-07-15 14:33:40 +0200').to_time} + End time: #{Time.parse('2032-07-12 14:33:40 +0200').to_time} + Renew Till: #{Time.parse('2032-07-12 14:33:40 +0200').to_time} Client Addresses: 0 Transited: tr_type: 0, Contents: "" Client Name: 'Administrator' @@ -82,7 +82,7 @@ Flags: 0x50e00000 (FORWARDABLE, PROXIABLE, RENEWABLE, INITIAL, PRE_AUTHENT) PAC: Validation Info: - Logon Time: #{Time.parse('2022-07-15 13:33:40 +0100').to_time} + Logon Time: #{Time.parse('2022-07-15 14:33:40 +0200').to_time} Logoff Time: Never Expires (inf) Kick Off Time: Never Expires (inf) Password Last Set: No Time Set (0) @@ -185,7 +185,7 @@ Logon Domain Name: 'DEMO.LOCAL' Client Info: Name: 'Administrator' - Client ID: #{Time.parse('2022-07-15 13:33:40 +0100').to_time} + Client ID: #{Time.parse('2022-07-15 14:33:40 +0200').to_time} Pac Requestor: SID: S-1-5-21-1266190811-2419310613-1856291569-500 Pac Attributes: diff --git a/spec/modules/auxiliary/admin/kerberos/inspect_ticket_spec.rb b/spec/modules/auxiliary/admin/kerberos/inspect_ticket_spec.rb index 7c828d93932f..f20ea326cf53 100644 --- a/spec/modules/auxiliary/admin/kerberos/inspect_ticket_spec.rb +++ b/spec/modules/auxiliary/admin/kerberos/inspect_ticket_spec.rb @@ -475,10 +475,10 @@ Addresses: 0 Authdatas: 0 Times: - Auth time: #{Time.parse('2023-01-13 14:31:25 UTC').to_time} - Start time: #{Time.parse('2023-01-13 14:31:25 UTC').to_time} - End time: #{Time.parse('2033-01-10 14:31:25 UTC').to_time} - Renew Till: #{Time.parse('2033-01-10 14:31:25 UTC').to_time} + Auth time: #{Time.parse('2023-01-13 15:31:25 +0100').to_time} + Start time: #{Time.parse('2023-01-13 15:31:25 +0100').to_time} + End time: #{Time.parse('2033-01-10 15:31:25 +0100').to_time} + Renew Till: #{Time.parse('2033-01-10 15:31:25 +0100').to_time} Ticket: Ticket Version Number: 5 Realm: WINDOMAIN.LOCAL @@ -488,10 +488,10 @@ Key Version Number: 2 Decrypted (with key: 4b912be0366a6f37f4a7d571bee18b1173d93195ef76f8d1e3e81ef6172ab326): Times: - Auth time: #{Time.parse('2023-01-13 14:31:25 UTC').to_time} - Start time: #{Time.parse('2023-01-13 14:31:25 UTC').to_time} - End time: #{Time.parse('2033-01-10 14:31:25 UTC').to_time} - Renew Till: #{Time.parse('2033-01-10 14:31:25 UTC').to_time} + Auth time: #{Time.parse('2023-01-13 15:31:25 +0100').to_time} + Start time: #{Time.parse('2023-01-13 15:31:25 +0100').to_time} + End time: #{Time.parse('2033-01-10 15:31:25 +0100').to_time} + Renew Till: #{Time.parse('2033-01-10 15:31:25 +0100').to_time} Client Addresses: 0 Transited: tr_type: 0, Contents: "" Client Name: 'Administrator' @@ -501,7 +501,7 @@ Flags: 0x50a00000 (FORWARDABLE, PROXIABLE, RENEWABLE, PRE_AUTHENT) PAC: Validation Info: - Logon Time: #{Time.parse('2023-01-13 14:31:25 UTC').to_time} + Logon Time: #{Time.parse('2023-01-13 15:31:25 +0100').to_time} Logoff Time: Never Expires (inf) Kick Off Time: Never Expires (inf) Password Last Set: No Time Set (0) @@ -602,7 +602,7 @@ Logon Domain Name: 'WINDOMAIN.LOCAL' Client Info: Name: 'Administrator' - Client ID: #{Time.parse('2023-01-13 14:31:25 UTC').to_time} + Client ID: #{Time.parse('2023-01-13 15:31:25 +0100').to_time} Pac Server Checksum: Signature: 81a20da731b3b9bdd2e756dc Pac Privilege Server Checksum: @@ -630,10 +630,10 @@ Addresses: 0 Authdatas: 0 Times: - Auth time: #{Time.parse('2023-01-13 14:31:25 UTC').to_time} - Start time: #{Time.parse('2023-01-13 14:31:25 UTC').to_time} - End time: #{Time.parse('2033-01-10 14:31:25 UTC').to_time} - Renew Till: #{Time.parse('2033-01-10 14:31:25 UTC').to_time} + Auth time: #{Time.parse('2023-01-13 15:31:25 +0100').to_time} + Start time: #{Time.parse('2023-01-13 15:31:25 +0100').to_time} + End time: #{Time.parse('2033-01-10 15:31:25 +0100').to_time} + Renew Till: #{Time.parse('2033-01-10 15:31:25 +0100').to_time} Ticket: Ticket Version Number: 5 Realm: WINDOMAIN.LOCAL @@ -665,10 +665,10 @@ Addresses: 0 Authdatas: 0 Times: - Auth time: #{Time.parse('2023-01-13 14:36:39 UTC').to_time} - Start time: #{Time.parse('2023-01-13 14:36:39 UTC').to_time} - End time: #{Time.parse('2033-01-10 14:36:39 UTC').to_time} - Renew Till: #{Time.parse('2033-01-10 14:36:39 UTC').to_time} + Auth time: #{Time.parse('2023-01-13 15:36:39 +0100').to_time} + Start time: #{Time.parse('2023-01-13 15:36:39 +0100').to_time} + End time: #{Time.parse('2033-01-10 15:36:39 +0100').to_time} + Renew Till: #{Time.parse('2033-01-10 15:36:39 +0100').to_time} Ticket: Ticket Version Number: 5 Realm: WINDOMAIN.LOCAL @@ -678,10 +678,10 @@ Key Version Number: 2 Decrypted (with key: 88e4d9fabaecf3dec18dd80905521b29): Times: - Auth time: #{Time.parse('2023-01-13 14:36:39 UTC').to_time} - Start time: #{Time.parse('2023-01-13 14:36:39 UTC').to_time} - End time: #{Time.parse('2033-01-10 14:36:39 UTC').to_time} - Renew Till: #{Time.parse('2033-01-10 14:36:39 UTC').to_time} + Auth time: #{Time.parse('2023-01-13 15:36:39 +0100').to_time} + Start time: #{Time.parse('2023-01-13 15:36:39 +0100').to_time} + End time: #{Time.parse('2033-01-10 15:36:39 +0100').to_time} + Renew Till: #{Time.parse('2033-01-10 15:36:39 +0100').to_time} Client Addresses: 0 Transited: tr_type: 0, Contents: "" Client Name: 'Administrator' @@ -691,7 +691,7 @@ Flags: 0x50a00000 (FORWARDABLE, PROXIABLE, RENEWABLE, PRE_AUTHENT) PAC: Validation Info: - Logon Time: #{Time.parse('2023-01-13 14:36:39 UTC').to_time} + Logon Time: #{Time.parse('2023-01-13 15:36:39 +0100').to_time} Logoff Time: Never Expires (inf) Kick Off Time: Never Expires (inf) Password Last Set: No Time Set (0) @@ -792,7 +792,7 @@ Logon Domain Name: 'WINDOMAIN.LOCAL' Client Info: Name: 'Administrator' - Client ID: #{Time.parse('2023-01-13 14:36:39 UTC').to_time} + Client ID: #{Time.parse('2023-01-13 15:36:39 +0100').to_time} Pac Server Checksum: Signature: 1a038d8dd257a7d9b875280259ab0e4a Pac Privilege Server Checksum: @@ -820,10 +820,10 @@ Addresses: 0 Authdatas: 0 Times: - Auth time: #{Time.parse('2023-01-13 14:36:39 UTC').to_time} - Start time: #{Time.parse('2023-01-13 14:36:39 UTC').to_time} - End time: #{Time.parse('2033-01-10 14:36:39 UTC').to_time} - Renew Till: #{Time.parse('2033-01-10 14:36:39 UTC').to_time} + Auth time: #{Time.parse('2023-01-13 15:36:39 +0100').to_time} + Start time: #{Time.parse('2023-01-13 15:36:39 +0100').to_time} + End time: #{Time.parse('2033-01-10 15:36:39 +0100').to_time} + Renew Till: #{Time.parse('2033-01-10 15:36:39 +0100').to_time} Ticket: Ticket Version Number: 5 Realm: WINDOMAIN.LOCAL diff --git a/spec/modules/auxiliary/admin/kerberos/keytab_spec.rb b/spec/modules/auxiliary/admin/kerberos/keytab_spec.rb index cc3e2bd9496f..1bf57fa3de48 100644 --- a/spec/modules/auxiliary/admin/kerberos/keytab_spec.rb +++ b/spec/modules/auxiliary/admin/kerberos/keytab_spec.rb @@ -79,7 +79,7 @@ kvno type principal hash date ---- ---- --------- ---- ---- - 1 18 (AES256) Administrator@DOMAIN.LOCAL c4a3f31d64afa648a6d08d0776563e1238b976d0b90f79ea072194368294e929 #{Time.parse('1970-01-01 00:00:00 +0000').to_time} + 1 18 (AES256) Administrator@DOMAIN.LOCAL c4a3f31d64afa648a6d08d0776563e1238b976d0b90f79ea072194368294e929 #{Time.parse('1970-01-01 01:00:00 +0100').to_time} TABLE end end @@ -101,11 +101,11 @@ kvno type principal hash date ---- ---- --------- ---- ---- - 1 3 (DES_CBC_MD5) Administrator@DOMAIN.LOCAL 89d3b923d6a7195e #{Time.parse('1970-01-01 00:00:00 +0000').to_time} - 1 16 (DES3_CBC_SHA1) Administrator@DOMAIN.LOCAL 341994e0ba5b1a20d640911cda23c137b637d51a6416d6cb #{Time.parse('1970-01-01 00:00:00 +0000').to_time} - 1 23 (RC4_HMAC) Administrator@DOMAIN.LOCAL 8846f7eaee8fb117ad06bdd830b7586c #{Time.parse('1970-01-01 00:00:00 +0000').to_time} - 1 17 (AES128) Administrator@DOMAIN.LOCAL baba43a8b97baca153bd54b2f0774ad7 #{Time.parse('1970-01-01 00:00:00 +0000').to_time} - 1 18 (AES256) Administrator@DOMAIN.LOCAL c4a3f31d64afa648a6d08d0776563e1238b976d0b90f79ea072194368294e929 #{Time.parse('1970-01-01 00:00:00 +0000').to_time} + 1 3 (DES_CBC_MD5) Administrator@DOMAIN.LOCAL 89d3b923d6a7195e #{Time.parse('1970-01-01 01:00:00 +0100').to_time} + 1 16 (DES3_CBC_SHA1) Administrator@DOMAIN.LOCAL 341994e0ba5b1a20d640911cda23c137b637d51a6416d6cb #{Time.parse('1970-01-01 01:00:00 +0100').to_time} + 1 23 (RC4_HMAC) Administrator@DOMAIN.LOCAL 8846f7eaee8fb117ad06bdd830b7586c #{Time.parse('1970-01-01 01:00:00 +0100').to_time} + 1 17 (AES128) Administrator@DOMAIN.LOCAL baba43a8b97baca153bd54b2f0774ad7 #{Time.parse('1970-01-01 01:00:00 +0100').to_time} + 1 18 (AES256) Administrator@DOMAIN.LOCAL c4a3f31d64afa648a6d08d0776563e1238b976d0b90f79ea072194368294e929 #{Time.parse('1970-01-01 01:00:00 +0100').to_time} TABLE end @@ -128,7 +128,7 @@ kvno type principal hash date ---- ---- --------- ---- ---- - 1 18 (AES256) Administrator@DOMAIN.LOCAL c4a3f31d64afa648a6d08d0776563e1238b976d0b90f79ea072194368294e929 #{Time.parse('1970-01-01 00:00:00 +0000').to_time} + 1 18 (AES256) Administrator@DOMAIN.LOCAL c4a3f31d64afa648a6d08d0776563e1238b976d0b90f79ea072194368294e929 #{Time.parse('1970-01-01 01:00:00 +0100').to_time} TABLE end end @@ -157,10 +157,10 @@ kvno type principal hash date ---- ---- --------- ---- ---- - 1 18 (AES256) Administrator@DOMAIN.LOCAL c4a3f31d64afa648a6d08d0776563e1238b976d0b90f79ea072194368294e929 #{Time.parse('2022-10-01 17:51:29 +0000').to_time} - 1 17 (AES128) Administrator@DOMAIN.LOCAL baba43a8b97baca153bd54b2f0774ad7 #{Time.parse('2022-10-01 17:51:29 +0000').to_time} - 1 23 (RC4_HMAC) Administrator@DOMAIN.LOCAL 8846f7eaee8fb117ad06bdd830b7586c #{Time.parse('2022-10-01 17:51:29 +0000').to_time} - 1 18 (AES256) Administrator@DOMAIN.LOCAL c4a3f31d64afa648a6d08d0776563e1238b976d0b90f79ea072194368294e929 #{Time.parse('1970-01-01 00:00:00 +0000').to_time} + 1 18 (AES256) Administrator@DOMAIN.LOCAL c4a3f31d64afa648a6d08d0776563e1238b976d0b90f79ea072194368294e929 #{Time.parse('2022-10-01 19:51:29 +0200').to_time} + 1 17 (AES128) Administrator@DOMAIN.LOCAL baba43a8b97baca153bd54b2f0774ad7 #{Time.parse('2022-10-01 19:51:29 +0200').to_time} + 1 23 (RC4_HMAC) Administrator@DOMAIN.LOCAL 8846f7eaee8fb117ad06bdd830b7586c #{Time.parse('2022-10-01 19:51:29 +0200').to_time} + 1 18 (AES256) Administrator@DOMAIN.LOCAL c4a3f31d64afa648a6d08d0776563e1238b976d0b90f79ea072194368294e929 #{Time.parse('1970-01-01 01:00:00 +0100').to_time} TABLE end end @@ -188,9 +188,9 @@ kvno type principal hash date ---- ---- --------- ---- ---- - 1 18 (AES256) Administrator@DOMAIN.LOCAL c4a3f31d64afa648a6d08d0776563e1238b976d0b90f79ea072194368294e929 #{Time.parse('2022-10-01 17:51:29 +0000').to_time} - 1 17 (AES128) Administrator@DOMAIN.LOCAL baba43a8b97baca153bd54b2f0774ad7 #{Time.parse('2022-10-01 17:51:29 +0000').to_time} - 1 23 (RC4_HMAC) Administrator@DOMAIN.LOCAL 8846f7eaee8fb117ad06bdd830b7586c #{Time.parse('2022-10-01 17:51:29 +0000').to_time} + 1 18 (AES256) Administrator@DOMAIN.LOCAL c4a3f31d64afa648a6d08d0776563e1238b976d0b90f79ea072194368294e929 #{Time.parse('2022-10-01 19:51:29 +0200').to_time} + 1 17 (AES128) Administrator@DOMAIN.LOCAL baba43a8b97baca153bd54b2f0774ad7 #{Time.parse('2022-10-01 19:51:29 +0200').to_time} + 1 23 (RC4_HMAC) Administrator@DOMAIN.LOCAL 8846f7eaee8fb117ad06bdd830b7586c #{Time.parse('2022-10-01 19:51:29 +0200').to_time} TABLE end From e7c2f0b520943201678612f213eb02e73522c54b Mon Sep 17 00:00:00 2001 From: Arne De Herdt Date: Tue, 12 Nov 2024 14:46:29 +0100 Subject: [PATCH 16/40] undo connection magic --- .../shared/examples/msf/db_manager/migration.rb | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/spec/support/shared/examples/msf/db_manager/migration.rb b/spec/support/shared/examples/msf/db_manager/migration.rb index 196c6825649b..6041a8793ce7 100644 --- a/spec/support/shared/examples/msf/db_manager/migration.rb +++ b/spec/support/shared/examples/msf/db_manager/migration.rb @@ -54,12 +54,10 @@ def migrate end before(:example) do - ::ActiveRecord::Base.connection_pool.with_connection do |connection| - mockContext = ActiveRecord::MigrationContext.new(ActiveRecord::Migrator.migrations_paths, connection.schema_migration) - expect(ActiveRecord::MigrationContext).to receive(:new).and_return(mockContext) - expect(mockContext).to receive(:needs_migration?).and_return(true) - expect(mockContext).to receive(:migrate).and_raise(standard_error) - end + mockContext = ActiveRecord::MigrationContext.new(nil) + expect(ActiveRecord::MigrationContext).to receive(:new).and_return(mockContext) + expect(mockContext).to receive(:needs_migration?).and_return(true) + expect(mockContext).to receive(:migrate).and_raise(standard_error) end it 'should set Msf::DBManager#error' do From a3b4498eb88295030e52d690872fe7e4615d40b0 Mon Sep 17 00:00:00 2001 From: Arne De Herdt Date: Tue, 12 Nov 2024 14:52:02 +0100 Subject: [PATCH 17/40] Bug in Rails 7.1, disabling to verify the behavior. --- spec/spec_helper.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb index 6e0463ca4672..e8859e0d4995 100644 --- a/spec/spec_helper.rb +++ b/spec/spec_helper.rb @@ -99,7 +99,7 @@ config.order = :random if load_metasploit - config.use_transactional_fixtures = true + config.use_transactional_fixtures = false # rspec-rails 3 will no longer automatically infer an example group's spec type # from the file location. You can explicitly opt-in to the feature using this From 880448c0a97314098fd287442e4f57c16354f569 Mon Sep 17 00:00:00 2001 From: Arne De Herdt Date: Tue, 12 Nov 2024 15:03:46 +0100 Subject: [PATCH 18/40] revert --- spec/spec_helper.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb index e8859e0d4995..6e0463ca4672 100644 --- a/spec/spec_helper.rb +++ b/spec/spec_helper.rb @@ -99,7 +99,7 @@ config.order = :random if load_metasploit - config.use_transactional_fixtures = false + config.use_transactional_fixtures = true # rspec-rails 3 will no longer automatically infer an example group's spec type # from the file location. You can explicitly opt-in to the feature using this From e52c7f98435fb17ef5a77b889e90b3bee24f6eb3 Mon Sep 17 00:00:00 2001 From: Arne De Herdt Date: Tue, 12 Nov 2024 15:17:38 +0100 Subject: [PATCH 19/40] revert date changes to match CI --- .../auxiliary/admin/kerberos/keytab_spec.rb | 28 +++++++++---------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/spec/modules/auxiliary/admin/kerberos/keytab_spec.rb b/spec/modules/auxiliary/admin/kerberos/keytab_spec.rb index 1bf57fa3de48..cc3e2bd9496f 100644 --- a/spec/modules/auxiliary/admin/kerberos/keytab_spec.rb +++ b/spec/modules/auxiliary/admin/kerberos/keytab_spec.rb @@ -79,7 +79,7 @@ kvno type principal hash date ---- ---- --------- ---- ---- - 1 18 (AES256) Administrator@DOMAIN.LOCAL c4a3f31d64afa648a6d08d0776563e1238b976d0b90f79ea072194368294e929 #{Time.parse('1970-01-01 01:00:00 +0100').to_time} + 1 18 (AES256) Administrator@DOMAIN.LOCAL c4a3f31d64afa648a6d08d0776563e1238b976d0b90f79ea072194368294e929 #{Time.parse('1970-01-01 00:00:00 +0000').to_time} TABLE end end @@ -101,11 +101,11 @@ kvno type principal hash date ---- ---- --------- ---- ---- - 1 3 (DES_CBC_MD5) Administrator@DOMAIN.LOCAL 89d3b923d6a7195e #{Time.parse('1970-01-01 01:00:00 +0100').to_time} - 1 16 (DES3_CBC_SHA1) Administrator@DOMAIN.LOCAL 341994e0ba5b1a20d640911cda23c137b637d51a6416d6cb #{Time.parse('1970-01-01 01:00:00 +0100').to_time} - 1 23 (RC4_HMAC) Administrator@DOMAIN.LOCAL 8846f7eaee8fb117ad06bdd830b7586c #{Time.parse('1970-01-01 01:00:00 +0100').to_time} - 1 17 (AES128) Administrator@DOMAIN.LOCAL baba43a8b97baca153bd54b2f0774ad7 #{Time.parse('1970-01-01 01:00:00 +0100').to_time} - 1 18 (AES256) Administrator@DOMAIN.LOCAL c4a3f31d64afa648a6d08d0776563e1238b976d0b90f79ea072194368294e929 #{Time.parse('1970-01-01 01:00:00 +0100').to_time} + 1 3 (DES_CBC_MD5) Administrator@DOMAIN.LOCAL 89d3b923d6a7195e #{Time.parse('1970-01-01 00:00:00 +0000').to_time} + 1 16 (DES3_CBC_SHA1) Administrator@DOMAIN.LOCAL 341994e0ba5b1a20d640911cda23c137b637d51a6416d6cb #{Time.parse('1970-01-01 00:00:00 +0000').to_time} + 1 23 (RC4_HMAC) Administrator@DOMAIN.LOCAL 8846f7eaee8fb117ad06bdd830b7586c #{Time.parse('1970-01-01 00:00:00 +0000').to_time} + 1 17 (AES128) Administrator@DOMAIN.LOCAL baba43a8b97baca153bd54b2f0774ad7 #{Time.parse('1970-01-01 00:00:00 +0000').to_time} + 1 18 (AES256) Administrator@DOMAIN.LOCAL c4a3f31d64afa648a6d08d0776563e1238b976d0b90f79ea072194368294e929 #{Time.parse('1970-01-01 00:00:00 +0000').to_time} TABLE end @@ -128,7 +128,7 @@ kvno type principal hash date ---- ---- --------- ---- ---- - 1 18 (AES256) Administrator@DOMAIN.LOCAL c4a3f31d64afa648a6d08d0776563e1238b976d0b90f79ea072194368294e929 #{Time.parse('1970-01-01 01:00:00 +0100').to_time} + 1 18 (AES256) Administrator@DOMAIN.LOCAL c4a3f31d64afa648a6d08d0776563e1238b976d0b90f79ea072194368294e929 #{Time.parse('1970-01-01 00:00:00 +0000').to_time} TABLE end end @@ -157,10 +157,10 @@ kvno type principal hash date ---- ---- --------- ---- ---- - 1 18 (AES256) Administrator@DOMAIN.LOCAL c4a3f31d64afa648a6d08d0776563e1238b976d0b90f79ea072194368294e929 #{Time.parse('2022-10-01 19:51:29 +0200').to_time} - 1 17 (AES128) Administrator@DOMAIN.LOCAL baba43a8b97baca153bd54b2f0774ad7 #{Time.parse('2022-10-01 19:51:29 +0200').to_time} - 1 23 (RC4_HMAC) Administrator@DOMAIN.LOCAL 8846f7eaee8fb117ad06bdd830b7586c #{Time.parse('2022-10-01 19:51:29 +0200').to_time} - 1 18 (AES256) Administrator@DOMAIN.LOCAL c4a3f31d64afa648a6d08d0776563e1238b976d0b90f79ea072194368294e929 #{Time.parse('1970-01-01 01:00:00 +0100').to_time} + 1 18 (AES256) Administrator@DOMAIN.LOCAL c4a3f31d64afa648a6d08d0776563e1238b976d0b90f79ea072194368294e929 #{Time.parse('2022-10-01 17:51:29 +0000').to_time} + 1 17 (AES128) Administrator@DOMAIN.LOCAL baba43a8b97baca153bd54b2f0774ad7 #{Time.parse('2022-10-01 17:51:29 +0000').to_time} + 1 23 (RC4_HMAC) Administrator@DOMAIN.LOCAL 8846f7eaee8fb117ad06bdd830b7586c #{Time.parse('2022-10-01 17:51:29 +0000').to_time} + 1 18 (AES256) Administrator@DOMAIN.LOCAL c4a3f31d64afa648a6d08d0776563e1238b976d0b90f79ea072194368294e929 #{Time.parse('1970-01-01 00:00:00 +0000').to_time} TABLE end end @@ -188,9 +188,9 @@ kvno type principal hash date ---- ---- --------- ---- ---- - 1 18 (AES256) Administrator@DOMAIN.LOCAL c4a3f31d64afa648a6d08d0776563e1238b976d0b90f79ea072194368294e929 #{Time.parse('2022-10-01 19:51:29 +0200').to_time} - 1 17 (AES128) Administrator@DOMAIN.LOCAL baba43a8b97baca153bd54b2f0774ad7 #{Time.parse('2022-10-01 19:51:29 +0200').to_time} - 1 23 (RC4_HMAC) Administrator@DOMAIN.LOCAL 8846f7eaee8fb117ad06bdd830b7586c #{Time.parse('2022-10-01 19:51:29 +0200').to_time} + 1 18 (AES256) Administrator@DOMAIN.LOCAL c4a3f31d64afa648a6d08d0776563e1238b976d0b90f79ea072194368294e929 #{Time.parse('2022-10-01 17:51:29 +0000').to_time} + 1 17 (AES128) Administrator@DOMAIN.LOCAL baba43a8b97baca153bd54b2f0774ad7 #{Time.parse('2022-10-01 17:51:29 +0000').to_time} + 1 23 (RC4_HMAC) Administrator@DOMAIN.LOCAL 8846f7eaee8fb117ad06bdd830b7586c #{Time.parse('2022-10-01 17:51:29 +0000').to_time} TABLE end From eda6de436484b87fb2a7ce2089eea292d49e6f69 Mon Sep 17 00:00:00 2001 From: Arne De Herdt Date: Tue, 12 Nov 2024 15:20:02 +0100 Subject: [PATCH 20/40] revert remaining date specs --- .../krb5_ccache_presenter_spec.rb | 28 +++++----- .../admin/kerberos/forge_ticket_spec.rb | 20 +++---- .../admin/kerberos/inspect_ticket_spec.rb | 56 +++++++++---------- 3 files changed, 52 insertions(+), 52 deletions(-) diff --git a/spec/lib/rex/proto/kerberos/credential_cache/krb5_ccache_presenter_spec.rb b/spec/lib/rex/proto/kerberos/credential_cache/krb5_ccache_presenter_spec.rb index 4f27e89e3296..b23f7a9eaff7 100644 --- a/spec/lib/rex/proto/kerberos/credential_cache/krb5_ccache_presenter_spec.rb +++ b/spec/lib/rex/proto/kerberos/credential_cache/krb5_ccache_presenter_spec.rb @@ -124,10 +124,10 @@ Addresses: 0 Authdatas: 0 Times: - Auth time: #{Time.parse('2022-11-28 16:51:29 +0100').to_time} - Start time: #{Time.parse('2022-11-28 16:51:29 +0100').to_time} - End time: #{Time.parse('2032-11-25 16:51:29 +0100').to_time} - Renew Till: #{Time.parse('2032-11-25 16:51:29 +0100').to_time} + Auth time: #{Time.parse('2022-11-28 15:51:29 +0000').to_time} + Start time: #{Time.parse('2022-11-28 15:51:29 +0000').to_time} + End time: #{Time.parse('2032-11-25 15:51:29 +0000').to_time} + Renew Till: #{Time.parse('2032-11-25 15:51:29 +0000').to_time} Ticket: Ticket Version Number: 5 Realm: WINDOMAIN.LOCAL @@ -157,10 +157,10 @@ Addresses: 0 Authdatas: 0 Times: - Auth time: #{Time.parse('2022-11-28 16:51:29 +0100').to_time} - Start time: #{Time.parse('2022-11-28 16:51:29 +0100').to_time} - End time: #{Time.parse('2032-11-25 16:51:29 +0100').to_time} - Renew Till: #{Time.parse('2032-11-25 16:51:29 +0100').to_time} + Auth time: #{Time.parse('2022-11-28 15:51:29 +0000').to_time} + Start time: #{Time.parse('2022-11-28 15:51:29 +0000').to_time} + End time: #{Time.parse('2032-11-25 15:51:29 +0000').to_time} + Renew Till: #{Time.parse('2032-11-25 15:51:29 +0000').to_time} Ticket: Ticket Version Number: 5 Realm: WINDOMAIN.LOCAL @@ -170,10 +170,10 @@ Key Version Number: 2 Decrypted (with key: 4b912be0366a6f37f4a7d571bee18b1173d93195ef76f8d1e3e81ef6172ab326): Times: - Auth time: #{Time.parse('2022-11-28 16:51:29 +0100').to_time} - Start time: #{Time.parse('2022-11-28 16:51:29 +0100').to_time} - End time: #{Time.parse('2032-11-25 16:51:29 +0100').to_time} - Renew Till: #{Time.parse('2032-11-25 16:51:29 +0100').to_time} + Auth time: #{Time.parse('2022-11-28 15:51:29 +0000').to_time} + Start time: #{Time.parse('2022-11-28 15:51:29 +0000').to_time} + End time: #{Time.parse('2032-11-25 15:51:29 +0000').to_time} + Renew Till: #{Time.parse('2032-11-25 15:51:29 +0000').to_time} Client Addresses: 0 Transited: tr_type: 0, Contents: "" Client Name: 'Administrator' @@ -183,7 +183,7 @@ Flags: 0x50e00000 (FORWARDABLE, PROXIABLE, RENEWABLE, INITIAL, PRE_AUTHENT) PAC: Validation Info: - Logon Time: #{Time.parse('2022-11-28 16:51:29 +0100').to_time} + Logon Time: #{Time.parse('2022-11-28 15:51:29 +0000').to_time} Logoff Time: Never Expires (inf) Kick Off Time: Never Expires (inf) Password Last Set: No Time Set (0) @@ -284,7 +284,7 @@ Logon Domain Name: 'WINDOMAIN.LOCAL' Client Info: Name: 'Administrator' - Client ID: #{Time.parse('2022-11-28 16:51:29 +0100').to_time} + Client ID: #{Time.parse('2022-11-28 15:51:29 +0000').to_time} Pac Server Checksum: Signature: 5eb9400bcab42babcd598210 Pac Privilege Server Checksum: diff --git a/spec/modules/auxiliary/admin/kerberos/forge_ticket_spec.rb b/spec/modules/auxiliary/admin/kerberos/forge_ticket_spec.rb index 65740bc6b65e..b64200d39776 100644 --- a/spec/modules/auxiliary/admin/kerberos/forge_ticket_spec.rb +++ b/spec/modules/auxiliary/admin/kerberos/forge_ticket_spec.rb @@ -56,10 +56,10 @@ Addresses: 0 Authdatas: 0 Times: - Auth time: #{Time.parse('2022-07-15 14:33:40 +0200').to_time} - Start time: #{Time.parse('2022-07-15 14:33:40 +0200').to_time} - End time: #{Time.parse('2032-07-12 14:33:40 +0200').to_time} - Renew Till: #{Time.parse('2032-07-12 14:33:40 +0200').to_time} + Auth time: #{Time.parse('2022-07-15 13:33:40 +0100').to_time} + Start time: #{Time.parse('2022-07-15 13:33:40 +0100').to_time} + End time: #{Time.parse('2032-07-12 13:33:40 +0100').to_time} + Renew Till: #{Time.parse('2032-07-12 13:33:40 +0100').to_time} Ticket: Ticket Version Number: 5 Realm: DEMO.LOCAL @@ -69,10 +69,10 @@ Key Version Number: 2 Decrypted (with key: 767400b2c71afa35a5dca216f2389cd9): Times: - Auth time: #{Time.parse('2022-07-15 14:33:40 +0200').to_time} - Start time: #{Time.parse('2022-07-15 14:33:40 +0200').to_time} - End time: #{Time.parse('2032-07-12 14:33:40 +0200').to_time} - Renew Till: #{Time.parse('2032-07-12 14:33:40 +0200').to_time} + Auth time: #{Time.parse('2022-07-15 12:33:40 UTC').to_time} + Start time: #{Time.parse('2022-07-15 12:33:40 UTC').to_time} + End time: #{Time.parse('2032-07-12 12:33:40 UTC').to_time} + Renew Till: #{Time.parse('2032-07-12 12:33:40 UTC').to_time} Client Addresses: 0 Transited: tr_type: 0, Contents: "" Client Name: 'Administrator' @@ -82,7 +82,7 @@ Flags: 0x50e00000 (FORWARDABLE, PROXIABLE, RENEWABLE, INITIAL, PRE_AUTHENT) PAC: Validation Info: - Logon Time: #{Time.parse('2022-07-15 14:33:40 +0200').to_time} + Logon Time: #{Time.parse('2022-07-15 13:33:40 +0100').to_time} Logoff Time: Never Expires (inf) Kick Off Time: Never Expires (inf) Password Last Set: No Time Set (0) @@ -185,7 +185,7 @@ Logon Domain Name: 'DEMO.LOCAL' Client Info: Name: 'Administrator' - Client ID: #{Time.parse('2022-07-15 14:33:40 +0200').to_time} + Client ID: #{Time.parse('2022-07-15 13:33:40 +0100').to_time} Pac Requestor: SID: S-1-5-21-1266190811-2419310613-1856291569-500 Pac Attributes: diff --git a/spec/modules/auxiliary/admin/kerberos/inspect_ticket_spec.rb b/spec/modules/auxiliary/admin/kerberos/inspect_ticket_spec.rb index f20ea326cf53..7c828d93932f 100644 --- a/spec/modules/auxiliary/admin/kerberos/inspect_ticket_spec.rb +++ b/spec/modules/auxiliary/admin/kerberos/inspect_ticket_spec.rb @@ -475,10 +475,10 @@ Addresses: 0 Authdatas: 0 Times: - Auth time: #{Time.parse('2023-01-13 15:31:25 +0100').to_time} - Start time: #{Time.parse('2023-01-13 15:31:25 +0100').to_time} - End time: #{Time.parse('2033-01-10 15:31:25 +0100').to_time} - Renew Till: #{Time.parse('2033-01-10 15:31:25 +0100').to_time} + Auth time: #{Time.parse('2023-01-13 14:31:25 UTC').to_time} + Start time: #{Time.parse('2023-01-13 14:31:25 UTC').to_time} + End time: #{Time.parse('2033-01-10 14:31:25 UTC').to_time} + Renew Till: #{Time.parse('2033-01-10 14:31:25 UTC').to_time} Ticket: Ticket Version Number: 5 Realm: WINDOMAIN.LOCAL @@ -488,10 +488,10 @@ Key Version Number: 2 Decrypted (with key: 4b912be0366a6f37f4a7d571bee18b1173d93195ef76f8d1e3e81ef6172ab326): Times: - Auth time: #{Time.parse('2023-01-13 15:31:25 +0100').to_time} - Start time: #{Time.parse('2023-01-13 15:31:25 +0100').to_time} - End time: #{Time.parse('2033-01-10 15:31:25 +0100').to_time} - Renew Till: #{Time.parse('2033-01-10 15:31:25 +0100').to_time} + Auth time: #{Time.parse('2023-01-13 14:31:25 UTC').to_time} + Start time: #{Time.parse('2023-01-13 14:31:25 UTC').to_time} + End time: #{Time.parse('2033-01-10 14:31:25 UTC').to_time} + Renew Till: #{Time.parse('2033-01-10 14:31:25 UTC').to_time} Client Addresses: 0 Transited: tr_type: 0, Contents: "" Client Name: 'Administrator' @@ -501,7 +501,7 @@ Flags: 0x50a00000 (FORWARDABLE, PROXIABLE, RENEWABLE, PRE_AUTHENT) PAC: Validation Info: - Logon Time: #{Time.parse('2023-01-13 15:31:25 +0100').to_time} + Logon Time: #{Time.parse('2023-01-13 14:31:25 UTC').to_time} Logoff Time: Never Expires (inf) Kick Off Time: Never Expires (inf) Password Last Set: No Time Set (0) @@ -602,7 +602,7 @@ Logon Domain Name: 'WINDOMAIN.LOCAL' Client Info: Name: 'Administrator' - Client ID: #{Time.parse('2023-01-13 15:31:25 +0100').to_time} + Client ID: #{Time.parse('2023-01-13 14:31:25 UTC').to_time} Pac Server Checksum: Signature: 81a20da731b3b9bdd2e756dc Pac Privilege Server Checksum: @@ -630,10 +630,10 @@ Addresses: 0 Authdatas: 0 Times: - Auth time: #{Time.parse('2023-01-13 15:31:25 +0100').to_time} - Start time: #{Time.parse('2023-01-13 15:31:25 +0100').to_time} - End time: #{Time.parse('2033-01-10 15:31:25 +0100').to_time} - Renew Till: #{Time.parse('2033-01-10 15:31:25 +0100').to_time} + Auth time: #{Time.parse('2023-01-13 14:31:25 UTC').to_time} + Start time: #{Time.parse('2023-01-13 14:31:25 UTC').to_time} + End time: #{Time.parse('2033-01-10 14:31:25 UTC').to_time} + Renew Till: #{Time.parse('2033-01-10 14:31:25 UTC').to_time} Ticket: Ticket Version Number: 5 Realm: WINDOMAIN.LOCAL @@ -665,10 +665,10 @@ Addresses: 0 Authdatas: 0 Times: - Auth time: #{Time.parse('2023-01-13 15:36:39 +0100').to_time} - Start time: #{Time.parse('2023-01-13 15:36:39 +0100').to_time} - End time: #{Time.parse('2033-01-10 15:36:39 +0100').to_time} - Renew Till: #{Time.parse('2033-01-10 15:36:39 +0100').to_time} + Auth time: #{Time.parse('2023-01-13 14:36:39 UTC').to_time} + Start time: #{Time.parse('2023-01-13 14:36:39 UTC').to_time} + End time: #{Time.parse('2033-01-10 14:36:39 UTC').to_time} + Renew Till: #{Time.parse('2033-01-10 14:36:39 UTC').to_time} Ticket: Ticket Version Number: 5 Realm: WINDOMAIN.LOCAL @@ -678,10 +678,10 @@ Key Version Number: 2 Decrypted (with key: 88e4d9fabaecf3dec18dd80905521b29): Times: - Auth time: #{Time.parse('2023-01-13 15:36:39 +0100').to_time} - Start time: #{Time.parse('2023-01-13 15:36:39 +0100').to_time} - End time: #{Time.parse('2033-01-10 15:36:39 +0100').to_time} - Renew Till: #{Time.parse('2033-01-10 15:36:39 +0100').to_time} + Auth time: #{Time.parse('2023-01-13 14:36:39 UTC').to_time} + Start time: #{Time.parse('2023-01-13 14:36:39 UTC').to_time} + End time: #{Time.parse('2033-01-10 14:36:39 UTC').to_time} + Renew Till: #{Time.parse('2033-01-10 14:36:39 UTC').to_time} Client Addresses: 0 Transited: tr_type: 0, Contents: "" Client Name: 'Administrator' @@ -691,7 +691,7 @@ Flags: 0x50a00000 (FORWARDABLE, PROXIABLE, RENEWABLE, PRE_AUTHENT) PAC: Validation Info: - Logon Time: #{Time.parse('2023-01-13 15:36:39 +0100').to_time} + Logon Time: #{Time.parse('2023-01-13 14:36:39 UTC').to_time} Logoff Time: Never Expires (inf) Kick Off Time: Never Expires (inf) Password Last Set: No Time Set (0) @@ -792,7 +792,7 @@ Logon Domain Name: 'WINDOMAIN.LOCAL' Client Info: Name: 'Administrator' - Client ID: #{Time.parse('2023-01-13 15:36:39 +0100').to_time} + Client ID: #{Time.parse('2023-01-13 14:36:39 UTC').to_time} Pac Server Checksum: Signature: 1a038d8dd257a7d9b875280259ab0e4a Pac Privilege Server Checksum: @@ -820,10 +820,10 @@ Addresses: 0 Authdatas: 0 Times: - Auth time: #{Time.parse('2023-01-13 15:36:39 +0100').to_time} - Start time: #{Time.parse('2023-01-13 15:36:39 +0100').to_time} - End time: #{Time.parse('2033-01-10 15:36:39 +0100').to_time} - Renew Till: #{Time.parse('2033-01-10 15:36:39 +0100').to_time} + Auth time: #{Time.parse('2023-01-13 14:36:39 UTC').to_time} + Start time: #{Time.parse('2023-01-13 14:36:39 UTC').to_time} + End time: #{Time.parse('2033-01-10 14:36:39 UTC').to_time} + Renew Till: #{Time.parse('2033-01-10 14:36:39 UTC').to_time} Ticket: Ticket Version Number: 5 Realm: WINDOMAIN.LOCAL From 0476b4e1671fdd09cbba32948f4614c1af38cc1f Mon Sep 17 00:00:00 2001 From: Arne De Herdt Date: Tue, 12 Nov 2024 15:38:03 +0100 Subject: [PATCH 21/40] Timezone shennagings --- .../admin/kerberos/forge_ticket_spec.rb | 8 +-- .../admin/kerberos/inspect_ticket_spec.rb | 56 +++++++++---------- 2 files changed, 32 insertions(+), 32 deletions(-) diff --git a/spec/modules/auxiliary/admin/kerberos/forge_ticket_spec.rb b/spec/modules/auxiliary/admin/kerberos/forge_ticket_spec.rb index b64200d39776..6a70c4e843b0 100644 --- a/spec/modules/auxiliary/admin/kerberos/forge_ticket_spec.rb +++ b/spec/modules/auxiliary/admin/kerberos/forge_ticket_spec.rb @@ -69,10 +69,10 @@ Key Version Number: 2 Decrypted (with key: 767400b2c71afa35a5dca216f2389cd9): Times: - Auth time: #{Time.parse('2022-07-15 12:33:40 UTC').to_time} - Start time: #{Time.parse('2022-07-15 12:33:40 UTC').to_time} - End time: #{Time.parse('2032-07-12 12:33:40 UTC').to_time} - Renew Till: #{Time.parse('2032-07-12 12:33:40 UTC').to_time} + Auth time: #{Time.parse('2022-07-15 12:33:40 +0000').to_time} + Start time: #{Time.parse('2022-07-15 12:33:40 +0000').to_time} + End time: #{Time.parse('2032-07-12 12:33:40 +0000').to_time} + Renew Till: #{Time.parse('2032-07-12 12:33:40 +0000').to_time} Client Addresses: 0 Transited: tr_type: 0, Contents: "" Client Name: 'Administrator' diff --git a/spec/modules/auxiliary/admin/kerberos/inspect_ticket_spec.rb b/spec/modules/auxiliary/admin/kerberos/inspect_ticket_spec.rb index 7c828d93932f..04cdd401a7f8 100644 --- a/spec/modules/auxiliary/admin/kerberos/inspect_ticket_spec.rb +++ b/spec/modules/auxiliary/admin/kerberos/inspect_ticket_spec.rb @@ -475,10 +475,10 @@ Addresses: 0 Authdatas: 0 Times: - Auth time: #{Time.parse('2023-01-13 14:31:25 UTC').to_time} - Start time: #{Time.parse('2023-01-13 14:31:25 UTC').to_time} - End time: #{Time.parse('2033-01-10 14:31:25 UTC').to_time} - Renew Till: #{Time.parse('2033-01-10 14:31:25 UTC').to_time} + Auth time: #{Time.parse('2023-01-13 14:31:25 +0000').to_time} + Start time: #{Time.parse('2023-01-13 14:31:25 +0000').to_time} + End time: #{Time.parse('2033-01-10 14:31:25 +0000').to_time} + Renew Till: #{Time.parse('2033-01-10 14:31:25 +0000').to_time} Ticket: Ticket Version Number: 5 Realm: WINDOMAIN.LOCAL @@ -488,10 +488,10 @@ Key Version Number: 2 Decrypted (with key: 4b912be0366a6f37f4a7d571bee18b1173d93195ef76f8d1e3e81ef6172ab326): Times: - Auth time: #{Time.parse('2023-01-13 14:31:25 UTC').to_time} - Start time: #{Time.parse('2023-01-13 14:31:25 UTC').to_time} - End time: #{Time.parse('2033-01-10 14:31:25 UTC').to_time} - Renew Till: #{Time.parse('2033-01-10 14:31:25 UTC').to_time} + Auth time: #{Time.parse('2023-01-13 14:31:25 +0000').to_time} + Start time: #{Time.parse('2023-01-13 14:31:25 +0000').to_time} + End time: #{Time.parse('2033-01-10 14:31:25 +0000').to_time} + Renew Till: #{Time.parse('2033-01-10 14:31:25 +0000').to_time} Client Addresses: 0 Transited: tr_type: 0, Contents: "" Client Name: 'Administrator' @@ -501,7 +501,7 @@ Flags: 0x50a00000 (FORWARDABLE, PROXIABLE, RENEWABLE, PRE_AUTHENT) PAC: Validation Info: - Logon Time: #{Time.parse('2023-01-13 14:31:25 UTC').to_time} + Logon Time: #{Time.parse('2023-01-13 14:31:25 +0000').to_time} Logoff Time: Never Expires (inf) Kick Off Time: Never Expires (inf) Password Last Set: No Time Set (0) @@ -602,7 +602,7 @@ Logon Domain Name: 'WINDOMAIN.LOCAL' Client Info: Name: 'Administrator' - Client ID: #{Time.parse('2023-01-13 14:31:25 UTC').to_time} + Client ID: #{Time.parse('2023-01-13 14:31:25 +0000').to_time} Pac Server Checksum: Signature: 81a20da731b3b9bdd2e756dc Pac Privilege Server Checksum: @@ -630,10 +630,10 @@ Addresses: 0 Authdatas: 0 Times: - Auth time: #{Time.parse('2023-01-13 14:31:25 UTC').to_time} - Start time: #{Time.parse('2023-01-13 14:31:25 UTC').to_time} - End time: #{Time.parse('2033-01-10 14:31:25 UTC').to_time} - Renew Till: #{Time.parse('2033-01-10 14:31:25 UTC').to_time} + Auth time: #{Time.parse('2023-01-13 14:31:25 +0000').to_time} + Start time: #{Time.parse('2023-01-13 14:31:25 +0000').to_time} + End time: #{Time.parse('2033-01-10 14:31:25 +0000').to_time} + Renew Till: #{Time.parse('2033-01-10 14:31:25 +0000').to_time} Ticket: Ticket Version Number: 5 Realm: WINDOMAIN.LOCAL @@ -665,10 +665,10 @@ Addresses: 0 Authdatas: 0 Times: - Auth time: #{Time.parse('2023-01-13 14:36:39 UTC').to_time} - Start time: #{Time.parse('2023-01-13 14:36:39 UTC').to_time} - End time: #{Time.parse('2033-01-10 14:36:39 UTC').to_time} - Renew Till: #{Time.parse('2033-01-10 14:36:39 UTC').to_time} + Auth time: #{Time.parse('2023-01-13 14:36:39 +0000').to_time} + Start time: #{Time.parse('2023-01-13 14:36:39 +0000').to_time} + End time: #{Time.parse('2033-01-10 14:36:39 +0000').to_time} + Renew Till: #{Time.parse('2033-01-10 14:36:39 +0000').to_time} Ticket: Ticket Version Number: 5 Realm: WINDOMAIN.LOCAL @@ -678,10 +678,10 @@ Key Version Number: 2 Decrypted (with key: 88e4d9fabaecf3dec18dd80905521b29): Times: - Auth time: #{Time.parse('2023-01-13 14:36:39 UTC').to_time} - Start time: #{Time.parse('2023-01-13 14:36:39 UTC').to_time} - End time: #{Time.parse('2033-01-10 14:36:39 UTC').to_time} - Renew Till: #{Time.parse('2033-01-10 14:36:39 UTC').to_time} + Auth time: #{Time.parse('2023-01-13 14:36:39 +0000').to_time} + Start time: #{Time.parse('2023-01-13 14:36:39 +0000').to_time} + End time: #{Time.parse('2033-01-10 14:36:39 +0000').to_time} + Renew Till: #{Time.parse('2033-01-10 14:36:39 +0000').to_time} Client Addresses: 0 Transited: tr_type: 0, Contents: "" Client Name: 'Administrator' @@ -691,7 +691,7 @@ Flags: 0x50a00000 (FORWARDABLE, PROXIABLE, RENEWABLE, PRE_AUTHENT) PAC: Validation Info: - Logon Time: #{Time.parse('2023-01-13 14:36:39 UTC').to_time} + Logon Time: #{Time.parse('2023-01-13 14:36:39 +0000').to_time} Logoff Time: Never Expires (inf) Kick Off Time: Never Expires (inf) Password Last Set: No Time Set (0) @@ -792,7 +792,7 @@ Logon Domain Name: 'WINDOMAIN.LOCAL' Client Info: Name: 'Administrator' - Client ID: #{Time.parse('2023-01-13 14:36:39 UTC').to_time} + Client ID: #{Time.parse('2023-01-13 14:36:39 +0000').to_time} Pac Server Checksum: Signature: 1a038d8dd257a7d9b875280259ab0e4a Pac Privilege Server Checksum: @@ -820,10 +820,10 @@ Addresses: 0 Authdatas: 0 Times: - Auth time: #{Time.parse('2023-01-13 14:36:39 UTC').to_time} - Start time: #{Time.parse('2023-01-13 14:36:39 UTC').to_time} - End time: #{Time.parse('2033-01-10 14:36:39 UTC').to_time} - Renew Till: #{Time.parse('2033-01-10 14:36:39 UTC').to_time} + Auth time: #{Time.parse('2023-01-13 14:36:39 +0000').to_time} + Start time: #{Time.parse('2023-01-13 14:36:39 +0000').to_time} + End time: #{Time.parse('2033-01-10 14:36:39 +0000').to_time} + Renew Till: #{Time.parse('2033-01-10 14:36:39 +0000').to_time} Ticket: Ticket Version Number: 5 Realm: WINDOMAIN.LOCAL From 348dca3b2ea4f0df460ff0307baa3630f85eec15 Mon Sep 17 00:00:00 2001 From: Arne De Herdt Date: Tue, 12 Nov 2024 17:03:56 +0100 Subject: [PATCH 22/40] More Rails 7.1 behavior changes and timezone --- config/application.rb | 25 +++++++++ config/database.yml.example | 1 + config/database.yml.github_actions | 1 + config/database.yml.vagrant | 1 + docker-compose.override.yml | 2 +- docker-compose.yml | 2 +- .../command_dispatcher/db/klist_spec.rb | 48 ++++++++-------- .../krb5_ccache_presenter_spec.rb | 28 +++++----- .../admin/kerberos/forge_ticket_spec.rb | 8 +-- .../admin/kerberos/inspect_ticket_spec.rb | 56 +++++++++---------- .../auxiliary/admin/kerberos/keytab_spec.rb | 28 +++++----- spec/spec_helper.rb | 2 + 12 files changed, 116 insertions(+), 86 deletions(-) diff --git a/config/application.rb b/config/application.rb index b53d68bf1016..e438fbe707ac 100644 --- a/config/application.rb +++ b/config/application.rb @@ -48,12 +48,37 @@ class Application < Rails::Application # The cache behavior changed with Rails 7.1, and requires the desired version to be set. config.active_support.cache_format_version = 7.1 + # Timezone shenanigans + config.time_zone = 'Europe/Dublin' + if config.respond_to?(:active_record) # The default column serializer was YAML prior to Rails 7.1 config.active_record.default_column_serializer = ::YAML # Timezone settings config.active_record.default_timezone = :utc + + # Partials inserts are disabled by default in Rails 7 + # This only writes attributes that changed. + config.active_record.partial_inserts = true + + # Foreign Key Validation - Belongs-to + # Was not enabled by default + config.active_record.belongs_to_required_validates_foreign_key = true + + # This behavior changed in 7.1 + config.active_record.commit_transaction_on_non_local_return = false + + # Originally allowed but silently ignored, raises in 7.1 + config.active_record.raise_on_assign_to_attr_readonly = false + + # Rails originally ran the callbacks on the first commit change. + # In Rails 7.1 this is done on all models, so we need to retain the behavior for now. + config.active_record.run_commit_callbacks_on_first_saved_instances_in_transaction = true + + # Rails 7.1 will execute after commit callbacks in order they are defined. + # Originally it was in reverse order. + config.active_record.run_after_transaction_callbacks_in_order_defined = false end # We never eager load files. diff --git a/config/database.yml.example b/config/database.yml.example index 1df94d345174..eefd3519d59d 100644 --- a/config/database.yml.example +++ b/config/database.yml.example @@ -5,6 +5,7 @@ # managing your database, which may be more convenient than rolling your own. development: &pgsql + allow_concurrency: true adapter: postgresql database: metasploit_framework_development username: metasploit_framework_development diff --git a/config/database.yml.github_actions b/config/database.yml.github_actions index 25d9be8a891a..cd6de837555d 100644 --- a/config/database.yml.github_actions +++ b/config/database.yml.github_actions @@ -7,6 +7,7 @@ # # update password fields for each environment's user development: &pgsql + allow_concurrency: true adapter: postgresql database: metasploit_framework_development port: 5432 diff --git a/config/database.yml.vagrant b/config/database.yml.vagrant index 082359e61aba..721acbbdabf4 100644 --- a/config/database.yml.vagrant +++ b/config/database.yml.vagrant @@ -1,4 +1,5 @@ development: &pgsql + allow_concurrency: true adapter: postgresql database: msf_dev_db username: vagrant diff --git a/docker-compose.override.yml b/docker-compose.override.yml index 8c62cb262eff..6849e6e3bda4 100644 --- a/docker-compose.override.yml +++ b/docker-compose.override.yml @@ -7,6 +7,6 @@ services: BUNDLER_ARGS: --jobs=8 image: metasploit:dev environment: - DATABASE_URL: postgres://postgres@db:5432/msf_dev?pool=200&timeout=5&reconnect=true + DATABASE_URL: postgres://postgres@db:5432/msf_dev?pool=200&timeout=5&reconnect=true&allow_concurrency=true volumes: - .:/usr/src/metasploit-framework diff --git a/docker-compose.yml b/docker-compose.yml index 1edc215ef9d5..e7f8812d7e2e 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -2,7 +2,7 @@ services: ms: image: metasploitframework/metasploit-framework:latest environment: - DATABASE_URL: postgres://postgres@db:5432/msf?pool=200&timeout=5&reconnect=true + DATABASE_URL: postgres://postgres@db:5432/msf?pool=200&timeout=5&reconnect=true&allow_concurrency=true links: - db ports: diff --git a/spec/lib/msf/ui/console/command_dispatcher/db/klist_spec.rb b/spec/lib/msf/ui/console/command_dispatcher/db/klist_spec.rb index d51739d50b8f..6ea4d99f93fc 100644 --- a/spec/lib/msf/ui/console/command_dispatcher/db/klist_spec.rb +++ b/spec/lib/msf/ui/console/command_dispatcher/db/klist_spec.rb @@ -209,8 +209,8 @@ def as_ccache(data) ============== id host principal sname enctype issued status path -- ---- --------- ----- ------- ------ ------ ---- - [id] 192.0.2.2 Administrator@WINDOMAIN.LOCAL krbtgt/WINDOMAIN.LOCAL@WINDOMAIN.LOCAL AES256 #{Time.parse('2022-11-28 15:51:29 +0000').to_time} active #{valid_ccache_path} - [id] 192.0.2.24 Administrator@ADF3.LOCAL krbtgt/ADF3.LOCAL@ADF3.LOCAL AES256 #{Time.parse('2022-12-16 12:05:05 +0000').to_time} >>expired<< #{expired_ccache_path} + [id] 192.0.2.2 Administrator@WINDOMAIN.LOCAL krbtgt/WINDOMAIN.LOCAL@WINDOMAIN.LOCAL AES256 #{Time.parse('2022-11-28 16:51:29 +0100').to_time} active #{valid_ccache_path} + [id] 192.0.2.24 Administrator@ADF3.LOCAL krbtgt/ADF3.LOCAL@ADF3.LOCAL AES256 #{Time.parse('2022-12-16 13:05:05 +0100').to_time} >>expired<< #{expired_ccache_path} TABLE end end @@ -223,7 +223,7 @@ def as_ccache(data) ============== id host principal sname enctype issued status path -- ---- --------- ----- ------- ------ ------ ---- - [id] 192.0.2.2 Administrator@WINDOMAIN.LOCAL krbtgt/WINDOMAIN.LOCAL@WINDOMAIN.LOCAL AES256 #{Time.parse('2022-11-28 15:51:29 +0000').to_time} active #{valid_ccache_path} + [id] 192.0.2.2 Administrator@WINDOMAIN.LOCAL krbtgt/WINDOMAIN.LOCAL@WINDOMAIN.LOCAL AES256 #{Time.parse('2022-11-28 16:51:29 +0100').to_time} active #{valid_ccache_path} TABLE end end @@ -270,10 +270,10 @@ def as_ccache(data) Addresses: 0 Authdatas: 0 Times: - Auth time: #{Time.parse('2022-11-28 15:51:29 +0000').to_time} - Start time: #{Time.parse('2022-11-28 15:51:29 +0000').to_time} - End time: #{Time.parse('2032-11-25 15:51:29 +0000').to_time} - Renew Till: #{Time.parse('2032-11-25 15:51:29 +0000').to_time} + Auth time: #{Time.parse('2022-11-28 16:51:29 +0100').to_time} + Start time: #{Time.parse('2022-11-28 16:51:29 +0100').to_time} + End time: #{Time.parse('2032-11-25 16:51:29 +0100').to_time} + Renew Till: #{Time.parse('2032-11-25 16:51:29 +0100').to_time} Ticket: Ticket Version Number: 5 Realm: WINDOMAIN.LOCAL @@ -298,8 +298,8 @@ def as_ccache(data) ============== id host principal sname enctype issued status path -- ---- --------- ----- ------- ------ ------ ---- - [id] 192.0.2.2 Administrator@WINDOMAIN.LOCAL krbtgt/WINDOMAIN.LOCAL@WINDOMAIN.LOCAL AES256 #{Time.parse('2022-11-28 15:51:29 +0000').to_time} active #{old_valid_ccache_path} - [id] 192.0.2.24 Administrator@ADF3.LOCAL krbtgt/ADF3.LOCAL@ADF3.LOCAL AES256 #{Time.parse('2022-12-16 12:05:05 +0000').to_time} >>expired<< #{old_expired_ccache_path} + [id] 192.0.2.2 Administrator@WINDOMAIN.LOCAL krbtgt/WINDOMAIN.LOCAL@WINDOMAIN.LOCAL AES256 #{Time.parse('2022-11-28 16:51:29 +0100').to_time} active #{old_valid_ccache_path} + [id] 192.0.2.24 Administrator@ADF3.LOCAL krbtgt/ADF3.LOCAL@ADF3.LOCAL AES256 #{Time.parse('2022-12-16 13:05:05 +0100').to_time} >>expired<< #{old_expired_ccache_path} Deleted 2 entries TABLE expect(kerberos_ticket_storage.tickets.length).to eq(0) @@ -314,7 +314,7 @@ def as_ccache(data) ============== id host principal sname enctype issued status path -- ---- --------- ----- ------- ------ ------ ---- - [id] 192.0.2.2 Administrator@WINDOMAIN.LOCAL krbtgt/WINDOMAIN.LOCAL@WINDOMAIN.LOCAL AES256 #{Time.parse('2022-11-28 15:51:29 +0000').to_time} active #{valid_ccache_path} + [id] 192.0.2.2 Administrator@WINDOMAIN.LOCAL krbtgt/WINDOMAIN.LOCAL@WINDOMAIN.LOCAL AES256 #{Time.parse('2022-11-28 16:51:29 +0100').to_time} active #{valid_ccache_path} TABLE end end @@ -327,8 +327,8 @@ def as_ccache(data) ============== id host principal sname enctype issued status path -- ---- --------- ----- ------- ------ ------ ---- - [id] 192.0.2.2 Administrator@WINDOMAIN.LOCAL krbtgt/WINDOMAIN.LOCAL@WINDOMAIN.LOCAL AES256 #{Time.parse('2022-11-28 15:51:29 +0000').to_time} active #{valid_ccache_path} - [id] 192.0.2.24 Administrator@ADF3.LOCAL krbtgt/ADF3.LOCAL@ADF3.LOCAL AES256 #{Time.parse('2022-12-16 12:05:05 +0000').to_time} >>expired<< #{expired_ccache_path} + [id] 192.0.2.2 Administrator@WINDOMAIN.LOCAL krbtgt/WINDOMAIN.LOCAL@WINDOMAIN.LOCAL AES256 #{Time.parse('2022-11-28 16:51:29 +0100').to_time} active #{valid_ccache_path} + [id] 192.0.2.24 Administrator@ADF3.LOCAL krbtgt/ADF3.LOCAL@ADF3.LOCAL AES256 #{Time.parse('2022-12-16 13:05:05 +0100').to_time} >>expired<< #{expired_ccache_path} TABLE end end @@ -341,8 +341,8 @@ def as_ccache(data) ============== id host principal sname enctype issued status path -- ---- --------- ----- ------- ------ ------ ---- - [id] 192.0.2.2 Administrator@WINDOMAIN.LOCAL krbtgt/WINDOMAIN.LOCAL@WINDOMAIN.LOCAL AES256 #{Time.parse('2022-11-28 15:51:29 +0000').to_time} active #{valid_ccache_path} - [id] 192.0.2.24 Administrator@ADF3.LOCAL krbtgt/ADF3.LOCAL@ADF3.LOCAL AES256 #{Time.parse('2022-12-16 12:05:05 +0000').to_time} >>expired<< #{expired_ccache_path} + [id] 192.0.2.2 Administrator@WINDOMAIN.LOCAL krbtgt/WINDOMAIN.LOCAL@WINDOMAIN.LOCAL AES256 #{Time.parse('2022-11-28 16:51:29 +0100').to_time} active #{valid_ccache_path} + [id] 192.0.2.24 Administrator@ADF3.LOCAL krbtgt/ADF3.LOCAL@ADF3.LOCAL AES256 #{Time.parse('2022-12-16 13:05:05 +0100').to_time} >>expired<< #{expired_ccache_path} TABLE end end @@ -355,8 +355,8 @@ def as_ccache(data) ============== id host principal sname enctype issued status path -- ---- --------- ----- ------- ------ ------ ---- - [id] 192.0.2.2 Administrator@WINDOMAIN.LOCAL krbtgt/WINDOMAIN.LOCAL@WINDOMAIN.LOCAL AES256 #{Time.parse('2022-11-28 15:51:29 +0000').to_time} active #{valid_ccache_path} - [id] 192.0.2.24 Administrator@ADF3.LOCAL krbtgt/ADF3.LOCAL@ADF3.LOCAL AES256 #{Time.parse('2022-12-16 12:05:05 +0000').to_time} >>expired<< #{expired_ccache_path} + [id] 192.0.2.2 Administrator@WINDOMAIN.LOCAL krbtgt/WINDOMAIN.LOCAL@WINDOMAIN.LOCAL AES256 #{Time.parse('2022-11-28 16:51:29 +0100').to_time} active #{valid_ccache_path} + [id] 192.0.2.24 Administrator@ADF3.LOCAL krbtgt/ADF3.LOCAL@ADF3.LOCAL AES256 #{Time.parse('2022-12-16 13:05:05 +0100').to_time} >>expired<< #{expired_ccache_path} TABLE end end @@ -369,8 +369,8 @@ def as_ccache(data) ============== id host principal sname enctype issued status path -- ---- --------- ----- ------- ------ ------ ---- - [id] 192.0.2.2 Administrator@WINDOMAIN.LOCAL krbtgt/WINDOMAIN.LOCAL@WINDOMAIN.LOCAL AES256 #{Time.parse('2022-11-28 15:51:29 +0000').to_time} active #{valid_ccache_path} - [id] 192.0.2.24 Administrator@ADF3.LOCAL krbtgt/ADF3.LOCAL@ADF3.LOCAL AES256 #{Time.parse('2022-12-16 12:05:05 +0000').to_time} >>expired<< #{expired_ccache_path} + [id] 192.0.2.2 Administrator@WINDOMAIN.LOCAL krbtgt/WINDOMAIN.LOCAL@WINDOMAIN.LOCAL AES256 #{Time.parse('2022-11-28 16:51:29 +0100').to_time} active #{valid_ccache_path} + [id] 192.0.2.24 Administrator@ADF3.LOCAL krbtgt/ADF3.LOCAL@ADF3.LOCAL AES256 #{Time.parse('2022-12-16 13:05:05 +0100').to_time} >>expired<< #{expired_ccache_path} TABLE end end @@ -420,8 +420,8 @@ def as_ccache(data) ============== id host principal sname enctype issued status path -- ---- --------- ----- ------- ------ ------ ---- - [id] 192.0.2.2 Administrator@WINDOMAIN.LOCAL krbtgt/WINDOMAIN.LOCAL@WINDOMAIN.LOCAL AES256 #{Time.parse('2022-11-28 15:51:29 +0000').to_time} inactive #{valid_ccache_path} - [id] 192.0.2.24 Administrator@ADF3.LOCAL krbtgt/ADF3.LOCAL@ADF3.LOCAL AES256 #{Time.parse('2022-12-16 12:05:05 +0000').to_time} >>expired<< #{expired_ccache_path} + [id] 192.0.2.2 Administrator@WINDOMAIN.LOCAL krbtgt/WINDOMAIN.LOCAL@WINDOMAIN.LOCAL AES256 #{Time.parse('2022-11-28 16:51:29 +0100').to_time} inactive #{valid_ccache_path} + [id] 192.0.2.24 Administrator@ADF3.LOCAL krbtgt/ADF3.LOCAL@ADF3.LOCAL AES256 #{Time.parse('2022-12-16 13:05:05 +0100').to_time} >>expired<< #{expired_ccache_path} Deactivated 2 entries TABLE end @@ -441,8 +441,8 @@ def as_ccache(data) ============== id host principal sname enctype issued status path -- ---- --------- ----- ------- ------ ------ ---- - [id] 192.0.2.2 Administrator@WINDOMAIN.LOCAL krbtgt/WINDOMAIN.LOCAL@WINDOMAIN.LOCAL AES256 #{Time.parse('2022-11-28 15:51:29 +0000').to_time} active #{valid_ccache_path} - [id] 192.0.2.24 Administrator@ADF3.LOCAL krbtgt/ADF3.LOCAL@ADF3.LOCAL AES256 #{Time.parse('2022-12-16 12:05:05 +0000').to_time} >>expired<< #{expired_ccache_path} + [id] 192.0.2.2 Administrator@WINDOMAIN.LOCAL krbtgt/WINDOMAIN.LOCAL@WINDOMAIN.LOCAL AES256 #{Time.parse('2022-11-28 16:51:29 +0100').to_time} active #{valid_ccache_path} + [id] 192.0.2.24 Administrator@ADF3.LOCAL krbtgt/ADF3.LOCAL@ADF3.LOCAL AES256 #{Time.parse('2022-12-16 13:05:05 +0100').to_time} >>expired<< #{expired_ccache_path} Activated 2 entries TABLE end @@ -459,7 +459,7 @@ def as_ccache(data) ============== id host principal sname enctype issued status path -- ---- --------- ----- ------- ------ ------ ---- - [id] 192.0.2.2 Administrator@WINDOMAIN.LOCAL krbtgt/WINDOMAIN.LOCAL@WINDOMAIN.LOCAL AES256 #{Time.parse('2022-11-28 15:51:29 +0000').to_time} active #{old_valid_ccache_path} + [id] 192.0.2.2 Administrator@WINDOMAIN.LOCAL krbtgt/WINDOMAIN.LOCAL@WINDOMAIN.LOCAL AES256 #{Time.parse('2022-11-28 16:51:29 +0100').to_time} active #{old_valid_ccache_path} Deleted 1 entry TABLE expect(kerberos_ticket_storage.tickets.length).to eq(1) @@ -474,7 +474,7 @@ def as_ccache(data) ============== id host principal sname enctype issued status path -- ---- --------- ----- ------- ------ ------ ---- - [id] 192.0.2.2 Administrator@WINDOMAIN.LOCAL krbtgt/WINDOMAIN.LOCAL@WINDOMAIN.LOCAL AES256 #{Time.parse('2022-11-28 15:51:29 +0000').to_time} inactive #{valid_ccache_path} + [id] 192.0.2.2 Administrator@WINDOMAIN.LOCAL krbtgt/WINDOMAIN.LOCAL@WINDOMAIN.LOCAL AES256 #{Time.parse('2022-11-28 16:51:29 +0100').to_time} inactive #{valid_ccache_path} Deactivated 1 entry TABLE end diff --git a/spec/lib/rex/proto/kerberos/credential_cache/krb5_ccache_presenter_spec.rb b/spec/lib/rex/proto/kerberos/credential_cache/krb5_ccache_presenter_spec.rb index b23f7a9eaff7..4f27e89e3296 100644 --- a/spec/lib/rex/proto/kerberos/credential_cache/krb5_ccache_presenter_spec.rb +++ b/spec/lib/rex/proto/kerberos/credential_cache/krb5_ccache_presenter_spec.rb @@ -124,10 +124,10 @@ Addresses: 0 Authdatas: 0 Times: - Auth time: #{Time.parse('2022-11-28 15:51:29 +0000').to_time} - Start time: #{Time.parse('2022-11-28 15:51:29 +0000').to_time} - End time: #{Time.parse('2032-11-25 15:51:29 +0000').to_time} - Renew Till: #{Time.parse('2032-11-25 15:51:29 +0000').to_time} + Auth time: #{Time.parse('2022-11-28 16:51:29 +0100').to_time} + Start time: #{Time.parse('2022-11-28 16:51:29 +0100').to_time} + End time: #{Time.parse('2032-11-25 16:51:29 +0100').to_time} + Renew Till: #{Time.parse('2032-11-25 16:51:29 +0100').to_time} Ticket: Ticket Version Number: 5 Realm: WINDOMAIN.LOCAL @@ -157,10 +157,10 @@ Addresses: 0 Authdatas: 0 Times: - Auth time: #{Time.parse('2022-11-28 15:51:29 +0000').to_time} - Start time: #{Time.parse('2022-11-28 15:51:29 +0000').to_time} - End time: #{Time.parse('2032-11-25 15:51:29 +0000').to_time} - Renew Till: #{Time.parse('2032-11-25 15:51:29 +0000').to_time} + Auth time: #{Time.parse('2022-11-28 16:51:29 +0100').to_time} + Start time: #{Time.parse('2022-11-28 16:51:29 +0100').to_time} + End time: #{Time.parse('2032-11-25 16:51:29 +0100').to_time} + Renew Till: #{Time.parse('2032-11-25 16:51:29 +0100').to_time} Ticket: Ticket Version Number: 5 Realm: WINDOMAIN.LOCAL @@ -170,10 +170,10 @@ Key Version Number: 2 Decrypted (with key: 4b912be0366a6f37f4a7d571bee18b1173d93195ef76f8d1e3e81ef6172ab326): Times: - Auth time: #{Time.parse('2022-11-28 15:51:29 +0000').to_time} - Start time: #{Time.parse('2022-11-28 15:51:29 +0000').to_time} - End time: #{Time.parse('2032-11-25 15:51:29 +0000').to_time} - Renew Till: #{Time.parse('2032-11-25 15:51:29 +0000').to_time} + Auth time: #{Time.parse('2022-11-28 16:51:29 +0100').to_time} + Start time: #{Time.parse('2022-11-28 16:51:29 +0100').to_time} + End time: #{Time.parse('2032-11-25 16:51:29 +0100').to_time} + Renew Till: #{Time.parse('2032-11-25 16:51:29 +0100').to_time} Client Addresses: 0 Transited: tr_type: 0, Contents: "" Client Name: 'Administrator' @@ -183,7 +183,7 @@ Flags: 0x50e00000 (FORWARDABLE, PROXIABLE, RENEWABLE, INITIAL, PRE_AUTHENT) PAC: Validation Info: - Logon Time: #{Time.parse('2022-11-28 15:51:29 +0000').to_time} + Logon Time: #{Time.parse('2022-11-28 16:51:29 +0100').to_time} Logoff Time: Never Expires (inf) Kick Off Time: Never Expires (inf) Password Last Set: No Time Set (0) @@ -284,7 +284,7 @@ Logon Domain Name: 'WINDOMAIN.LOCAL' Client Info: Name: 'Administrator' - Client ID: #{Time.parse('2022-11-28 15:51:29 +0000').to_time} + Client ID: #{Time.parse('2022-11-28 16:51:29 +0100').to_time} Pac Server Checksum: Signature: 5eb9400bcab42babcd598210 Pac Privilege Server Checksum: diff --git a/spec/modules/auxiliary/admin/kerberos/forge_ticket_spec.rb b/spec/modules/auxiliary/admin/kerberos/forge_ticket_spec.rb index 6a70c4e843b0..0def48ed114a 100644 --- a/spec/modules/auxiliary/admin/kerberos/forge_ticket_spec.rb +++ b/spec/modules/auxiliary/admin/kerberos/forge_ticket_spec.rb @@ -56,8 +56,8 @@ Addresses: 0 Authdatas: 0 Times: - Auth time: #{Time.parse('2022-07-15 13:33:40 +0100').to_time} - Start time: #{Time.parse('2022-07-15 13:33:40 +0100').to_time} + Auth time: #{Time.parse(' 2022-07-15 14:33:40 +0200').to_time} + Start time: #{Time.parse(' 2022-07-15 14:33:40 +0200').to_time} End time: #{Time.parse('2032-07-12 13:33:40 +0100').to_time} Renew Till: #{Time.parse('2032-07-12 13:33:40 +0100').to_time} Ticket: @@ -82,7 +82,7 @@ Flags: 0x50e00000 (FORWARDABLE, PROXIABLE, RENEWABLE, INITIAL, PRE_AUTHENT) PAC: Validation Info: - Logon Time: #{Time.parse('2022-07-15 13:33:40 +0100').to_time} + Logon Time: #{Time.parse(' 2022-07-15 14:33:40 +0200').to_time} Logoff Time: Never Expires (inf) Kick Off Time: Never Expires (inf) Password Last Set: No Time Set (0) @@ -185,7 +185,7 @@ Logon Domain Name: 'DEMO.LOCAL' Client Info: Name: 'Administrator' - Client ID: #{Time.parse('2022-07-15 13:33:40 +0100').to_time} + Client ID: #{Time.parse(' 2022-07-15 14:33:40 +0200').to_time} Pac Requestor: SID: S-1-5-21-1266190811-2419310613-1856291569-500 Pac Attributes: diff --git a/spec/modules/auxiliary/admin/kerberos/inspect_ticket_spec.rb b/spec/modules/auxiliary/admin/kerberos/inspect_ticket_spec.rb index 04cdd401a7f8..f20ea326cf53 100644 --- a/spec/modules/auxiliary/admin/kerberos/inspect_ticket_spec.rb +++ b/spec/modules/auxiliary/admin/kerberos/inspect_ticket_spec.rb @@ -475,10 +475,10 @@ Addresses: 0 Authdatas: 0 Times: - Auth time: #{Time.parse('2023-01-13 14:31:25 +0000').to_time} - Start time: #{Time.parse('2023-01-13 14:31:25 +0000').to_time} - End time: #{Time.parse('2033-01-10 14:31:25 +0000').to_time} - Renew Till: #{Time.parse('2033-01-10 14:31:25 +0000').to_time} + Auth time: #{Time.parse('2023-01-13 15:31:25 +0100').to_time} + Start time: #{Time.parse('2023-01-13 15:31:25 +0100').to_time} + End time: #{Time.parse('2033-01-10 15:31:25 +0100').to_time} + Renew Till: #{Time.parse('2033-01-10 15:31:25 +0100').to_time} Ticket: Ticket Version Number: 5 Realm: WINDOMAIN.LOCAL @@ -488,10 +488,10 @@ Key Version Number: 2 Decrypted (with key: 4b912be0366a6f37f4a7d571bee18b1173d93195ef76f8d1e3e81ef6172ab326): Times: - Auth time: #{Time.parse('2023-01-13 14:31:25 +0000').to_time} - Start time: #{Time.parse('2023-01-13 14:31:25 +0000').to_time} - End time: #{Time.parse('2033-01-10 14:31:25 +0000').to_time} - Renew Till: #{Time.parse('2033-01-10 14:31:25 +0000').to_time} + Auth time: #{Time.parse('2023-01-13 15:31:25 +0100').to_time} + Start time: #{Time.parse('2023-01-13 15:31:25 +0100').to_time} + End time: #{Time.parse('2033-01-10 15:31:25 +0100').to_time} + Renew Till: #{Time.parse('2033-01-10 15:31:25 +0100').to_time} Client Addresses: 0 Transited: tr_type: 0, Contents: "" Client Name: 'Administrator' @@ -501,7 +501,7 @@ Flags: 0x50a00000 (FORWARDABLE, PROXIABLE, RENEWABLE, PRE_AUTHENT) PAC: Validation Info: - Logon Time: #{Time.parse('2023-01-13 14:31:25 +0000').to_time} + Logon Time: #{Time.parse('2023-01-13 15:31:25 +0100').to_time} Logoff Time: Never Expires (inf) Kick Off Time: Never Expires (inf) Password Last Set: No Time Set (0) @@ -602,7 +602,7 @@ Logon Domain Name: 'WINDOMAIN.LOCAL' Client Info: Name: 'Administrator' - Client ID: #{Time.parse('2023-01-13 14:31:25 +0000').to_time} + Client ID: #{Time.parse('2023-01-13 15:31:25 +0100').to_time} Pac Server Checksum: Signature: 81a20da731b3b9bdd2e756dc Pac Privilege Server Checksum: @@ -630,10 +630,10 @@ Addresses: 0 Authdatas: 0 Times: - Auth time: #{Time.parse('2023-01-13 14:31:25 +0000').to_time} - Start time: #{Time.parse('2023-01-13 14:31:25 +0000').to_time} - End time: #{Time.parse('2033-01-10 14:31:25 +0000').to_time} - Renew Till: #{Time.parse('2033-01-10 14:31:25 +0000').to_time} + Auth time: #{Time.parse('2023-01-13 15:31:25 +0100').to_time} + Start time: #{Time.parse('2023-01-13 15:31:25 +0100').to_time} + End time: #{Time.parse('2033-01-10 15:31:25 +0100').to_time} + Renew Till: #{Time.parse('2033-01-10 15:31:25 +0100').to_time} Ticket: Ticket Version Number: 5 Realm: WINDOMAIN.LOCAL @@ -665,10 +665,10 @@ Addresses: 0 Authdatas: 0 Times: - Auth time: #{Time.parse('2023-01-13 14:36:39 +0000').to_time} - Start time: #{Time.parse('2023-01-13 14:36:39 +0000').to_time} - End time: #{Time.parse('2033-01-10 14:36:39 +0000').to_time} - Renew Till: #{Time.parse('2033-01-10 14:36:39 +0000').to_time} + Auth time: #{Time.parse('2023-01-13 15:36:39 +0100').to_time} + Start time: #{Time.parse('2023-01-13 15:36:39 +0100').to_time} + End time: #{Time.parse('2033-01-10 15:36:39 +0100').to_time} + Renew Till: #{Time.parse('2033-01-10 15:36:39 +0100').to_time} Ticket: Ticket Version Number: 5 Realm: WINDOMAIN.LOCAL @@ -678,10 +678,10 @@ Key Version Number: 2 Decrypted (with key: 88e4d9fabaecf3dec18dd80905521b29): Times: - Auth time: #{Time.parse('2023-01-13 14:36:39 +0000').to_time} - Start time: #{Time.parse('2023-01-13 14:36:39 +0000').to_time} - End time: #{Time.parse('2033-01-10 14:36:39 +0000').to_time} - Renew Till: #{Time.parse('2033-01-10 14:36:39 +0000').to_time} + Auth time: #{Time.parse('2023-01-13 15:36:39 +0100').to_time} + Start time: #{Time.parse('2023-01-13 15:36:39 +0100').to_time} + End time: #{Time.parse('2033-01-10 15:36:39 +0100').to_time} + Renew Till: #{Time.parse('2033-01-10 15:36:39 +0100').to_time} Client Addresses: 0 Transited: tr_type: 0, Contents: "" Client Name: 'Administrator' @@ -691,7 +691,7 @@ Flags: 0x50a00000 (FORWARDABLE, PROXIABLE, RENEWABLE, PRE_AUTHENT) PAC: Validation Info: - Logon Time: #{Time.parse('2023-01-13 14:36:39 +0000').to_time} + Logon Time: #{Time.parse('2023-01-13 15:36:39 +0100').to_time} Logoff Time: Never Expires (inf) Kick Off Time: Never Expires (inf) Password Last Set: No Time Set (0) @@ -792,7 +792,7 @@ Logon Domain Name: 'WINDOMAIN.LOCAL' Client Info: Name: 'Administrator' - Client ID: #{Time.parse('2023-01-13 14:36:39 +0000').to_time} + Client ID: #{Time.parse('2023-01-13 15:36:39 +0100').to_time} Pac Server Checksum: Signature: 1a038d8dd257a7d9b875280259ab0e4a Pac Privilege Server Checksum: @@ -820,10 +820,10 @@ Addresses: 0 Authdatas: 0 Times: - Auth time: #{Time.parse('2023-01-13 14:36:39 +0000').to_time} - Start time: #{Time.parse('2023-01-13 14:36:39 +0000').to_time} - End time: #{Time.parse('2033-01-10 14:36:39 +0000').to_time} - Renew Till: #{Time.parse('2033-01-10 14:36:39 +0000').to_time} + Auth time: #{Time.parse('2023-01-13 15:36:39 +0100').to_time} + Start time: #{Time.parse('2023-01-13 15:36:39 +0100').to_time} + End time: #{Time.parse('2033-01-10 15:36:39 +0100').to_time} + Renew Till: #{Time.parse('2033-01-10 15:36:39 +0100').to_time} Ticket: Ticket Version Number: 5 Realm: WINDOMAIN.LOCAL diff --git a/spec/modules/auxiliary/admin/kerberos/keytab_spec.rb b/spec/modules/auxiliary/admin/kerberos/keytab_spec.rb index cc3e2bd9496f..1bf57fa3de48 100644 --- a/spec/modules/auxiliary/admin/kerberos/keytab_spec.rb +++ b/spec/modules/auxiliary/admin/kerberos/keytab_spec.rb @@ -79,7 +79,7 @@ kvno type principal hash date ---- ---- --------- ---- ---- - 1 18 (AES256) Administrator@DOMAIN.LOCAL c4a3f31d64afa648a6d08d0776563e1238b976d0b90f79ea072194368294e929 #{Time.parse('1970-01-01 00:00:00 +0000').to_time} + 1 18 (AES256) Administrator@DOMAIN.LOCAL c4a3f31d64afa648a6d08d0776563e1238b976d0b90f79ea072194368294e929 #{Time.parse('1970-01-01 01:00:00 +0100').to_time} TABLE end end @@ -101,11 +101,11 @@ kvno type principal hash date ---- ---- --------- ---- ---- - 1 3 (DES_CBC_MD5) Administrator@DOMAIN.LOCAL 89d3b923d6a7195e #{Time.parse('1970-01-01 00:00:00 +0000').to_time} - 1 16 (DES3_CBC_SHA1) Administrator@DOMAIN.LOCAL 341994e0ba5b1a20d640911cda23c137b637d51a6416d6cb #{Time.parse('1970-01-01 00:00:00 +0000').to_time} - 1 23 (RC4_HMAC) Administrator@DOMAIN.LOCAL 8846f7eaee8fb117ad06bdd830b7586c #{Time.parse('1970-01-01 00:00:00 +0000').to_time} - 1 17 (AES128) Administrator@DOMAIN.LOCAL baba43a8b97baca153bd54b2f0774ad7 #{Time.parse('1970-01-01 00:00:00 +0000').to_time} - 1 18 (AES256) Administrator@DOMAIN.LOCAL c4a3f31d64afa648a6d08d0776563e1238b976d0b90f79ea072194368294e929 #{Time.parse('1970-01-01 00:00:00 +0000').to_time} + 1 3 (DES_CBC_MD5) Administrator@DOMAIN.LOCAL 89d3b923d6a7195e #{Time.parse('1970-01-01 01:00:00 +0100').to_time} + 1 16 (DES3_CBC_SHA1) Administrator@DOMAIN.LOCAL 341994e0ba5b1a20d640911cda23c137b637d51a6416d6cb #{Time.parse('1970-01-01 01:00:00 +0100').to_time} + 1 23 (RC4_HMAC) Administrator@DOMAIN.LOCAL 8846f7eaee8fb117ad06bdd830b7586c #{Time.parse('1970-01-01 01:00:00 +0100').to_time} + 1 17 (AES128) Administrator@DOMAIN.LOCAL baba43a8b97baca153bd54b2f0774ad7 #{Time.parse('1970-01-01 01:00:00 +0100').to_time} + 1 18 (AES256) Administrator@DOMAIN.LOCAL c4a3f31d64afa648a6d08d0776563e1238b976d0b90f79ea072194368294e929 #{Time.parse('1970-01-01 01:00:00 +0100').to_time} TABLE end @@ -128,7 +128,7 @@ kvno type principal hash date ---- ---- --------- ---- ---- - 1 18 (AES256) Administrator@DOMAIN.LOCAL c4a3f31d64afa648a6d08d0776563e1238b976d0b90f79ea072194368294e929 #{Time.parse('1970-01-01 00:00:00 +0000').to_time} + 1 18 (AES256) Administrator@DOMAIN.LOCAL c4a3f31d64afa648a6d08d0776563e1238b976d0b90f79ea072194368294e929 #{Time.parse('1970-01-01 01:00:00 +0100').to_time} TABLE end end @@ -157,10 +157,10 @@ kvno type principal hash date ---- ---- --------- ---- ---- - 1 18 (AES256) Administrator@DOMAIN.LOCAL c4a3f31d64afa648a6d08d0776563e1238b976d0b90f79ea072194368294e929 #{Time.parse('2022-10-01 17:51:29 +0000').to_time} - 1 17 (AES128) Administrator@DOMAIN.LOCAL baba43a8b97baca153bd54b2f0774ad7 #{Time.parse('2022-10-01 17:51:29 +0000').to_time} - 1 23 (RC4_HMAC) Administrator@DOMAIN.LOCAL 8846f7eaee8fb117ad06bdd830b7586c #{Time.parse('2022-10-01 17:51:29 +0000').to_time} - 1 18 (AES256) Administrator@DOMAIN.LOCAL c4a3f31d64afa648a6d08d0776563e1238b976d0b90f79ea072194368294e929 #{Time.parse('1970-01-01 00:00:00 +0000').to_time} + 1 18 (AES256) Administrator@DOMAIN.LOCAL c4a3f31d64afa648a6d08d0776563e1238b976d0b90f79ea072194368294e929 #{Time.parse('2022-10-01 19:51:29 +0200').to_time} + 1 17 (AES128) Administrator@DOMAIN.LOCAL baba43a8b97baca153bd54b2f0774ad7 #{Time.parse('2022-10-01 19:51:29 +0200').to_time} + 1 23 (RC4_HMAC) Administrator@DOMAIN.LOCAL 8846f7eaee8fb117ad06bdd830b7586c #{Time.parse('2022-10-01 19:51:29 +0200').to_time} + 1 18 (AES256) Administrator@DOMAIN.LOCAL c4a3f31d64afa648a6d08d0776563e1238b976d0b90f79ea072194368294e929 #{Time.parse('1970-01-01 01:00:00 +0100').to_time} TABLE end end @@ -188,9 +188,9 @@ kvno type principal hash date ---- ---- --------- ---- ---- - 1 18 (AES256) Administrator@DOMAIN.LOCAL c4a3f31d64afa648a6d08d0776563e1238b976d0b90f79ea072194368294e929 #{Time.parse('2022-10-01 17:51:29 +0000').to_time} - 1 17 (AES128) Administrator@DOMAIN.LOCAL baba43a8b97baca153bd54b2f0774ad7 #{Time.parse('2022-10-01 17:51:29 +0000').to_time} - 1 23 (RC4_HMAC) Administrator@DOMAIN.LOCAL 8846f7eaee8fb117ad06bdd830b7586c #{Time.parse('2022-10-01 17:51:29 +0000').to_time} + 1 18 (AES256) Administrator@DOMAIN.LOCAL c4a3f31d64afa648a6d08d0776563e1238b976d0b90f79ea072194368294e929 #{Time.parse('2022-10-01 19:51:29 +0200').to_time} + 1 17 (AES128) Administrator@DOMAIN.LOCAL baba43a8b97baca153bd54b2f0774ad7 #{Time.parse('2022-10-01 19:51:29 +0200').to_time} + 1 23 (RC4_HMAC) Administrator@DOMAIN.LOCAL 8846f7eaee8fb117ad06bdd830b7586c #{Time.parse('2022-10-01 19:51:29 +0200').to_time} TABLE end diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb index 6e0463ca4672..f009fca22100 100644 --- a/spec/spec_helper.rb +++ b/spec/spec_helper.rb @@ -99,7 +99,9 @@ config.order = :random if load_metasploit + # Run fixtures and examples in transactions to keep the database clean. config.use_transactional_fixtures = true + config.use_transactional_examples = true # rspec-rails 3 will no longer automatically infer an example group's spec type # from the file location. You can explicitly opt-in to the feature using this From 088a61c264190cbc0c2c9eb4bb37533c560ce320 Mon Sep 17 00:00:00 2001 From: Arne De Herdt Date: Wed, 13 Nov 2024 09:33:44 +0100 Subject: [PATCH 23/40] revert --- .../command_dispatcher/db/klist_spec.rb | 48 ++++++++-------- .../krb5_ccache_presenter_spec.rb | 28 +++++----- .../admin/kerberos/forge_ticket_spec.rb | 16 +++--- .../admin/kerberos/inspect_ticket_spec.rb | 56 +++++++++---------- .../auxiliary/admin/kerberos/keytab_spec.rb | 28 +++++----- 5 files changed, 88 insertions(+), 88 deletions(-) diff --git a/spec/lib/msf/ui/console/command_dispatcher/db/klist_spec.rb b/spec/lib/msf/ui/console/command_dispatcher/db/klist_spec.rb index 6ea4d99f93fc..d51739d50b8f 100644 --- a/spec/lib/msf/ui/console/command_dispatcher/db/klist_spec.rb +++ b/spec/lib/msf/ui/console/command_dispatcher/db/klist_spec.rb @@ -209,8 +209,8 @@ def as_ccache(data) ============== id host principal sname enctype issued status path -- ---- --------- ----- ------- ------ ------ ---- - [id] 192.0.2.2 Administrator@WINDOMAIN.LOCAL krbtgt/WINDOMAIN.LOCAL@WINDOMAIN.LOCAL AES256 #{Time.parse('2022-11-28 16:51:29 +0100').to_time} active #{valid_ccache_path} - [id] 192.0.2.24 Administrator@ADF3.LOCAL krbtgt/ADF3.LOCAL@ADF3.LOCAL AES256 #{Time.parse('2022-12-16 13:05:05 +0100').to_time} >>expired<< #{expired_ccache_path} + [id] 192.0.2.2 Administrator@WINDOMAIN.LOCAL krbtgt/WINDOMAIN.LOCAL@WINDOMAIN.LOCAL AES256 #{Time.parse('2022-11-28 15:51:29 +0000').to_time} active #{valid_ccache_path} + [id] 192.0.2.24 Administrator@ADF3.LOCAL krbtgt/ADF3.LOCAL@ADF3.LOCAL AES256 #{Time.parse('2022-12-16 12:05:05 +0000').to_time} >>expired<< #{expired_ccache_path} TABLE end end @@ -223,7 +223,7 @@ def as_ccache(data) ============== id host principal sname enctype issued status path -- ---- --------- ----- ------- ------ ------ ---- - [id] 192.0.2.2 Administrator@WINDOMAIN.LOCAL krbtgt/WINDOMAIN.LOCAL@WINDOMAIN.LOCAL AES256 #{Time.parse('2022-11-28 16:51:29 +0100').to_time} active #{valid_ccache_path} + [id] 192.0.2.2 Administrator@WINDOMAIN.LOCAL krbtgt/WINDOMAIN.LOCAL@WINDOMAIN.LOCAL AES256 #{Time.parse('2022-11-28 15:51:29 +0000').to_time} active #{valid_ccache_path} TABLE end end @@ -270,10 +270,10 @@ def as_ccache(data) Addresses: 0 Authdatas: 0 Times: - Auth time: #{Time.parse('2022-11-28 16:51:29 +0100').to_time} - Start time: #{Time.parse('2022-11-28 16:51:29 +0100').to_time} - End time: #{Time.parse('2032-11-25 16:51:29 +0100').to_time} - Renew Till: #{Time.parse('2032-11-25 16:51:29 +0100').to_time} + Auth time: #{Time.parse('2022-11-28 15:51:29 +0000').to_time} + Start time: #{Time.parse('2022-11-28 15:51:29 +0000').to_time} + End time: #{Time.parse('2032-11-25 15:51:29 +0000').to_time} + Renew Till: #{Time.parse('2032-11-25 15:51:29 +0000').to_time} Ticket: Ticket Version Number: 5 Realm: WINDOMAIN.LOCAL @@ -298,8 +298,8 @@ def as_ccache(data) ============== id host principal sname enctype issued status path -- ---- --------- ----- ------- ------ ------ ---- - [id] 192.0.2.2 Administrator@WINDOMAIN.LOCAL krbtgt/WINDOMAIN.LOCAL@WINDOMAIN.LOCAL AES256 #{Time.parse('2022-11-28 16:51:29 +0100').to_time} active #{old_valid_ccache_path} - [id] 192.0.2.24 Administrator@ADF3.LOCAL krbtgt/ADF3.LOCAL@ADF3.LOCAL AES256 #{Time.parse('2022-12-16 13:05:05 +0100').to_time} >>expired<< #{old_expired_ccache_path} + [id] 192.0.2.2 Administrator@WINDOMAIN.LOCAL krbtgt/WINDOMAIN.LOCAL@WINDOMAIN.LOCAL AES256 #{Time.parse('2022-11-28 15:51:29 +0000').to_time} active #{old_valid_ccache_path} + [id] 192.0.2.24 Administrator@ADF3.LOCAL krbtgt/ADF3.LOCAL@ADF3.LOCAL AES256 #{Time.parse('2022-12-16 12:05:05 +0000').to_time} >>expired<< #{old_expired_ccache_path} Deleted 2 entries TABLE expect(kerberos_ticket_storage.tickets.length).to eq(0) @@ -314,7 +314,7 @@ def as_ccache(data) ============== id host principal sname enctype issued status path -- ---- --------- ----- ------- ------ ------ ---- - [id] 192.0.2.2 Administrator@WINDOMAIN.LOCAL krbtgt/WINDOMAIN.LOCAL@WINDOMAIN.LOCAL AES256 #{Time.parse('2022-11-28 16:51:29 +0100').to_time} active #{valid_ccache_path} + [id] 192.0.2.2 Administrator@WINDOMAIN.LOCAL krbtgt/WINDOMAIN.LOCAL@WINDOMAIN.LOCAL AES256 #{Time.parse('2022-11-28 15:51:29 +0000').to_time} active #{valid_ccache_path} TABLE end end @@ -327,8 +327,8 @@ def as_ccache(data) ============== id host principal sname enctype issued status path -- ---- --------- ----- ------- ------ ------ ---- - [id] 192.0.2.2 Administrator@WINDOMAIN.LOCAL krbtgt/WINDOMAIN.LOCAL@WINDOMAIN.LOCAL AES256 #{Time.parse('2022-11-28 16:51:29 +0100').to_time} active #{valid_ccache_path} - [id] 192.0.2.24 Administrator@ADF3.LOCAL krbtgt/ADF3.LOCAL@ADF3.LOCAL AES256 #{Time.parse('2022-12-16 13:05:05 +0100').to_time} >>expired<< #{expired_ccache_path} + [id] 192.0.2.2 Administrator@WINDOMAIN.LOCAL krbtgt/WINDOMAIN.LOCAL@WINDOMAIN.LOCAL AES256 #{Time.parse('2022-11-28 15:51:29 +0000').to_time} active #{valid_ccache_path} + [id] 192.0.2.24 Administrator@ADF3.LOCAL krbtgt/ADF3.LOCAL@ADF3.LOCAL AES256 #{Time.parse('2022-12-16 12:05:05 +0000').to_time} >>expired<< #{expired_ccache_path} TABLE end end @@ -341,8 +341,8 @@ def as_ccache(data) ============== id host principal sname enctype issued status path -- ---- --------- ----- ------- ------ ------ ---- - [id] 192.0.2.2 Administrator@WINDOMAIN.LOCAL krbtgt/WINDOMAIN.LOCAL@WINDOMAIN.LOCAL AES256 #{Time.parse('2022-11-28 16:51:29 +0100').to_time} active #{valid_ccache_path} - [id] 192.0.2.24 Administrator@ADF3.LOCAL krbtgt/ADF3.LOCAL@ADF3.LOCAL AES256 #{Time.parse('2022-12-16 13:05:05 +0100').to_time} >>expired<< #{expired_ccache_path} + [id] 192.0.2.2 Administrator@WINDOMAIN.LOCAL krbtgt/WINDOMAIN.LOCAL@WINDOMAIN.LOCAL AES256 #{Time.parse('2022-11-28 15:51:29 +0000').to_time} active #{valid_ccache_path} + [id] 192.0.2.24 Administrator@ADF3.LOCAL krbtgt/ADF3.LOCAL@ADF3.LOCAL AES256 #{Time.parse('2022-12-16 12:05:05 +0000').to_time} >>expired<< #{expired_ccache_path} TABLE end end @@ -355,8 +355,8 @@ def as_ccache(data) ============== id host principal sname enctype issued status path -- ---- --------- ----- ------- ------ ------ ---- - [id] 192.0.2.2 Administrator@WINDOMAIN.LOCAL krbtgt/WINDOMAIN.LOCAL@WINDOMAIN.LOCAL AES256 #{Time.parse('2022-11-28 16:51:29 +0100').to_time} active #{valid_ccache_path} - [id] 192.0.2.24 Administrator@ADF3.LOCAL krbtgt/ADF3.LOCAL@ADF3.LOCAL AES256 #{Time.parse('2022-12-16 13:05:05 +0100').to_time} >>expired<< #{expired_ccache_path} + [id] 192.0.2.2 Administrator@WINDOMAIN.LOCAL krbtgt/WINDOMAIN.LOCAL@WINDOMAIN.LOCAL AES256 #{Time.parse('2022-11-28 15:51:29 +0000').to_time} active #{valid_ccache_path} + [id] 192.0.2.24 Administrator@ADF3.LOCAL krbtgt/ADF3.LOCAL@ADF3.LOCAL AES256 #{Time.parse('2022-12-16 12:05:05 +0000').to_time} >>expired<< #{expired_ccache_path} TABLE end end @@ -369,8 +369,8 @@ def as_ccache(data) ============== id host principal sname enctype issued status path -- ---- --------- ----- ------- ------ ------ ---- - [id] 192.0.2.2 Administrator@WINDOMAIN.LOCAL krbtgt/WINDOMAIN.LOCAL@WINDOMAIN.LOCAL AES256 #{Time.parse('2022-11-28 16:51:29 +0100').to_time} active #{valid_ccache_path} - [id] 192.0.2.24 Administrator@ADF3.LOCAL krbtgt/ADF3.LOCAL@ADF3.LOCAL AES256 #{Time.parse('2022-12-16 13:05:05 +0100').to_time} >>expired<< #{expired_ccache_path} + [id] 192.0.2.2 Administrator@WINDOMAIN.LOCAL krbtgt/WINDOMAIN.LOCAL@WINDOMAIN.LOCAL AES256 #{Time.parse('2022-11-28 15:51:29 +0000').to_time} active #{valid_ccache_path} + [id] 192.0.2.24 Administrator@ADF3.LOCAL krbtgt/ADF3.LOCAL@ADF3.LOCAL AES256 #{Time.parse('2022-12-16 12:05:05 +0000').to_time} >>expired<< #{expired_ccache_path} TABLE end end @@ -420,8 +420,8 @@ def as_ccache(data) ============== id host principal sname enctype issued status path -- ---- --------- ----- ------- ------ ------ ---- - [id] 192.0.2.2 Administrator@WINDOMAIN.LOCAL krbtgt/WINDOMAIN.LOCAL@WINDOMAIN.LOCAL AES256 #{Time.parse('2022-11-28 16:51:29 +0100').to_time} inactive #{valid_ccache_path} - [id] 192.0.2.24 Administrator@ADF3.LOCAL krbtgt/ADF3.LOCAL@ADF3.LOCAL AES256 #{Time.parse('2022-12-16 13:05:05 +0100').to_time} >>expired<< #{expired_ccache_path} + [id] 192.0.2.2 Administrator@WINDOMAIN.LOCAL krbtgt/WINDOMAIN.LOCAL@WINDOMAIN.LOCAL AES256 #{Time.parse('2022-11-28 15:51:29 +0000').to_time} inactive #{valid_ccache_path} + [id] 192.0.2.24 Administrator@ADF3.LOCAL krbtgt/ADF3.LOCAL@ADF3.LOCAL AES256 #{Time.parse('2022-12-16 12:05:05 +0000').to_time} >>expired<< #{expired_ccache_path} Deactivated 2 entries TABLE end @@ -441,8 +441,8 @@ def as_ccache(data) ============== id host principal sname enctype issued status path -- ---- --------- ----- ------- ------ ------ ---- - [id] 192.0.2.2 Administrator@WINDOMAIN.LOCAL krbtgt/WINDOMAIN.LOCAL@WINDOMAIN.LOCAL AES256 #{Time.parse('2022-11-28 16:51:29 +0100').to_time} active #{valid_ccache_path} - [id] 192.0.2.24 Administrator@ADF3.LOCAL krbtgt/ADF3.LOCAL@ADF3.LOCAL AES256 #{Time.parse('2022-12-16 13:05:05 +0100').to_time} >>expired<< #{expired_ccache_path} + [id] 192.0.2.2 Administrator@WINDOMAIN.LOCAL krbtgt/WINDOMAIN.LOCAL@WINDOMAIN.LOCAL AES256 #{Time.parse('2022-11-28 15:51:29 +0000').to_time} active #{valid_ccache_path} + [id] 192.0.2.24 Administrator@ADF3.LOCAL krbtgt/ADF3.LOCAL@ADF3.LOCAL AES256 #{Time.parse('2022-12-16 12:05:05 +0000').to_time} >>expired<< #{expired_ccache_path} Activated 2 entries TABLE end @@ -459,7 +459,7 @@ def as_ccache(data) ============== id host principal sname enctype issued status path -- ---- --------- ----- ------- ------ ------ ---- - [id] 192.0.2.2 Administrator@WINDOMAIN.LOCAL krbtgt/WINDOMAIN.LOCAL@WINDOMAIN.LOCAL AES256 #{Time.parse('2022-11-28 16:51:29 +0100').to_time} active #{old_valid_ccache_path} + [id] 192.0.2.2 Administrator@WINDOMAIN.LOCAL krbtgt/WINDOMAIN.LOCAL@WINDOMAIN.LOCAL AES256 #{Time.parse('2022-11-28 15:51:29 +0000').to_time} active #{old_valid_ccache_path} Deleted 1 entry TABLE expect(kerberos_ticket_storage.tickets.length).to eq(1) @@ -474,7 +474,7 @@ def as_ccache(data) ============== id host principal sname enctype issued status path -- ---- --------- ----- ------- ------ ------ ---- - [id] 192.0.2.2 Administrator@WINDOMAIN.LOCAL krbtgt/WINDOMAIN.LOCAL@WINDOMAIN.LOCAL AES256 #{Time.parse('2022-11-28 16:51:29 +0100').to_time} inactive #{valid_ccache_path} + [id] 192.0.2.2 Administrator@WINDOMAIN.LOCAL krbtgt/WINDOMAIN.LOCAL@WINDOMAIN.LOCAL AES256 #{Time.parse('2022-11-28 15:51:29 +0000').to_time} inactive #{valid_ccache_path} Deactivated 1 entry TABLE end diff --git a/spec/lib/rex/proto/kerberos/credential_cache/krb5_ccache_presenter_spec.rb b/spec/lib/rex/proto/kerberos/credential_cache/krb5_ccache_presenter_spec.rb index 4f27e89e3296..b23f7a9eaff7 100644 --- a/spec/lib/rex/proto/kerberos/credential_cache/krb5_ccache_presenter_spec.rb +++ b/spec/lib/rex/proto/kerberos/credential_cache/krb5_ccache_presenter_spec.rb @@ -124,10 +124,10 @@ Addresses: 0 Authdatas: 0 Times: - Auth time: #{Time.parse('2022-11-28 16:51:29 +0100').to_time} - Start time: #{Time.parse('2022-11-28 16:51:29 +0100').to_time} - End time: #{Time.parse('2032-11-25 16:51:29 +0100').to_time} - Renew Till: #{Time.parse('2032-11-25 16:51:29 +0100').to_time} + Auth time: #{Time.parse('2022-11-28 15:51:29 +0000').to_time} + Start time: #{Time.parse('2022-11-28 15:51:29 +0000').to_time} + End time: #{Time.parse('2032-11-25 15:51:29 +0000').to_time} + Renew Till: #{Time.parse('2032-11-25 15:51:29 +0000').to_time} Ticket: Ticket Version Number: 5 Realm: WINDOMAIN.LOCAL @@ -157,10 +157,10 @@ Addresses: 0 Authdatas: 0 Times: - Auth time: #{Time.parse('2022-11-28 16:51:29 +0100').to_time} - Start time: #{Time.parse('2022-11-28 16:51:29 +0100').to_time} - End time: #{Time.parse('2032-11-25 16:51:29 +0100').to_time} - Renew Till: #{Time.parse('2032-11-25 16:51:29 +0100').to_time} + Auth time: #{Time.parse('2022-11-28 15:51:29 +0000').to_time} + Start time: #{Time.parse('2022-11-28 15:51:29 +0000').to_time} + End time: #{Time.parse('2032-11-25 15:51:29 +0000').to_time} + Renew Till: #{Time.parse('2032-11-25 15:51:29 +0000').to_time} Ticket: Ticket Version Number: 5 Realm: WINDOMAIN.LOCAL @@ -170,10 +170,10 @@ Key Version Number: 2 Decrypted (with key: 4b912be0366a6f37f4a7d571bee18b1173d93195ef76f8d1e3e81ef6172ab326): Times: - Auth time: #{Time.parse('2022-11-28 16:51:29 +0100').to_time} - Start time: #{Time.parse('2022-11-28 16:51:29 +0100').to_time} - End time: #{Time.parse('2032-11-25 16:51:29 +0100').to_time} - Renew Till: #{Time.parse('2032-11-25 16:51:29 +0100').to_time} + Auth time: #{Time.parse('2022-11-28 15:51:29 +0000').to_time} + Start time: #{Time.parse('2022-11-28 15:51:29 +0000').to_time} + End time: #{Time.parse('2032-11-25 15:51:29 +0000').to_time} + Renew Till: #{Time.parse('2032-11-25 15:51:29 +0000').to_time} Client Addresses: 0 Transited: tr_type: 0, Contents: "" Client Name: 'Administrator' @@ -183,7 +183,7 @@ Flags: 0x50e00000 (FORWARDABLE, PROXIABLE, RENEWABLE, INITIAL, PRE_AUTHENT) PAC: Validation Info: - Logon Time: #{Time.parse('2022-11-28 16:51:29 +0100').to_time} + Logon Time: #{Time.parse('2022-11-28 15:51:29 +0000').to_time} Logoff Time: Never Expires (inf) Kick Off Time: Never Expires (inf) Password Last Set: No Time Set (0) @@ -284,7 +284,7 @@ Logon Domain Name: 'WINDOMAIN.LOCAL' Client Info: Name: 'Administrator' - Client ID: #{Time.parse('2022-11-28 16:51:29 +0100').to_time} + Client ID: #{Time.parse('2022-11-28 15:51:29 +0000').to_time} Pac Server Checksum: Signature: 5eb9400bcab42babcd598210 Pac Privilege Server Checksum: diff --git a/spec/modules/auxiliary/admin/kerberos/forge_ticket_spec.rb b/spec/modules/auxiliary/admin/kerberos/forge_ticket_spec.rb index 0def48ed114a..b64200d39776 100644 --- a/spec/modules/auxiliary/admin/kerberos/forge_ticket_spec.rb +++ b/spec/modules/auxiliary/admin/kerberos/forge_ticket_spec.rb @@ -56,8 +56,8 @@ Addresses: 0 Authdatas: 0 Times: - Auth time: #{Time.parse(' 2022-07-15 14:33:40 +0200').to_time} - Start time: #{Time.parse(' 2022-07-15 14:33:40 +0200').to_time} + Auth time: #{Time.parse('2022-07-15 13:33:40 +0100').to_time} + Start time: #{Time.parse('2022-07-15 13:33:40 +0100').to_time} End time: #{Time.parse('2032-07-12 13:33:40 +0100').to_time} Renew Till: #{Time.parse('2032-07-12 13:33:40 +0100').to_time} Ticket: @@ -69,10 +69,10 @@ Key Version Number: 2 Decrypted (with key: 767400b2c71afa35a5dca216f2389cd9): Times: - Auth time: #{Time.parse('2022-07-15 12:33:40 +0000').to_time} - Start time: #{Time.parse('2022-07-15 12:33:40 +0000').to_time} - End time: #{Time.parse('2032-07-12 12:33:40 +0000').to_time} - Renew Till: #{Time.parse('2032-07-12 12:33:40 +0000').to_time} + Auth time: #{Time.parse('2022-07-15 12:33:40 UTC').to_time} + Start time: #{Time.parse('2022-07-15 12:33:40 UTC').to_time} + End time: #{Time.parse('2032-07-12 12:33:40 UTC').to_time} + Renew Till: #{Time.parse('2032-07-12 12:33:40 UTC').to_time} Client Addresses: 0 Transited: tr_type: 0, Contents: "" Client Name: 'Administrator' @@ -82,7 +82,7 @@ Flags: 0x50e00000 (FORWARDABLE, PROXIABLE, RENEWABLE, INITIAL, PRE_AUTHENT) PAC: Validation Info: - Logon Time: #{Time.parse(' 2022-07-15 14:33:40 +0200').to_time} + Logon Time: #{Time.parse('2022-07-15 13:33:40 +0100').to_time} Logoff Time: Never Expires (inf) Kick Off Time: Never Expires (inf) Password Last Set: No Time Set (0) @@ -185,7 +185,7 @@ Logon Domain Name: 'DEMO.LOCAL' Client Info: Name: 'Administrator' - Client ID: #{Time.parse(' 2022-07-15 14:33:40 +0200').to_time} + Client ID: #{Time.parse('2022-07-15 13:33:40 +0100').to_time} Pac Requestor: SID: S-1-5-21-1266190811-2419310613-1856291569-500 Pac Attributes: diff --git a/spec/modules/auxiliary/admin/kerberos/inspect_ticket_spec.rb b/spec/modules/auxiliary/admin/kerberos/inspect_ticket_spec.rb index f20ea326cf53..7c828d93932f 100644 --- a/spec/modules/auxiliary/admin/kerberos/inspect_ticket_spec.rb +++ b/spec/modules/auxiliary/admin/kerberos/inspect_ticket_spec.rb @@ -475,10 +475,10 @@ Addresses: 0 Authdatas: 0 Times: - Auth time: #{Time.parse('2023-01-13 15:31:25 +0100').to_time} - Start time: #{Time.parse('2023-01-13 15:31:25 +0100').to_time} - End time: #{Time.parse('2033-01-10 15:31:25 +0100').to_time} - Renew Till: #{Time.parse('2033-01-10 15:31:25 +0100').to_time} + Auth time: #{Time.parse('2023-01-13 14:31:25 UTC').to_time} + Start time: #{Time.parse('2023-01-13 14:31:25 UTC').to_time} + End time: #{Time.parse('2033-01-10 14:31:25 UTC').to_time} + Renew Till: #{Time.parse('2033-01-10 14:31:25 UTC').to_time} Ticket: Ticket Version Number: 5 Realm: WINDOMAIN.LOCAL @@ -488,10 +488,10 @@ Key Version Number: 2 Decrypted (with key: 4b912be0366a6f37f4a7d571bee18b1173d93195ef76f8d1e3e81ef6172ab326): Times: - Auth time: #{Time.parse('2023-01-13 15:31:25 +0100').to_time} - Start time: #{Time.parse('2023-01-13 15:31:25 +0100').to_time} - End time: #{Time.parse('2033-01-10 15:31:25 +0100').to_time} - Renew Till: #{Time.parse('2033-01-10 15:31:25 +0100').to_time} + Auth time: #{Time.parse('2023-01-13 14:31:25 UTC').to_time} + Start time: #{Time.parse('2023-01-13 14:31:25 UTC').to_time} + End time: #{Time.parse('2033-01-10 14:31:25 UTC').to_time} + Renew Till: #{Time.parse('2033-01-10 14:31:25 UTC').to_time} Client Addresses: 0 Transited: tr_type: 0, Contents: "" Client Name: 'Administrator' @@ -501,7 +501,7 @@ Flags: 0x50a00000 (FORWARDABLE, PROXIABLE, RENEWABLE, PRE_AUTHENT) PAC: Validation Info: - Logon Time: #{Time.parse('2023-01-13 15:31:25 +0100').to_time} + Logon Time: #{Time.parse('2023-01-13 14:31:25 UTC').to_time} Logoff Time: Never Expires (inf) Kick Off Time: Never Expires (inf) Password Last Set: No Time Set (0) @@ -602,7 +602,7 @@ Logon Domain Name: 'WINDOMAIN.LOCAL' Client Info: Name: 'Administrator' - Client ID: #{Time.parse('2023-01-13 15:31:25 +0100').to_time} + Client ID: #{Time.parse('2023-01-13 14:31:25 UTC').to_time} Pac Server Checksum: Signature: 81a20da731b3b9bdd2e756dc Pac Privilege Server Checksum: @@ -630,10 +630,10 @@ Addresses: 0 Authdatas: 0 Times: - Auth time: #{Time.parse('2023-01-13 15:31:25 +0100').to_time} - Start time: #{Time.parse('2023-01-13 15:31:25 +0100').to_time} - End time: #{Time.parse('2033-01-10 15:31:25 +0100').to_time} - Renew Till: #{Time.parse('2033-01-10 15:31:25 +0100').to_time} + Auth time: #{Time.parse('2023-01-13 14:31:25 UTC').to_time} + Start time: #{Time.parse('2023-01-13 14:31:25 UTC').to_time} + End time: #{Time.parse('2033-01-10 14:31:25 UTC').to_time} + Renew Till: #{Time.parse('2033-01-10 14:31:25 UTC').to_time} Ticket: Ticket Version Number: 5 Realm: WINDOMAIN.LOCAL @@ -665,10 +665,10 @@ Addresses: 0 Authdatas: 0 Times: - Auth time: #{Time.parse('2023-01-13 15:36:39 +0100').to_time} - Start time: #{Time.parse('2023-01-13 15:36:39 +0100').to_time} - End time: #{Time.parse('2033-01-10 15:36:39 +0100').to_time} - Renew Till: #{Time.parse('2033-01-10 15:36:39 +0100').to_time} + Auth time: #{Time.parse('2023-01-13 14:36:39 UTC').to_time} + Start time: #{Time.parse('2023-01-13 14:36:39 UTC').to_time} + End time: #{Time.parse('2033-01-10 14:36:39 UTC').to_time} + Renew Till: #{Time.parse('2033-01-10 14:36:39 UTC').to_time} Ticket: Ticket Version Number: 5 Realm: WINDOMAIN.LOCAL @@ -678,10 +678,10 @@ Key Version Number: 2 Decrypted (with key: 88e4d9fabaecf3dec18dd80905521b29): Times: - Auth time: #{Time.parse('2023-01-13 15:36:39 +0100').to_time} - Start time: #{Time.parse('2023-01-13 15:36:39 +0100').to_time} - End time: #{Time.parse('2033-01-10 15:36:39 +0100').to_time} - Renew Till: #{Time.parse('2033-01-10 15:36:39 +0100').to_time} + Auth time: #{Time.parse('2023-01-13 14:36:39 UTC').to_time} + Start time: #{Time.parse('2023-01-13 14:36:39 UTC').to_time} + End time: #{Time.parse('2033-01-10 14:36:39 UTC').to_time} + Renew Till: #{Time.parse('2033-01-10 14:36:39 UTC').to_time} Client Addresses: 0 Transited: tr_type: 0, Contents: "" Client Name: 'Administrator' @@ -691,7 +691,7 @@ Flags: 0x50a00000 (FORWARDABLE, PROXIABLE, RENEWABLE, PRE_AUTHENT) PAC: Validation Info: - Logon Time: #{Time.parse('2023-01-13 15:36:39 +0100').to_time} + Logon Time: #{Time.parse('2023-01-13 14:36:39 UTC').to_time} Logoff Time: Never Expires (inf) Kick Off Time: Never Expires (inf) Password Last Set: No Time Set (0) @@ -792,7 +792,7 @@ Logon Domain Name: 'WINDOMAIN.LOCAL' Client Info: Name: 'Administrator' - Client ID: #{Time.parse('2023-01-13 15:36:39 +0100').to_time} + Client ID: #{Time.parse('2023-01-13 14:36:39 UTC').to_time} Pac Server Checksum: Signature: 1a038d8dd257a7d9b875280259ab0e4a Pac Privilege Server Checksum: @@ -820,10 +820,10 @@ Addresses: 0 Authdatas: 0 Times: - Auth time: #{Time.parse('2023-01-13 15:36:39 +0100').to_time} - Start time: #{Time.parse('2023-01-13 15:36:39 +0100').to_time} - End time: #{Time.parse('2033-01-10 15:36:39 +0100').to_time} - Renew Till: #{Time.parse('2033-01-10 15:36:39 +0100').to_time} + Auth time: #{Time.parse('2023-01-13 14:36:39 UTC').to_time} + Start time: #{Time.parse('2023-01-13 14:36:39 UTC').to_time} + End time: #{Time.parse('2033-01-10 14:36:39 UTC').to_time} + Renew Till: #{Time.parse('2033-01-10 14:36:39 UTC').to_time} Ticket: Ticket Version Number: 5 Realm: WINDOMAIN.LOCAL diff --git a/spec/modules/auxiliary/admin/kerberos/keytab_spec.rb b/spec/modules/auxiliary/admin/kerberos/keytab_spec.rb index 1bf57fa3de48..cc3e2bd9496f 100644 --- a/spec/modules/auxiliary/admin/kerberos/keytab_spec.rb +++ b/spec/modules/auxiliary/admin/kerberos/keytab_spec.rb @@ -79,7 +79,7 @@ kvno type principal hash date ---- ---- --------- ---- ---- - 1 18 (AES256) Administrator@DOMAIN.LOCAL c4a3f31d64afa648a6d08d0776563e1238b976d0b90f79ea072194368294e929 #{Time.parse('1970-01-01 01:00:00 +0100').to_time} + 1 18 (AES256) Administrator@DOMAIN.LOCAL c4a3f31d64afa648a6d08d0776563e1238b976d0b90f79ea072194368294e929 #{Time.parse('1970-01-01 00:00:00 +0000').to_time} TABLE end end @@ -101,11 +101,11 @@ kvno type principal hash date ---- ---- --------- ---- ---- - 1 3 (DES_CBC_MD5) Administrator@DOMAIN.LOCAL 89d3b923d6a7195e #{Time.parse('1970-01-01 01:00:00 +0100').to_time} - 1 16 (DES3_CBC_SHA1) Administrator@DOMAIN.LOCAL 341994e0ba5b1a20d640911cda23c137b637d51a6416d6cb #{Time.parse('1970-01-01 01:00:00 +0100').to_time} - 1 23 (RC4_HMAC) Administrator@DOMAIN.LOCAL 8846f7eaee8fb117ad06bdd830b7586c #{Time.parse('1970-01-01 01:00:00 +0100').to_time} - 1 17 (AES128) Administrator@DOMAIN.LOCAL baba43a8b97baca153bd54b2f0774ad7 #{Time.parse('1970-01-01 01:00:00 +0100').to_time} - 1 18 (AES256) Administrator@DOMAIN.LOCAL c4a3f31d64afa648a6d08d0776563e1238b976d0b90f79ea072194368294e929 #{Time.parse('1970-01-01 01:00:00 +0100').to_time} + 1 3 (DES_CBC_MD5) Administrator@DOMAIN.LOCAL 89d3b923d6a7195e #{Time.parse('1970-01-01 00:00:00 +0000').to_time} + 1 16 (DES3_CBC_SHA1) Administrator@DOMAIN.LOCAL 341994e0ba5b1a20d640911cda23c137b637d51a6416d6cb #{Time.parse('1970-01-01 00:00:00 +0000').to_time} + 1 23 (RC4_HMAC) Administrator@DOMAIN.LOCAL 8846f7eaee8fb117ad06bdd830b7586c #{Time.parse('1970-01-01 00:00:00 +0000').to_time} + 1 17 (AES128) Administrator@DOMAIN.LOCAL baba43a8b97baca153bd54b2f0774ad7 #{Time.parse('1970-01-01 00:00:00 +0000').to_time} + 1 18 (AES256) Administrator@DOMAIN.LOCAL c4a3f31d64afa648a6d08d0776563e1238b976d0b90f79ea072194368294e929 #{Time.parse('1970-01-01 00:00:00 +0000').to_time} TABLE end @@ -128,7 +128,7 @@ kvno type principal hash date ---- ---- --------- ---- ---- - 1 18 (AES256) Administrator@DOMAIN.LOCAL c4a3f31d64afa648a6d08d0776563e1238b976d0b90f79ea072194368294e929 #{Time.parse('1970-01-01 01:00:00 +0100').to_time} + 1 18 (AES256) Administrator@DOMAIN.LOCAL c4a3f31d64afa648a6d08d0776563e1238b976d0b90f79ea072194368294e929 #{Time.parse('1970-01-01 00:00:00 +0000').to_time} TABLE end end @@ -157,10 +157,10 @@ kvno type principal hash date ---- ---- --------- ---- ---- - 1 18 (AES256) Administrator@DOMAIN.LOCAL c4a3f31d64afa648a6d08d0776563e1238b976d0b90f79ea072194368294e929 #{Time.parse('2022-10-01 19:51:29 +0200').to_time} - 1 17 (AES128) Administrator@DOMAIN.LOCAL baba43a8b97baca153bd54b2f0774ad7 #{Time.parse('2022-10-01 19:51:29 +0200').to_time} - 1 23 (RC4_HMAC) Administrator@DOMAIN.LOCAL 8846f7eaee8fb117ad06bdd830b7586c #{Time.parse('2022-10-01 19:51:29 +0200').to_time} - 1 18 (AES256) Administrator@DOMAIN.LOCAL c4a3f31d64afa648a6d08d0776563e1238b976d0b90f79ea072194368294e929 #{Time.parse('1970-01-01 01:00:00 +0100').to_time} + 1 18 (AES256) Administrator@DOMAIN.LOCAL c4a3f31d64afa648a6d08d0776563e1238b976d0b90f79ea072194368294e929 #{Time.parse('2022-10-01 17:51:29 +0000').to_time} + 1 17 (AES128) Administrator@DOMAIN.LOCAL baba43a8b97baca153bd54b2f0774ad7 #{Time.parse('2022-10-01 17:51:29 +0000').to_time} + 1 23 (RC4_HMAC) Administrator@DOMAIN.LOCAL 8846f7eaee8fb117ad06bdd830b7586c #{Time.parse('2022-10-01 17:51:29 +0000').to_time} + 1 18 (AES256) Administrator@DOMAIN.LOCAL c4a3f31d64afa648a6d08d0776563e1238b976d0b90f79ea072194368294e929 #{Time.parse('1970-01-01 00:00:00 +0000').to_time} TABLE end end @@ -188,9 +188,9 @@ kvno type principal hash date ---- ---- --------- ---- ---- - 1 18 (AES256) Administrator@DOMAIN.LOCAL c4a3f31d64afa648a6d08d0776563e1238b976d0b90f79ea072194368294e929 #{Time.parse('2022-10-01 19:51:29 +0200').to_time} - 1 17 (AES128) Administrator@DOMAIN.LOCAL baba43a8b97baca153bd54b2f0774ad7 #{Time.parse('2022-10-01 19:51:29 +0200').to_time} - 1 23 (RC4_HMAC) Administrator@DOMAIN.LOCAL 8846f7eaee8fb117ad06bdd830b7586c #{Time.parse('2022-10-01 19:51:29 +0200').to_time} + 1 18 (AES256) Administrator@DOMAIN.LOCAL c4a3f31d64afa648a6d08d0776563e1238b976d0b90f79ea072194368294e929 #{Time.parse('2022-10-01 17:51:29 +0000').to_time} + 1 17 (AES128) Administrator@DOMAIN.LOCAL baba43a8b97baca153bd54b2f0774ad7 #{Time.parse('2022-10-01 17:51:29 +0000').to_time} + 1 23 (RC4_HMAC) Administrator@DOMAIN.LOCAL 8846f7eaee8fb117ad06bdd830b7586c #{Time.parse('2022-10-01 17:51:29 +0000').to_time} TABLE end From 1272d5c82728b3e93876e3d20fc7b44133da023e Mon Sep 17 00:00:00 2001 From: Arne De Herdt Date: Wed, 13 Nov 2024 10:00:47 +0100 Subject: [PATCH 24/40] update specs based on CI output --- .../admin/kerberos/inspect_ticket_spec.rb | 56 +++++++++---------- .../auxiliary/admin/kerberos/keytab_spec.rb | 6 +- 2 files changed, 31 insertions(+), 31 deletions(-) diff --git a/spec/modules/auxiliary/admin/kerberos/inspect_ticket_spec.rb b/spec/modules/auxiliary/admin/kerberos/inspect_ticket_spec.rb index 7c828d93932f..04cdd401a7f8 100644 --- a/spec/modules/auxiliary/admin/kerberos/inspect_ticket_spec.rb +++ b/spec/modules/auxiliary/admin/kerberos/inspect_ticket_spec.rb @@ -475,10 +475,10 @@ Addresses: 0 Authdatas: 0 Times: - Auth time: #{Time.parse('2023-01-13 14:31:25 UTC').to_time} - Start time: #{Time.parse('2023-01-13 14:31:25 UTC').to_time} - End time: #{Time.parse('2033-01-10 14:31:25 UTC').to_time} - Renew Till: #{Time.parse('2033-01-10 14:31:25 UTC').to_time} + Auth time: #{Time.parse('2023-01-13 14:31:25 +0000').to_time} + Start time: #{Time.parse('2023-01-13 14:31:25 +0000').to_time} + End time: #{Time.parse('2033-01-10 14:31:25 +0000').to_time} + Renew Till: #{Time.parse('2033-01-10 14:31:25 +0000').to_time} Ticket: Ticket Version Number: 5 Realm: WINDOMAIN.LOCAL @@ -488,10 +488,10 @@ Key Version Number: 2 Decrypted (with key: 4b912be0366a6f37f4a7d571bee18b1173d93195ef76f8d1e3e81ef6172ab326): Times: - Auth time: #{Time.parse('2023-01-13 14:31:25 UTC').to_time} - Start time: #{Time.parse('2023-01-13 14:31:25 UTC').to_time} - End time: #{Time.parse('2033-01-10 14:31:25 UTC').to_time} - Renew Till: #{Time.parse('2033-01-10 14:31:25 UTC').to_time} + Auth time: #{Time.parse('2023-01-13 14:31:25 +0000').to_time} + Start time: #{Time.parse('2023-01-13 14:31:25 +0000').to_time} + End time: #{Time.parse('2033-01-10 14:31:25 +0000').to_time} + Renew Till: #{Time.parse('2033-01-10 14:31:25 +0000').to_time} Client Addresses: 0 Transited: tr_type: 0, Contents: "" Client Name: 'Administrator' @@ -501,7 +501,7 @@ Flags: 0x50a00000 (FORWARDABLE, PROXIABLE, RENEWABLE, PRE_AUTHENT) PAC: Validation Info: - Logon Time: #{Time.parse('2023-01-13 14:31:25 UTC').to_time} + Logon Time: #{Time.parse('2023-01-13 14:31:25 +0000').to_time} Logoff Time: Never Expires (inf) Kick Off Time: Never Expires (inf) Password Last Set: No Time Set (0) @@ -602,7 +602,7 @@ Logon Domain Name: 'WINDOMAIN.LOCAL' Client Info: Name: 'Administrator' - Client ID: #{Time.parse('2023-01-13 14:31:25 UTC').to_time} + Client ID: #{Time.parse('2023-01-13 14:31:25 +0000').to_time} Pac Server Checksum: Signature: 81a20da731b3b9bdd2e756dc Pac Privilege Server Checksum: @@ -630,10 +630,10 @@ Addresses: 0 Authdatas: 0 Times: - Auth time: #{Time.parse('2023-01-13 14:31:25 UTC').to_time} - Start time: #{Time.parse('2023-01-13 14:31:25 UTC').to_time} - End time: #{Time.parse('2033-01-10 14:31:25 UTC').to_time} - Renew Till: #{Time.parse('2033-01-10 14:31:25 UTC').to_time} + Auth time: #{Time.parse('2023-01-13 14:31:25 +0000').to_time} + Start time: #{Time.parse('2023-01-13 14:31:25 +0000').to_time} + End time: #{Time.parse('2033-01-10 14:31:25 +0000').to_time} + Renew Till: #{Time.parse('2033-01-10 14:31:25 +0000').to_time} Ticket: Ticket Version Number: 5 Realm: WINDOMAIN.LOCAL @@ -665,10 +665,10 @@ Addresses: 0 Authdatas: 0 Times: - Auth time: #{Time.parse('2023-01-13 14:36:39 UTC').to_time} - Start time: #{Time.parse('2023-01-13 14:36:39 UTC').to_time} - End time: #{Time.parse('2033-01-10 14:36:39 UTC').to_time} - Renew Till: #{Time.parse('2033-01-10 14:36:39 UTC').to_time} + Auth time: #{Time.parse('2023-01-13 14:36:39 +0000').to_time} + Start time: #{Time.parse('2023-01-13 14:36:39 +0000').to_time} + End time: #{Time.parse('2033-01-10 14:36:39 +0000').to_time} + Renew Till: #{Time.parse('2033-01-10 14:36:39 +0000').to_time} Ticket: Ticket Version Number: 5 Realm: WINDOMAIN.LOCAL @@ -678,10 +678,10 @@ Key Version Number: 2 Decrypted (with key: 88e4d9fabaecf3dec18dd80905521b29): Times: - Auth time: #{Time.parse('2023-01-13 14:36:39 UTC').to_time} - Start time: #{Time.parse('2023-01-13 14:36:39 UTC').to_time} - End time: #{Time.parse('2033-01-10 14:36:39 UTC').to_time} - Renew Till: #{Time.parse('2033-01-10 14:36:39 UTC').to_time} + Auth time: #{Time.parse('2023-01-13 14:36:39 +0000').to_time} + Start time: #{Time.parse('2023-01-13 14:36:39 +0000').to_time} + End time: #{Time.parse('2033-01-10 14:36:39 +0000').to_time} + Renew Till: #{Time.parse('2033-01-10 14:36:39 +0000').to_time} Client Addresses: 0 Transited: tr_type: 0, Contents: "" Client Name: 'Administrator' @@ -691,7 +691,7 @@ Flags: 0x50a00000 (FORWARDABLE, PROXIABLE, RENEWABLE, PRE_AUTHENT) PAC: Validation Info: - Logon Time: #{Time.parse('2023-01-13 14:36:39 UTC').to_time} + Logon Time: #{Time.parse('2023-01-13 14:36:39 +0000').to_time} Logoff Time: Never Expires (inf) Kick Off Time: Never Expires (inf) Password Last Set: No Time Set (0) @@ -792,7 +792,7 @@ Logon Domain Name: 'WINDOMAIN.LOCAL' Client Info: Name: 'Administrator' - Client ID: #{Time.parse('2023-01-13 14:36:39 UTC').to_time} + Client ID: #{Time.parse('2023-01-13 14:36:39 +0000').to_time} Pac Server Checksum: Signature: 1a038d8dd257a7d9b875280259ab0e4a Pac Privilege Server Checksum: @@ -820,10 +820,10 @@ Addresses: 0 Authdatas: 0 Times: - Auth time: #{Time.parse('2023-01-13 14:36:39 UTC').to_time} - Start time: #{Time.parse('2023-01-13 14:36:39 UTC').to_time} - End time: #{Time.parse('2033-01-10 14:36:39 UTC').to_time} - Renew Till: #{Time.parse('2033-01-10 14:36:39 UTC').to_time} + Auth time: #{Time.parse('2023-01-13 14:36:39 +0000').to_time} + Start time: #{Time.parse('2023-01-13 14:36:39 +0000').to_time} + End time: #{Time.parse('2033-01-10 14:36:39 +0000').to_time} + Renew Till: #{Time.parse('2033-01-10 14:36:39 +0000').to_time} Ticket: Ticket Version Number: 5 Realm: WINDOMAIN.LOCAL diff --git a/spec/modules/auxiliary/admin/kerberos/keytab_spec.rb b/spec/modules/auxiliary/admin/kerberos/keytab_spec.rb index cc3e2bd9496f..c1cb79a81b05 100644 --- a/spec/modules/auxiliary/admin/kerberos/keytab_spec.rb +++ b/spec/modules/auxiliary/admin/kerberos/keytab_spec.rb @@ -295,9 +295,9 @@ def report_creds( kvno type principal hash date ---- ---- --------- ---- ---- - 1 23 (RC4_HMAC) user_without_realm@ e02bc503339d51f71d913c245d35b50b #{Time.parse('1970-01-01 01:00:00 +0100').to_time} - 1 23 (RC4_HMAC) user_with_realm@example.local 32ede47af254546a82b1743953cc4950 #{Time.parse('1970-01-01 01:00:00 +0100').to_time} - 1 18 (AES256) user_with_krbkey@demo.local 63346133663331643634616661363438613664303864303737363536336531323338623937366430623930663739656130373231393433363832393465393239 #{Time.parse('1970-01-01 01:00:00 +0100').to_time} + 1 23 (RC4_HMAC) user_without_realm@ e02bc503339d51f71d913c245d35b50b #{Time.parse('1970-01-01 01:00:00 +0000').to_time} + 1 23 (RC4_HMAC) user_with_realm@example.local 32ede47af254546a82b1743953cc4950 #{Time.parse('1970-01-01 01:00:00 +0000').to_time} + 1 18 (AES256) user_with_krbkey@demo.local 63346133663331643634616661363438613664303864303737363536336531323338623937366430623930663739656130373231393433363832393465393239 #{Time.parse('1970-01-01 01:00:00 +0000').to_time} TABLE end From b77a9a71e07151c311c147978417f0a969cb1bfd Mon Sep 17 00:00:00 2001 From: Arne De Herdt Date: Wed, 13 Nov 2024 10:42:03 +0100 Subject: [PATCH 25/40] update specs based on CI --- spec/modules/auxiliary/admin/kerberos/keytab_spec.rb | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/spec/modules/auxiliary/admin/kerberos/keytab_spec.rb b/spec/modules/auxiliary/admin/kerberos/keytab_spec.rb index c1cb79a81b05..4884f1678933 100644 --- a/spec/modules/auxiliary/admin/kerberos/keytab_spec.rb +++ b/spec/modules/auxiliary/admin/kerberos/keytab_spec.rb @@ -295,9 +295,9 @@ def report_creds( kvno type principal hash date ---- ---- --------- ---- ---- - 1 23 (RC4_HMAC) user_without_realm@ e02bc503339d51f71d913c245d35b50b #{Time.parse('1970-01-01 01:00:00 +0000').to_time} - 1 23 (RC4_HMAC) user_with_realm@example.local 32ede47af254546a82b1743953cc4950 #{Time.parse('1970-01-01 01:00:00 +0000').to_time} - 1 18 (AES256) user_with_krbkey@demo.local 63346133663331643634616661363438613664303864303737363536336531323338623937366430623930663739656130373231393433363832393465393239 #{Time.parse('1970-01-01 01:00:00 +0000').to_time} + 1 23 (RC4_HMAC) user_without_realm@ e02bc503339d51f71d913c245d35b50b #{Time.parse('1970-01-01 00:00:00 +0000').to_time} + 1 23 (RC4_HMAC) user_with_realm@example.local 32ede47af254546a82b1743953cc4950 #{Time.parse('1970-01-01 00:00:00 +0000').to_time} + 1 18 (AES256) user_with_krbkey@demo.local 63346133663331643634616661363438613664303864303737363536336531323338623937366430623930663739656130373231393433363832393465393239 #{Time.parse('1970-01-01 00:00:00 +0000').to_time} TABLE end From 9cd7ef6433f713962899509d9fcccff676adab4b Mon Sep 17 00:00:00 2001 From: Arne De Herdt Date: Wed, 13 Nov 2024 10:45:57 +0100 Subject: [PATCH 26/40] Use a modern postgres to resolve segfault and openSSL issues --- .github/workflows/postgres_acceptance.yml | 2 +- .github/workflows/verify.yml | 2 +- docker-compose.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/postgres_acceptance.yml b/.github/workflows/postgres_acceptance.yml index 0de893c76843..a5a9ff5d60b4 100644 --- a/.github/workflows/postgres_acceptance.yml +++ b/.github/workflows/postgres_acceptance.yml @@ -67,7 +67,7 @@ jobs: os: - ubuntu-latest docker_image: - - postgres:9.4 + - postgres:14.13 - postgres:16.2 env: diff --git a/.github/workflows/verify.yml b/.github/workflows/verify.yml index b240005d78b5..c21bbd957085 100644 --- a/.github/workflows/verify.yml +++ b/.github/workflows/verify.yml @@ -45,7 +45,7 @@ jobs: services: postgres: - image: postgres:9.6 + image: postgres:14.13 ports: ["5432:5432"] env: POSTGRES_USER: postgres diff --git a/docker-compose.yml b/docker-compose.yml index e7f8812d7e2e..101be5b7678e 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -11,7 +11,7 @@ services: - $HOME/.msf4:/home/msf/.msf4 db: - image: postgres:10-alpine + image: postgres:14-alpine volumes: - pg_data:/var/lib/postgresql/data environment: From 7f55a28888338801d0640cb6f5847244b2485b24 Mon Sep 17 00:00:00 2001 From: Arne De Herdt Date: Wed, 13 Nov 2024 11:51:19 +0100 Subject: [PATCH 27/40] disable transactional features for now --- spec/spec_helper.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb index f009fca22100..24c5951c6dcd 100644 --- a/spec/spec_helper.rb +++ b/spec/spec_helper.rb @@ -100,8 +100,8 @@ if load_metasploit # Run fixtures and examples in transactions to keep the database clean. - config.use_transactional_fixtures = true - config.use_transactional_examples = true + config.use_transactional_fixtures = false + config.use_transactional_examples = false # rspec-rails 3 will no longer automatically infer an example group's spec type # from the file location. You can explicitly opt-in to the feature using this From 13fce28fffa2b4ff62df22717b64d72f556004ab Mon Sep 17 00:00:00 2001 From: Arne De Herdt Date: Wed, 13 Nov 2024 11:59:21 +0100 Subject: [PATCH 28/40] verifying if this is a Ruby 3.1 problem --- .github/workflows/verify.yml | 4 ++-- spec/spec_helper.rb | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/verify.yml b/.github/workflows/verify.yml index c21bbd957085..6f198cc67f59 100644 --- a/.github/workflows/verify.yml +++ b/.github/workflows/verify.yml @@ -60,7 +60,7 @@ jobs: fail-fast: true matrix: ruby: - - '3.1' + #- '3.1' - '3.2' - '3.3' - '3.4.0-preview2' @@ -69,7 +69,7 @@ jobs: - ubuntu-latest include: - os: ubuntu-latest - ruby: '3.1' + ruby: '3.2' test_cmd: 'bundle exec rake rspec-rerun:spec SPEC_OPTS="--tag content" MSF_FEATURE_DEFER_MODULE_LOADS=1' test_cmd: - bundle exec rake rspec-rerun:spec SPEC_OPTS="--tag content" diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb index 24c5951c6dcd..f009fca22100 100644 --- a/spec/spec_helper.rb +++ b/spec/spec_helper.rb @@ -100,8 +100,8 @@ if load_metasploit # Run fixtures and examples in transactions to keep the database clean. - config.use_transactional_fixtures = false - config.use_transactional_examples = false + config.use_transactional_fixtures = true + config.use_transactional_examples = true # rspec-rails 3 will no longer automatically infer an example group's spec type # from the file location. You can explicitly opt-in to the feature using this From 49585beb8c8a7868d3cd7245a3bcbff814b662b4 Mon Sep 17 00:00:00 2001 From: Arne De Herdt Date: Wed, 13 Nov 2024 12:11:24 +0100 Subject: [PATCH 29/40] happens on all versions --- .github/workflows/verify.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/verify.yml b/.github/workflows/verify.yml index 6f198cc67f59..c21bbd957085 100644 --- a/.github/workflows/verify.yml +++ b/.github/workflows/verify.yml @@ -60,7 +60,7 @@ jobs: fail-fast: true matrix: ruby: - #- '3.1' + - '3.1' - '3.2' - '3.3' - '3.4.0-preview2' @@ -69,7 +69,7 @@ jobs: - ubuntu-latest include: - os: ubuntu-latest - ruby: '3.2' + ruby: '3.1' test_cmd: 'bundle exec rake rspec-rerun:spec SPEC_OPTS="--tag content" MSF_FEATURE_DEFER_MODULE_LOADS=1' test_cmd: - bundle exec rake rspec-rerun:spec SPEC_OPTS="--tag content" From 0ef8e4a31d0e13eef139b79a3d22b3e3d9344418 Mon Sep 17 00:00:00 2001 From: Arne De Herdt Date: Thu, 14 Nov 2024 11:11:10 +0100 Subject: [PATCH 30/40] undo changes in workflow, issue is not postgres version bound. --- .github/workflows/postgres_acceptance.yml | 2 +- .github/workflows/verify.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/postgres_acceptance.yml b/.github/workflows/postgres_acceptance.yml index a5a9ff5d60b4..0de893c76843 100644 --- a/.github/workflows/postgres_acceptance.yml +++ b/.github/workflows/postgres_acceptance.yml @@ -67,7 +67,7 @@ jobs: os: - ubuntu-latest docker_image: - - postgres:14.13 + - postgres:9.4 - postgres:16.2 env: diff --git a/.github/workflows/verify.yml b/.github/workflows/verify.yml index c21bbd957085..b240005d78b5 100644 --- a/.github/workflows/verify.yml +++ b/.github/workflows/verify.yml @@ -45,7 +45,7 @@ jobs: services: postgres: - image: postgres:14.13 + image: postgres:9.6 ports: ["5432:5432"] env: POSTGRES_USER: postgres From 2146cc5f0c8969b50e723733e0bc183101ccef02 Mon Sep 17 00:00:00 2001 From: Arne De Herdt Date: Fri, 15 Nov 2024 08:48:21 +0100 Subject: [PATCH 31/40] Undo code change --- lib/msf/core/db_manager/migration.rb | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/lib/msf/core/db_manager/migration.rb b/lib/msf/core/db_manager/migration.rb index e52a2dfeb838..32f5e0579eb8 100644 --- a/lib/msf/core/db_manager/migration.rb +++ b/lib/msf/core/db_manager/migration.rb @@ -66,9 +66,7 @@ def needs_migration? private def with_migration_context - ActiveRecord::Base.connection_pool.with_connection do - yield ActiveRecord::MigrationContext.new(gather_engine_migration_paths) - end + yield ActiveRecord::MigrationContext.new(gather_engine_migration_paths) end # @return [ActiveRecord::MigrationContext] From f797c45073f4a76e43087f128c1676f3bef5eb17 Mon Sep 17 00:00:00 2001 From: Arne De Herdt Date: Fri, 15 Nov 2024 09:02:56 +0100 Subject: [PATCH 32/40] try to resolve the timezone issue --- config/application.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/config/application.rb b/config/application.rb index e438fbe707ac..3c509be6ec82 100644 --- a/config/application.rb +++ b/config/application.rb @@ -49,14 +49,14 @@ class Application < Rails::Application config.active_support.cache_format_version = 7.1 # Timezone shenanigans - config.time_zone = 'Europe/Dublin' + config.time_zone = 'UTC' if config.respond_to?(:active_record) # The default column serializer was YAML prior to Rails 7.1 config.active_record.default_column_serializer = ::YAML # Timezone settings - config.active_record.default_timezone = :utc + config.active_record.default_timezone = :local # Partials inserts are disabled by default in Rails 7 # This only writes attributes that changed. From b2c74aa128123d9d620d3e969d14f77a9b09debe Mon Sep 17 00:00:00 2001 From: Arne De Herdt Date: Fri, 15 Nov 2024 09:13:57 +0100 Subject: [PATCH 33/40] Revert time adjustments --- .../admin/kerberos/inspect_ticket_spec.rb | 56 +++++++++---------- .../auxiliary/admin/kerberos/keytab_spec.rb | 6 +- 2 files changed, 31 insertions(+), 31 deletions(-) diff --git a/spec/modules/auxiliary/admin/kerberos/inspect_ticket_spec.rb b/spec/modules/auxiliary/admin/kerberos/inspect_ticket_spec.rb index 04cdd401a7f8..7c828d93932f 100644 --- a/spec/modules/auxiliary/admin/kerberos/inspect_ticket_spec.rb +++ b/spec/modules/auxiliary/admin/kerberos/inspect_ticket_spec.rb @@ -475,10 +475,10 @@ Addresses: 0 Authdatas: 0 Times: - Auth time: #{Time.parse('2023-01-13 14:31:25 +0000').to_time} - Start time: #{Time.parse('2023-01-13 14:31:25 +0000').to_time} - End time: #{Time.parse('2033-01-10 14:31:25 +0000').to_time} - Renew Till: #{Time.parse('2033-01-10 14:31:25 +0000').to_time} + Auth time: #{Time.parse('2023-01-13 14:31:25 UTC').to_time} + Start time: #{Time.parse('2023-01-13 14:31:25 UTC').to_time} + End time: #{Time.parse('2033-01-10 14:31:25 UTC').to_time} + Renew Till: #{Time.parse('2033-01-10 14:31:25 UTC').to_time} Ticket: Ticket Version Number: 5 Realm: WINDOMAIN.LOCAL @@ -488,10 +488,10 @@ Key Version Number: 2 Decrypted (with key: 4b912be0366a6f37f4a7d571bee18b1173d93195ef76f8d1e3e81ef6172ab326): Times: - Auth time: #{Time.parse('2023-01-13 14:31:25 +0000').to_time} - Start time: #{Time.parse('2023-01-13 14:31:25 +0000').to_time} - End time: #{Time.parse('2033-01-10 14:31:25 +0000').to_time} - Renew Till: #{Time.parse('2033-01-10 14:31:25 +0000').to_time} + Auth time: #{Time.parse('2023-01-13 14:31:25 UTC').to_time} + Start time: #{Time.parse('2023-01-13 14:31:25 UTC').to_time} + End time: #{Time.parse('2033-01-10 14:31:25 UTC').to_time} + Renew Till: #{Time.parse('2033-01-10 14:31:25 UTC').to_time} Client Addresses: 0 Transited: tr_type: 0, Contents: "" Client Name: 'Administrator' @@ -501,7 +501,7 @@ Flags: 0x50a00000 (FORWARDABLE, PROXIABLE, RENEWABLE, PRE_AUTHENT) PAC: Validation Info: - Logon Time: #{Time.parse('2023-01-13 14:31:25 +0000').to_time} + Logon Time: #{Time.parse('2023-01-13 14:31:25 UTC').to_time} Logoff Time: Never Expires (inf) Kick Off Time: Never Expires (inf) Password Last Set: No Time Set (0) @@ -602,7 +602,7 @@ Logon Domain Name: 'WINDOMAIN.LOCAL' Client Info: Name: 'Administrator' - Client ID: #{Time.parse('2023-01-13 14:31:25 +0000').to_time} + Client ID: #{Time.parse('2023-01-13 14:31:25 UTC').to_time} Pac Server Checksum: Signature: 81a20da731b3b9bdd2e756dc Pac Privilege Server Checksum: @@ -630,10 +630,10 @@ Addresses: 0 Authdatas: 0 Times: - Auth time: #{Time.parse('2023-01-13 14:31:25 +0000').to_time} - Start time: #{Time.parse('2023-01-13 14:31:25 +0000').to_time} - End time: #{Time.parse('2033-01-10 14:31:25 +0000').to_time} - Renew Till: #{Time.parse('2033-01-10 14:31:25 +0000').to_time} + Auth time: #{Time.parse('2023-01-13 14:31:25 UTC').to_time} + Start time: #{Time.parse('2023-01-13 14:31:25 UTC').to_time} + End time: #{Time.parse('2033-01-10 14:31:25 UTC').to_time} + Renew Till: #{Time.parse('2033-01-10 14:31:25 UTC').to_time} Ticket: Ticket Version Number: 5 Realm: WINDOMAIN.LOCAL @@ -665,10 +665,10 @@ Addresses: 0 Authdatas: 0 Times: - Auth time: #{Time.parse('2023-01-13 14:36:39 +0000').to_time} - Start time: #{Time.parse('2023-01-13 14:36:39 +0000').to_time} - End time: #{Time.parse('2033-01-10 14:36:39 +0000').to_time} - Renew Till: #{Time.parse('2033-01-10 14:36:39 +0000').to_time} + Auth time: #{Time.parse('2023-01-13 14:36:39 UTC').to_time} + Start time: #{Time.parse('2023-01-13 14:36:39 UTC').to_time} + End time: #{Time.parse('2033-01-10 14:36:39 UTC').to_time} + Renew Till: #{Time.parse('2033-01-10 14:36:39 UTC').to_time} Ticket: Ticket Version Number: 5 Realm: WINDOMAIN.LOCAL @@ -678,10 +678,10 @@ Key Version Number: 2 Decrypted (with key: 88e4d9fabaecf3dec18dd80905521b29): Times: - Auth time: #{Time.parse('2023-01-13 14:36:39 +0000').to_time} - Start time: #{Time.parse('2023-01-13 14:36:39 +0000').to_time} - End time: #{Time.parse('2033-01-10 14:36:39 +0000').to_time} - Renew Till: #{Time.parse('2033-01-10 14:36:39 +0000').to_time} + Auth time: #{Time.parse('2023-01-13 14:36:39 UTC').to_time} + Start time: #{Time.parse('2023-01-13 14:36:39 UTC').to_time} + End time: #{Time.parse('2033-01-10 14:36:39 UTC').to_time} + Renew Till: #{Time.parse('2033-01-10 14:36:39 UTC').to_time} Client Addresses: 0 Transited: tr_type: 0, Contents: "" Client Name: 'Administrator' @@ -691,7 +691,7 @@ Flags: 0x50a00000 (FORWARDABLE, PROXIABLE, RENEWABLE, PRE_AUTHENT) PAC: Validation Info: - Logon Time: #{Time.parse('2023-01-13 14:36:39 +0000').to_time} + Logon Time: #{Time.parse('2023-01-13 14:36:39 UTC').to_time} Logoff Time: Never Expires (inf) Kick Off Time: Never Expires (inf) Password Last Set: No Time Set (0) @@ -792,7 +792,7 @@ Logon Domain Name: 'WINDOMAIN.LOCAL' Client Info: Name: 'Administrator' - Client ID: #{Time.parse('2023-01-13 14:36:39 +0000').to_time} + Client ID: #{Time.parse('2023-01-13 14:36:39 UTC').to_time} Pac Server Checksum: Signature: 1a038d8dd257a7d9b875280259ab0e4a Pac Privilege Server Checksum: @@ -820,10 +820,10 @@ Addresses: 0 Authdatas: 0 Times: - Auth time: #{Time.parse('2023-01-13 14:36:39 +0000').to_time} - Start time: #{Time.parse('2023-01-13 14:36:39 +0000').to_time} - End time: #{Time.parse('2033-01-10 14:36:39 +0000').to_time} - Renew Till: #{Time.parse('2033-01-10 14:36:39 +0000').to_time} + Auth time: #{Time.parse('2023-01-13 14:36:39 UTC').to_time} + Start time: #{Time.parse('2023-01-13 14:36:39 UTC').to_time} + End time: #{Time.parse('2033-01-10 14:36:39 UTC').to_time} + Renew Till: #{Time.parse('2033-01-10 14:36:39 UTC').to_time} Ticket: Ticket Version Number: 5 Realm: WINDOMAIN.LOCAL diff --git a/spec/modules/auxiliary/admin/kerberos/keytab_spec.rb b/spec/modules/auxiliary/admin/kerberos/keytab_spec.rb index 4884f1678933..cc3e2bd9496f 100644 --- a/spec/modules/auxiliary/admin/kerberos/keytab_spec.rb +++ b/spec/modules/auxiliary/admin/kerberos/keytab_spec.rb @@ -295,9 +295,9 @@ def report_creds( kvno type principal hash date ---- ---- --------- ---- ---- - 1 23 (RC4_HMAC) user_without_realm@ e02bc503339d51f71d913c245d35b50b #{Time.parse('1970-01-01 00:00:00 +0000').to_time} - 1 23 (RC4_HMAC) user_with_realm@example.local 32ede47af254546a82b1743953cc4950 #{Time.parse('1970-01-01 00:00:00 +0000').to_time} - 1 18 (AES256) user_with_krbkey@demo.local 63346133663331643634616661363438613664303864303737363536336531323338623937366430623930663739656130373231393433363832393465393239 #{Time.parse('1970-01-01 00:00:00 +0000').to_time} + 1 23 (RC4_HMAC) user_without_realm@ e02bc503339d51f71d913c245d35b50b #{Time.parse('1970-01-01 01:00:00 +0100').to_time} + 1 23 (RC4_HMAC) user_with_realm@example.local 32ede47af254546a82b1743953cc4950 #{Time.parse('1970-01-01 01:00:00 +0100').to_time} + 1 18 (AES256) user_with_krbkey@demo.local 63346133663331643634616661363438613664303864303737363536336531323338623937366430623930663739656130373231393433363832393465393239 #{Time.parse('1970-01-01 01:00:00 +0100').to_time} TABLE end From 25f8592f9739a5242d1f99f0f717d568b037d59e Mon Sep 17 00:00:00 2001 From: Arne De Herdt Date: Fri, 15 Nov 2024 09:14:33 +0100 Subject: [PATCH 34/40] revert unneeded change --- spec/support/shared/examples/msf/db_manager/migration.rb | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/spec/support/shared/examples/msf/db_manager/migration.rb b/spec/support/shared/examples/msf/db_manager/migration.rb index 6041a8793ce7..1b3a8c2d8dc9 100644 --- a/spec/support/shared/examples/msf/db_manager/migration.rb +++ b/spec/support/shared/examples/msf/db_manager/migration.rb @@ -1,7 +1,7 @@ RSpec.shared_examples_for 'Msf::DBManager::Migration' do if ENV['REMOTE_DB'] - before { skip('Migration is not tested for a remote DB') } + before {skip("Migration is not tested for a remote DB")} end it { is_expected.to be_a Msf::DBManager::Migration } @@ -30,12 +30,13 @@ def migrate migrate end + it 'should return an ActiveRecord::MigrationContext with known migrations' do - migrations_paths = [File.expand_path('../../../../../file_fixtures/migrate', __dir__)] + migrations_paths = [File.expand_path("../../../../../file_fixtures/migrate", __dir__)] expect(ActiveRecord::Migrator).to receive(:migrations_paths).and_return(migrations_paths).exactly(1).times result = migrate expect(result.size).to eq 1 - expect(result[0].name).to eq 'TestDbMigration' + expect(result[0].name).to eq "TestDbMigration" end it 'should reset the column information' do @@ -54,7 +55,7 @@ def migrate end before(:example) do - mockContext = ActiveRecord::MigrationContext.new(nil) + mockContext = ActiveRecord::MigrationContext.new(nil, ActiveRecord::SchemaMigration) expect(ActiveRecord::MigrationContext).to receive(:new).and_return(mockContext) expect(mockContext).to receive(:needs_migration?).and_return(true) expect(mockContext).to receive(:migrate).and_raise(standard_error) From 240351dee04374d776ceb8a1b6c76968ade4fbc7 Mon Sep 17 00:00:00 2001 From: Arne De Herdt Date: Fri, 15 Nov 2024 09:33:43 +0100 Subject: [PATCH 35/40] Remove calls to `ApplicationRecord.establish_connection` --- lib/msf/core/db_manager/connection.rb | 26 +++++--------------------- 1 file changed, 5 insertions(+), 21 deletions(-) diff --git a/lib/msf/core/db_manager/connection.rb b/lib/msf/core/db_manager/connection.rb index 97c878b8867d..81935e1da55c 100644 --- a/lib/msf/core/db_manager/connection.rb +++ b/lib/msf/core/db_manager/connection.rb @@ -82,31 +82,15 @@ def create_db(opts) begin case opts["adapter"] when 'postgresql' - # Try to force a connection to be made to the database, if it succeeds - # then we know we don't need to create it :) - ApplicationRecord.establish_connection(opts) - # Do the checkout, checkin dance here to make sure this thread doesn't - # hold on to a connection we don't need - conn = ApplicationRecord.connection_pool.checkout - ApplicationRecord.connection_pool.checkin(conn) + existing_db = ::ApplicationRecord.connection_pool.with_connection(&:active) rescue false + ::ApplicationRecord.connection.create_database(opts['database']) unless existing_db + else + ilog("Unknown database adapter: #{opts['adapter']}") end rescue ::Exception => e errstr = e.to_s - if errstr =~ /does not exist/i or errstr =~ /Unknown database/ - ilog("Database doesn't exist \"#{opts['database']}\", attempting to create it.") - ApplicationRecord.establish_connection( - opts.merge( - 'database' => 'postgres', - 'schema_search_path' => 'public' - ) - ) - - ApplicationRecord.connection.create_database(opts['database']) - else - ilog("Trying to continue despite failed database creation: #{e}") - end + ilog("Trying to continue despite failed database creation: #{e}") end - ApplicationRecord.remove_connection end # Checks if the spec passed to `ApplicationRecord.establish_connection` can connect to the database. From 290444327181c4f26887434e2a50caf2656fe465 Mon Sep 17 00:00:00 2001 From: Arne De Herdt Date: Fri, 15 Nov 2024 09:34:08 +0100 Subject: [PATCH 36/40] code cleanup --- lib/msf/core/db_manager/connection.rb | 1 - 1 file changed, 1 deletion(-) diff --git a/lib/msf/core/db_manager/connection.rb b/lib/msf/core/db_manager/connection.rb index 81935e1da55c..e8004f68d0a9 100644 --- a/lib/msf/core/db_manager/connection.rb +++ b/lib/msf/core/db_manager/connection.rb @@ -88,7 +88,6 @@ def create_db(opts) ilog("Unknown database adapter: #{opts['adapter']}") end rescue ::Exception => e - errstr = e.to_s ilog("Trying to continue despite failed database creation: #{e}") end end From ec2206762b8625ec2084169b1b345b56bcd65ac9 Mon Sep 17 00:00:00 2001 From: Arne De Herdt Date: Fri, 15 Nov 2024 09:48:37 +0100 Subject: [PATCH 37/40] more timezone stuff --- .../modules/auxiliary/admin/kerberos/forge_ticket_spec.rb | 8 ++++---- spec/modules/auxiliary/admin/kerberos/keytab_spec.rb | 6 +++--- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/spec/modules/auxiliary/admin/kerberos/forge_ticket_spec.rb b/spec/modules/auxiliary/admin/kerberos/forge_ticket_spec.rb index b64200d39776..957da6156fe0 100644 --- a/spec/modules/auxiliary/admin/kerberos/forge_ticket_spec.rb +++ b/spec/modules/auxiliary/admin/kerberos/forge_ticket_spec.rb @@ -56,8 +56,8 @@ Addresses: 0 Authdatas: 0 Times: - Auth time: #{Time.parse('2022-07-15 13:33:40 +0100').to_time} - Start time: #{Time.parse('2022-07-15 13:33:40 +0100').to_time} + Auth time: #{Time.parse('2022-07-15 12:33:40 +0000').to_time} + Start time: #{Time.parse('2022-07-15 12:33:40 +0000').to_time} End time: #{Time.parse('2032-07-12 13:33:40 +0100').to_time} Renew Till: #{Time.parse('2032-07-12 13:33:40 +0100').to_time} Ticket: @@ -82,7 +82,7 @@ Flags: 0x50e00000 (FORWARDABLE, PROXIABLE, RENEWABLE, INITIAL, PRE_AUTHENT) PAC: Validation Info: - Logon Time: #{Time.parse('2022-07-15 13:33:40 +0100').to_time} + Logon Time: #{Time.parse('2022-07-15 12:33:40 +0000').to_time} Logoff Time: Never Expires (inf) Kick Off Time: Never Expires (inf) Password Last Set: No Time Set (0) @@ -185,7 +185,7 @@ Logon Domain Name: 'DEMO.LOCAL' Client Info: Name: 'Administrator' - Client ID: #{Time.parse('2022-07-15 13:33:40 +0100').to_time} + Client ID: #{Time.parse('2022-07-15 12:33:40 +0000').to_time} Pac Requestor: SID: S-1-5-21-1266190811-2419310613-1856291569-500 Pac Attributes: diff --git a/spec/modules/auxiliary/admin/kerberos/keytab_spec.rb b/spec/modules/auxiliary/admin/kerberos/keytab_spec.rb index cc3e2bd9496f..4884f1678933 100644 --- a/spec/modules/auxiliary/admin/kerberos/keytab_spec.rb +++ b/spec/modules/auxiliary/admin/kerberos/keytab_spec.rb @@ -295,9 +295,9 @@ def report_creds( kvno type principal hash date ---- ---- --------- ---- ---- - 1 23 (RC4_HMAC) user_without_realm@ e02bc503339d51f71d913c245d35b50b #{Time.parse('1970-01-01 01:00:00 +0100').to_time} - 1 23 (RC4_HMAC) user_with_realm@example.local 32ede47af254546a82b1743953cc4950 #{Time.parse('1970-01-01 01:00:00 +0100').to_time} - 1 18 (AES256) user_with_krbkey@demo.local 63346133663331643634616661363438613664303864303737363536336531323338623937366430623930663739656130373231393433363832393465393239 #{Time.parse('1970-01-01 01:00:00 +0100').to_time} + 1 23 (RC4_HMAC) user_without_realm@ e02bc503339d51f71d913c245d35b50b #{Time.parse('1970-01-01 00:00:00 +0000').to_time} + 1 23 (RC4_HMAC) user_with_realm@example.local 32ede47af254546a82b1743953cc4950 #{Time.parse('1970-01-01 00:00:00 +0000').to_time} + 1 18 (AES256) user_with_krbkey@demo.local 63346133663331643634616661363438613664303864303737363536336531323338623937366430623930663739656130373231393433363832393465393239 #{Time.parse('1970-01-01 00:00:00 +0000').to_time} TABLE end From bd924280364184174e69847cbe9f0a2e19c84d55 Mon Sep 17 00:00:00 2001 From: Arne De Herdt Date: Fri, 15 Nov 2024 10:16:48 +0100 Subject: [PATCH 38/40] set a sane DB pool size --- config/database.yml.example | 2 +- config/database.yml.github_actions | 2 +- config/database.yml.vagrant | 2 +- docker-compose.override.yml | 2 +- docker-compose.yml | 2 +- .../Work-needed-to-allow-msfdb-to-use-postgresql-common.md | 2 +- msfdb | 2 +- 7 files changed, 7 insertions(+), 7 deletions(-) diff --git a/config/database.yml.example b/config/database.yml.example index eefd3519d59d..f90b3ac9a8d0 100644 --- a/config/database.yml.example +++ b/config/database.yml.example @@ -12,7 +12,7 @@ development: &pgsql password: __________________________________ host: localhost port: 5432 - pool: 200 + pool: 10 timeout: 5 reconnect: true diff --git a/config/database.yml.github_actions b/config/database.yml.github_actions index cd6de837555d..0b8eae2e3999 100644 --- a/config/database.yml.github_actions +++ b/config/database.yml.github_actions @@ -14,7 +14,7 @@ development: &pgsql host: localhost username: postgres password: postgres - pool: 25 + pool: 10 timeout: 5 reconnect: true diff --git a/config/database.yml.vagrant b/config/database.yml.vagrant index 721acbbdabf4..dd03c6c178b7 100644 --- a/config/database.yml.vagrant +++ b/config/database.yml.vagrant @@ -6,7 +6,7 @@ development: &pgsql password: vagrant host: localhost port: 5432 - pool: 200 + pool: 10 timeout: 5 reconnect: true diff --git a/docker-compose.override.yml b/docker-compose.override.yml index 6849e6e3bda4..c30ac70d83d9 100644 --- a/docker-compose.override.yml +++ b/docker-compose.override.yml @@ -7,6 +7,6 @@ services: BUNDLER_ARGS: --jobs=8 image: metasploit:dev environment: - DATABASE_URL: postgres://postgres@db:5432/msf_dev?pool=200&timeout=5&reconnect=true&allow_concurrency=true + DATABASE_URL: postgres://postgres@db:5432/msf_dev?pool=100&timeout=5&reconnect=true&allow_concurrency=true volumes: - .:/usr/src/metasploit-framework diff --git a/docker-compose.yml b/docker-compose.yml index 101be5b7678e..7e648015d16f 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -2,7 +2,7 @@ services: ms: image: metasploitframework/metasploit-framework:latest environment: - DATABASE_URL: postgres://postgres@db:5432/msf?pool=200&timeout=5&reconnect=true&allow_concurrency=true + DATABASE_URL: postgres://postgres@db:5432/msf?pool=10&timeout=5&reconnect=true&allow_concurrency=true links: - db ports: diff --git a/docs/metasploit-framework.wiki/Work-needed-to-allow-msfdb-to-use-postgresql-common.md b/docs/metasploit-framework.wiki/Work-needed-to-allow-msfdb-to-use-postgresql-common.md index c8e934695188..d4d1b3c12212 100644 --- a/docs/metasploit-framework.wiki/Work-needed-to-allow-msfdb-to-use-postgresql-common.md +++ b/docs/metasploit-framework.wiki/Work-needed-to-allow-msfdb-to-use-postgresql-common.md @@ -104,7 +104,7 @@ development: &pgsql password: Password123 host: 127.0.0.1 port: 5433 - pool: 200 + pool: 10 production: &production <<: *pgsql diff --git a/msfdb b/msfdb index 6649fd250c2e..7037bac2c647 100755 --- a/msfdb +++ b/msfdb @@ -66,7 +66,7 @@ require 'msfenv' msftest_db_user: 'msftest', db_host: '127.0.0.1', db_port: 5433, - db_pool: 200, + db_pool: 10, address: 'localhost', port: 5443, daemon: true, From dbd00135c9beb73840916e2b65b522243ee2c7b0 Mon Sep 17 00:00:00 2001 From: Arne De Herdt Date: Fri, 15 Nov 2024 10:33:40 +0100 Subject: [PATCH 39/40] keep activerecord as UTC --- config/application.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/application.rb b/config/application.rb index 3c509be6ec82..f9cce0942646 100644 --- a/config/application.rb +++ b/config/application.rb @@ -56,7 +56,7 @@ class Application < Rails::Application config.active_record.default_column_serializer = ::YAML # Timezone settings - config.active_record.default_timezone = :local + config.active_record.default_timezone = :utc # Partials inserts are disabled by default in Rails 7 # This only writes attributes that changed. From 3b8ea428c6840420eb99fa4b6f075e314582a961 Mon Sep 17 00:00:00 2001 From: adfoster-r7 Date: Tue, 19 Nov 2024 17:35:31 +0000 Subject: [PATCH 40/40] Remove connection pool patch --- lib/msf/core/thread_manager.rb | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/lib/msf/core/thread_manager.rb b/lib/msf/core/thread_manager.rb index 7fe59f501805..9bc89ae37ca6 100644 --- a/lib/msf/core/thread_manager.rb +++ b/lib/msf/core/thread_manager.rb @@ -111,16 +111,6 @@ def spawn(name, crit, *args, &block) error: e ) raise e - ensure - if framework.db && framework.db.active && framework.db.is_local? - # NOTE: despite the Deprecation Warning's advice, this should *NOT* - # be ApplicationRecord.connection.close which causes unrelated - # threads to raise ActiveRecord::StatementInvalid exceptions at - # some point in the future, presumably due to the pool manager - # believing that the connection is still usable and handing it out - # to another thread. - ::ApplicationRecord.connection_pool.release_connection - end end end else