adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
69,312 Commits 27 Branches 1,043 Tags
1b20db8900a5534c7e204be6e2e765ea537d2a32
Commit Graph

33836 Commits

Author SHA1 Message Date
Spencer McIntyre 647cf1d402 Return Time from #extract_logon_time 2023-01-27 10:05:02 -05:00
Spencer McIntyre f4976a0f9f Fix the logon_time in the MS14-068 exploit 2023-01-26 16:16:55 -05:00
adfoster-r7 672fb9ce9f Land #17460, add support for feature kerberos authentication 2023-01-26 17:47:27 +00:00
adfoster-r7 2d30909a2f Change option name namespacing convention 2023-01-26 16:17:50 +00:00
Spencer McIntyre 2da5d8ea43 Catch exceptions in inspect_ticket 2023-01-26 09:21:55 -05:00
Grant Willcox 71aa4bdace Update ldap_query with find_schema_dn function to find the schema DN which may not be the same as the base DN so we can query security attributes of entries 2023-01-25 15:19:29 -06:00
adfoster-r7 3d003ff14c Land #17540, Handle KDC_ERR_CERTIFICATE_MISMATCH for certifried 2023-01-25 18:39:20 +00:00
Spencer McIntyre 427e354328 Land #17538, Fix smb login crash 
Fix smb login crash with kerberos options set
 2023-01-25 13:35:14 -05:00
Dean Welch 5b473e4ede Handle KDC_ERR_CERTIFICATE_MISMATCH for certifried 2023-01-25 18:22:54 +00:00
Spencer McIntyre 21f33296b7 Consolidate PKINIT hash extraction code 2023-01-25 12:16:42 -05:00
Spencer McIntyre 44d8304beb Report the PKCS12 error message 2023-01-25 10:02:37 -05:00
adfoster-r7 24a8582a7b Fix smb login crash with kerberos options set 2023-01-25 13:58:29 +00:00
Spencer McIntyre dbe9ee3a77 Update documentation 2023-01-25 08:39:52 -05:00
Spencer McIntyre a5e2c5b3b7 Unify pkinit_login with get_ticket 2023-01-25 08:36:26 -05:00
Spencer McIntyre 785e2caa9f Refactor #send_request_tgt_pkinit, clarify docs 2023-01-25 08:36:26 -05:00
adfoster-r7 9babcf3564 Add conditions to forge ticket 2023-01-24 13:28:10 +00:00
space-r7 153af9fb68 Land #17407, add Cacti unauth command injection 2023-01-23 13:06:46 -06:00
space-r7 58cd5bb003 specify command stager flavors 2023-01-23 11:53:19 -06:00
cgranleese-r7 af740aea85 Land #17515, Use shared helper for creating kerberos options 2023-01-23 13:37:00 +00:00
adfoster-r7 9a6c298a43 Use shared helper for creating kerberos options 2023-01-23 11:04:01 +00:00
Spencer McIntyre 2621775053 Add the Python command adapter for Windows 2023-01-20 15:10:39 -05:00
dwelch-r7 ebaf51108c Land #17490, Update impacket get user spns 2023-01-20 13:21:19 +00:00
Christophe De La Fuente 22f45c9a2e Land #17513, Update get ticket module to use aes_key and username convention 2023-01-20 12:44:23 +01:00
adfoster-r7 aaad9436f2 Fix winrm offered etypes 2023-01-20 10:59:25 +00:00
adfoster-r7 4c17b93ca8 Update get ticket module to use aes_key and username convention 2023-01-20 10:47:35 +00:00
Christophe De La Fuente 1e94adc3ab Land #17479, Wordpress paid membership pro unauthenticated sqli (CVE-2023-23488) 2023-01-19 15:36:00 +01:00
h00die 642e6ee1cb review 2023-01-18 16:21:11 -05:00
Spencer McIntyre ebfcfd4cb9 Land #17066, Add module for Certifried 
Add exploit module for Certifried exploit
 2023-01-18 14:51:03 -05:00
Christophe De La Fuente 64ddc6bb4c Land #17484, Add additional kerberos documentation 2023-01-18 19:40:28 +01:00
Christophe De La Fuente 2072111713 Fix from code review & some improvments 
- Improve option validation
- Always request an impersonated TGS for `cifs/...` SPN
- SPN option now is used to request an additional TGS for another SPN
- Add exception handling for Kerberos errors
- Only remove the computer account if it has been created
 2023-01-18 19:28:06 +01:00
adfoster-r7 c55fcb6ca6 Add additional kerberos documentation 2023-01-18 16:58:34 +00:00
adfoster-r7 a28666d3c5 Add additional datastore validation to forge ticket 2023-01-18 10:46:32 +00:00
Spencer McIntyre 365b71d60f Land #17471, Update get_ticket cache logic 
Update kerberos get_ticket cache logic
 2023-01-17 18:49:08 -05:00
bwatters 607dd9f081 Land #17348, New exploit for CVE-2022-46770 Mirage firewall DoS 
Merge branch 'land-17348' into upstream-master
 2023-01-17 16:52:38 -06:00
adfoster-r7 7f62fa33f3 Update impacket get user spns 2023-01-17 19:53:42 +00:00
Grant Willcox 7e23c34e6c Apply fixes per code review 2023-01-17 12:44:22 -06:00
h00die-gr3y 541dab9365 simplified messaging 2023-01-17 12:44:20 -06:00
h00die-gr3y 77687bff3f init module 2023-01-17 12:44:20 -06:00
Spencer McIntyre a10e313e26 Land #17343, unquoted service path tweaks 2023-01-17 08:59:37 -05:00
adfoster-r7 5ed2fe9ad2 Update kerberos get_ticket cache logic 2023-01-17 00:32:18 +00:00
Christophe De La Fuente 0c8e83c34e Land #17451, Crack netntlm* 2023-01-16 20:52:53 +01:00
cgranleese-r7 7a2f6fef86 Land #17477, Merge 6.2.36 master into kerberos feature branch 2023-01-16 11:53:21 +00:00
h00die 1888264d4d wordpress paid membership pro 2023-01-14 08:34:10 -05:00
Spencer McIntyre 3ddcf73c2b Remove the QUICK option altogether 
Use blocks to check whether each service is exploitable as they are
enumerated. With this change, it is the service and path enumeration
halts once an exploitable one is found that yields a session.

Also all files are registered for cleanup.
 2023-01-13 17:06:42 -05:00
h00die f98d1d838b unquoted service path tweaks to check 2023-01-13 17:06:42 -05:00
h00die 90a12cf3b0 unquoted service path tweaks 2023-01-13 17:06:42 -05:00
h00die a6ec7762ea unquoted service path tweaks 2023-01-13 17:06:42 -05:00
h00die c52eb09cbb unquoted service path tweaks 2023-01-13 17:06:42 -05:00
Dean Welch 1470396f95 Refactor key validation for inspect_ticket and add module tests 2023-01-13 17:42:32 +00:00
adfoster-r7 eddac9321c Merge 6.2.36 master into kerberos feature branch 2023-01-13 17:31:02 +00:00