adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
69,016 Commits 27 Branches 1,043 Tags
138f3bb4b2bfcd0f5ca095ca0aa37cbef094aad2
Commit Graph

2839 Commits

Author SHA1 Message Date
Spencer McIntyre 138f3bb4b2 Make the encryption type configurable 2023-01-09 17:20:57 -05:00
Spencer McIntyre b7f6fe584a Add initial lib changes for configurable etypes 2023-01-09 16:43:42 -05:00
Matthew Dunn 8f302c8697 Complete requested PR changes 
Clone the cc_principle
 2023-01-06 14:48:53 -06:00
Matthew Dunn d64c4b6e7e Store the binary format of the ccache 
update key to be correct
 2023-01-06 14:48:53 -06:00
Matthew Dunn ccfc253eb8 Updates to get ccache in golden ticket 
Fix incorrect reference
Use proper encoding
 2023-01-06 14:48:52 -06:00
Dean Welch 8078616f5f Use the correct constant names for ldap failures 2023-01-06 14:11:26 +00:00
dwelch-r7 75372dcdd3 Land #17374, Add klist command 2023-01-06 12:57:20 +00:00
Grant Willcox 0af0f6ea0a Merge pull request #17440 from zeroSteiner/fix/smb-aes-256-kerberos 
Fix SMB key calculation for AES-256 when authenticating with Kerberos
 2023-01-05 17:05:28 -06:00
Spencer McIntyre 785c5a8f4d Fix key calculation for Server 2022 
Metasploit will negotiate the strongest mutually supported encryption
with the target. When the target supports AES-256 as Server 2022 and
Windows 11 do, the key needs to be 32-bytes long and not 16 as it is
when AES-128 is in use. This updates the logic to check if the
encryption algorithm is set to ensure that the key is the correct size.
 2023-01-05 15:08:49 -05:00
Christophe De La Fuente 1ede6661d4 Land #17382, Update pkinit tgt response to include key 2023-01-05 20:45:20 +01:00
Christophe De La Fuente 868072e6c8 Land #17317, Fix various WinRM modules 2023-01-03 19:57:07 +01:00
Ashley Donaldson 45c0af48c2 Suggested changes from code review 2023-01-03 11:26:07 +11:00
adfoster-r7 a8957bce49 Update tgt response to include key 2022-12-30 13:41:54 +00:00
adfoster-r7 6f9ebe4068 Add klist command 2022-12-16 13:02:39 +00:00
Spencer McIntyre 60a76da374 Allow deleting tickets by ID 2022-12-15 18:31:18 -05:00
Spencer McIntyre 75fc560d19 Handle cases where the framework module is nil 2022-12-15 18:31:18 -05:00
Spencer McIntyre 830e850160 Add more docs 2022-12-15 18:31:18 -05:00
Spencer McIntyre 663dee982e Expose an abstract stored ticket object 2022-12-15 18:31:18 -05:00
Spencer McIntyre fea259f6e7 Switch everything to use the ticket storage 2022-12-15 18:31:14 -05:00
Spencer McIntyre b2a4bea761 Breakout the ticket storage backend drivers 2022-12-15 18:29:00 -05:00
Spencer McIntyre 686b946c5b Use a new TicketStorage class 
The goal is to provide an abstraction for how Kerberos tickets are
persisted to disk.
 2022-12-15 18:28:54 -05:00
Spencer McIntyre 5f52ebeea7 Consolidate the loot_info UID string 2022-12-15 18:26:32 -05:00
adfoster-r7 a9ccfe31b7 Merge branch 'upstream-master' into merge-msf-6.2.31-into-kerberos-feature-branch 2022-12-13 19:40:39 +00:00
Spencer McIntyre a80db73bab Land #17325, add impersonation for get_ticket 
Enable the `get_ticket` module to impersonate a user with S4U2self and S4U2proxy
 2022-12-12 09:10:37 -05:00
Dean Welch d239e9b007 Don't autoload krb5Pac 2022-12-06 13:01:47 +00:00
Dean Welch 1e2ada3cce Add options validation depending on action in forge_ticket.rb 2022-12-06 12:55:42 +00:00
Dean Welch 405271a52f Add pac BinData Model 2022-12-05 14:03:21 +00:00
bcoles 431804ef15 Fix typos: Replace 'the the' with 'the' 2022-12-04 17:41:24 +11:00
Christophe De La Fuente c6f8bae1ab Fix from code review and updates the KrbUseCachedCredentials logic 2022-12-02 15:28:08 +01:00
Christophe De La Fuente cc61a26668 Add S4U2Self and S4U2Proxy support to impersonate a user 2022-12-01 20:42:13 +01:00
Christophe De La Fuente d3057f15b2 Land #17275, Add Exploit For CVE-2022-41082 (ProxyNotShell) 2022-11-30 18:16:19 +01:00
Ashley Donaldson 5fce80ed1d Added comments to most functions 2022-11-30 11:53:57 +11:00
Ashley Donaldson 97aef31180 Removed vestigial code while we're at it 2022-11-30 11:31:27 +11:00
Ashley Donaldson 1231eefe55 Fixed WQL module while I'm at it 2022-11-30 10:26:19 +11:00
adfoster-r7 750192afa4 Add pkinit error codes 2022-11-29 10:36:10 +00:00
Spencer McIntyre cd828a82c8 Fix the DH key construction for OpenSSL3 2022-11-28 14:54:10 -05:00
Spencer McIntyre abe0549db6 Land #17226, Module to request TGT/TGS tickets 
Module to request TGT/TGS Kerberos tickets from the KDC
 2022-11-28 11:59:17 -05:00
Spencer McIntyre f24df8a051 Change an exception class and drop DOMAIN passing 2022-11-28 10:06:14 -05:00
Spencer McIntyre 009c6c5350 Add the MaxBackendRetries datastore option 2022-11-28 09:45:04 -05:00
Spencer McIntyre 3805a79079 Add support for Exchange Data Access Group (DAG) 
This updates the HttpSsrf class to retry requests to the Powershell
backend when they fail because they were routed to a new server. Now
when the transport is initialized, it will store the backend used by the
first successful request.
 2022-11-23 15:37:58 -05:00
Spencer McIntyre 29d57dde66 Consolidate into ProxyMaybeShell 2022-11-18 17:01:01 -05:00
Christophe De La Fuente d1a7170020 Land #17021, Gitea Git fetch RCE module - CVE-2022-30781 2022-11-17 12:28:29 +01:00
adfoster-r7 8efc6c5304 Land #17103, Consolidate KdcOptionFlags and TicketFlags 2022-11-09 17:27:17 +00:00
Dean Welch 7c2134d941 Consolidate KdcOptionFlags and TicketFlags 2022-11-09 17:08:26 +00:00
adfoster-r7 65f6aaca82 Land #17077, Add support for AES keys for silver/golden ticket forging 2022-11-09 16:51:11 +00:00
Dean Welch 23ff829e52 Add support for AES keys for silver/golden ticket forging 2022-11-09 13:01:13 +00:00
krastanoel 645a1c25a3 Update method documentation and indentation 2022-11-09 16:27:31 +07:00
krastanoel 13bb31feeb Update module 
- move repository migration to execute_command.
NOTE: the stageless payload is still unsuccessfull but keep this anyway for christophe to review.
 2022-11-09 04:52:18 +07:00
Christophe De La Fuente 37fd441b0f Land #17117, Authenticate to Kerberos with PKINIT 2022-11-08 18:54:03 +01:00
krastanoel a50cca27e6 remove cookie_jar manipulation 2022-11-09 00:48:23 +07:00