adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
73,452 Commits 27 Branches 1,043 Tags
3da170a43c7f288fe9bc88fe325da488733acac3
Commit Graph

304 Commits

Author SHA1 Message Date
h00die 482d2b28b1 gitlab password reset account takeoever 2024-01-18 16:19:26 -05:00
Spencer McIntyre 708c795890 Land #18560, Forging diamond and sapphire tickets 2023-11-28 11:14:15 -05:00
Ashley Donaldson c293c273ba Attempt to decrypt pre-auth kerberos response 2023-11-27 13:09:59 +11:00
Ashley Donaldson 3ca13d9358 Changes from code review. 
Added in the stability/IOC notes, since diamond/sapphire do make requests.
 2023-11-27 10:30:54 +11:00
adfoster-r7 5c09c86349 Land #18448, corrected options confict between module and ldap mixin 2023-11-21 13:33:21 +00:00
Stephen Fewer 64c9968328 Update cisco_ios_xe_os_exec_cve_2023_20273.md, which was missing CISCO_ADMINUSERNAME and CISCO_ADMIN_PASSWORD in the show options command output 
Co-authored-by: Brendan <bwatters@rapid7.com>
 2023-11-08 09:16:12 +00:00
sfewer-r7 8364ae896b add the CLI command to sue to enable testing the WebUI 2023-11-06 17:11:39 +00:00
sfewer-r7 b28668790d allow user to explicitly specify a CLI mode. Valid modes are 'user', 'privileged', and 'global'. 2023-11-06 11:40:22 +00:00
sfewer-r7 10ee87c712 Add an optional CISCO_ADMIN_USERNAME and CISCO_ADMIN_PASSWORD options. If set these admin creds are used to leverage CVE-2023-20273. If not set, then CVE-2023-20198 is used to create a new temp admin account before leveraging CVE-2023-20273 2023-11-06 10:20:07 +00:00
Stephen Fewer be1229747f fix another typo on documentation 
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2023-11-06 09:47:38 +00:00
Stephen Fewer 22cb55b36b fix type on documentation 
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2023-11-06 09:47:23 +00:00
sfewer-r7 a55132b36f strip out "**CLI Line # " from the results and use print_line instead of print_status for cleaner output. 2023-11-03 17:09:08 +00:00
sfewer-r7 c8121ebd8e mention dropping to User EXEC mode via two exit keywords 2023-11-03 16:43:21 +00:00
sfewer-r7 17420289dc Add two auxiliary modules for the recent Cisco IOS XE exploit chain bugs (CVE-2023-20198 and CVE-2023-20273). This allows for unauthenticated remote CLI or OS command execution. 2023-11-03 15:38:35 +00:00
Spencer McIntyre 15aaa90379 Land #18447, CVE-2023-22515 Confluence Auth Bypass 
CVE-2023-22515 - Atlassian Confluence Data Center and Server Authentication Bypass
 2023-10-19 17:35:17 -04:00
Spencer McIntyre ee0e5b9eda Tidy the docs, fix the username 
The username can not contain capital letters, or the operation will
fail.
 2023-10-19 17:19:55 -04:00
emirpolatt 258ac6421b Fix fail_with response code compare and documentation fixes 2023-10-19 17:19:30 -04:00
Hynek Petrak 060dc84c18 corrected options confict between module and ldap mixin 2023-10-12 16:52:57 +02:00
emirpolatt 9ef1d1746a CVE-2023-22515 - Atlassian Confluence Data Center and Server Broken Access Control Leads to Authentication Bypass 2023-10-11 12:09:22 -07:00
h00die 557a15a115 spelling fixes on docs 2023-10-10 14:46:18 -04:00
dwelch-r7 1af22cfd22 Land #18096, Add initial proxies datastore support for kerberos workflows 2023-07-21 11:37:04 +01:00
adfoster-r7 08a2a293a9 Add proxies datastore support to kerberos 2023-07-21 11:19:50 +01:00
Spencer McIntyre ae4faca1ba Update module docs to discuss KB5014754 changes 2023-06-14 16:18:04 -04:00
Spencer McIntyre 0a3247f1a7 Add documentation 2023-05-22 10:29:03 -04:00
adfoster-r7 ab57c09dc2 Update get_ticket to support using forged golden tickets 2023-03-09 12:21:29 +00:00
adfoster-r7 0047ce5d3a Add rbcd exploitation documentation to docs site 2023-03-03 13:18:29 +00:00
adfoster-r7 6870efc34a Land #17426, Update all references to old Wiki to point to new docs site 2023-02-01 23:49:20 +00:00
adfoster-r7 c68ab9b77f Add Metasploit prompt color highlighting to docs 2023-01-28 22:43:33 +00:00
Grant Willcox 6043d0ffba Update all links from Wiki site to new docs site. 2023-01-27 09:58:53 -06:00
adfoster-r7 672fb9ce9f Land #17460, add support for feature kerberos authentication 2023-01-26 17:47:27 +00:00
adfoster-r7 2d30909a2f Change option name namespacing convention 2023-01-26 16:17:50 +00:00
dwelch-r7 4f574d141a Land #17533, Combine pkinit_login with get_ticket 2023-01-25 15:43:12 +00:00
Spencer McIntyre dbe9ee3a77 Update documentation 2023-01-25 08:39:52 -05:00
Spencer McIntyre a5e2c5b3b7 Unify pkinit_login with get_ticket 2023-01-25 08:36:26 -05:00
adfoster-r7 d18beb486d Update kerberos to negotiate rc4 if aes256 is disabled 2023-01-25 00:27:00 +00:00
adfoster-r7 4c17b93ca8 Update get ticket module to use aes_key and username convention 2023-01-20 10:47:35 +00:00
Grant Willcox 82fe7120d4 Update ADCS to be AD CS so we have appropriate spelling 2023-01-18 17:07:48 -06:00
Spencer McIntyre ebfcfd4cb9 Land #17066, Add module for Certifried 
Add exploit module for Certifried exploit
 2023-01-18 14:51:03 -05:00
Christophe De La Fuente 2072111713 Fix from code review & some improvments 
- Improve option validation
- Always request an impersonated TGS for `cifs/...` SPN
- SPN option now is used to request an additional TGS for another SPN
- Add exception handling for Kerberos errors
- Only remove the computer account if it has been created
 2023-01-18 19:28:06 +01:00
adfoster-r7 c55fcb6ca6 Add additional kerberos documentation 2023-01-18 16:58:34 +00:00
Christophe De La Fuente 3d22fbcad9 Add exploit module for Certifried exploit 
- Move all the logic from `modules/auxiliary/admin/dcerpc/icpr_cert.rb`
  to `lib/msf/core/exploit/remote/ms_icpr.rb` library
- Move all the logic from `modules/auxiliary/admin/dcerpc/samr_computer.rb`
  to `lib/msf/core/exploit/remote/ms_samr.rb` library
- Add `modules/auxiliary/admin/dcerpc/cve_2022_26923_certifried.rb` module
- Update the SMB client to disable SSL by default
- Add documentation
- Kerbero client: pass `options` as argument to `send_request_as`
- `calculate_shared_key` returns an EncryptionKey instead of the raw key
- Update `pkinit_login` module to make it compatible
- Add support to `additional_tickets` when requesting tickets
- Add support to PAC CredentialInfo structures
- Add impersonation to escalate privileges
- Add ACTIONS
- Use elevated TGS to delete the computer account
- Update and add specs
 2023-01-13 15:30:50 +01:00
adfoster-r7 6f7d7bcd1c Land #17394, Add ticket converter docs 2023-01-11 02:11:59 +00:00
Grant Willcox 9dce44f195 Merge pull request #17390 from dwelch-r7/move-debug-ticket-to-new_module 
Move debug ticket to new module
 2023-01-06 11:35:18 -06:00
Grant Willcox d69564f3df Minor update to merge output and example together. 2023-01-06 10:15:16 -06:00
Dean Welch 2de3477eb0 Add msfconsole examples 2023-01-05 17:02:23 +00:00
Dean Welch a18efb7882 Improve description and error messages 2023-01-05 14:24:08 +00:00
Dean Welch cb95d92201 Fix keytab docs typo 2023-01-04 15:39:59 +00:00
Dean Welch 4e1e85f8ad Add ticket converter docs 2022-12-16 13:53:05 +00:00
Dean Welch cf332a2b20 Move DEBUG_TICKET action from forge ticket to it's own module inspect_ticket 2022-12-15 13:42:30 +00:00
adfoster-r7 2783e92203 Update windows_secrets_dump and Keytab module to export kerberos keys 2022-12-14 13:40:39 +00:00