adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
73,452 Commits 27 Branches 1,043 Tags
3da170a43c7f288fe9bc88fe325da488733acac3
Commit Graph

304 Commits

Author SHA1 Message Date
adfoster-r7 abcf4606a8 Land #17360, document the kerberos forge_ticket DEBUG_TICKET action 2022-12-14 13:37:34 +00:00
Dean Welch 4aaf540364 Add modules docs for TICKET_DEBUG 2022-12-12 13:39:09 +00:00
Christophe De La Fuente c6f8bae1ab Fix from code review and updates the KrbUseCachedCredentials logic 2022-12-02 15:28:08 +01:00
Christophe De La Fuente 69e08094cd Update documentation 2022-12-01 21:23:25 +01:00
Spencer McIntyre abe0549db6 Land #17226, Module to request TGT/TGS tickets 
Module to request TGT/TGS Kerberos tickets from the KDC
 2022-11-28 11:59:17 -05:00
Christophe De La Fuente 5280580c08 Fixes from code review 2022-11-18 11:02:32 +01:00
Spencer McIntyre b2f6f0c792 Update the module docs for ESC2 and ESC3 2022-11-17 12:12:35 -05:00
Spencer McIntyre f4a65a220a Support ON_BEHALF_OF in icpr_cert 
Add the code necessary to request certificates on behalf of other users.
This is necessary to exploit templates vulnerable to ESC2 and ESC3.
 2022-11-17 12:12:35 -05:00
adfoster-r7 65f6aaca82 Land #17077, Add support for AES keys for silver/golden ticket forging 2022-11-09 16:51:11 +00:00
Dean Welch 23ff829e52 Add support for AES keys for silver/golden ticket forging 2022-11-09 13:01:13 +00:00
Christophe De La Fuente 37fd441b0f Land #17117, Authenticate to Kerberos with PKINIT 2022-11-08 18:54:03 +01:00
Christophe De La Fuente 946eb1e546 Add documentation 2022-11-07 20:19:43 +01:00
adfoster-r7 1307f01b76 Align with keytab instead of key_tab 2022-11-02 13:04:51 +00:00
adfoster-r7 7774b7ddcf Merge remote-tracking branch 'upstream/master' into merge-6.2.25-master-into-kerberos-feature-branch 2022-10-31 23:15:11 +00:00
Spencer McIntyre a8f81fe14c Add RBCD module docs 2022-10-31 10:56:17 -04:00
Spencer McIntyre fa7d677d45 Consolidate and improve LDAP error handling 2022-10-31 10:56:17 -04:00
Ashley Donaldson 09e740d48d Changes from code review 2022-10-17 17:19:50 +11:00
Ashley Donaldson 80bb1867bc Added documentation for the module 2022-10-07 14:24:37 +11:00
adfoster-r7 5d345e6689 Merge branch 'upstream-master' into feature-kerberos-authentication 2022-09-29 16:42:58 +01:00
Grant Willcox 2958a43a6a Update to reflect fact that bug is an improper authentication logic bug and to randomize password for auth parameter since it is ignored 2022-09-23 12:19:29 -05:00
h00die-gr3y f2d357eda1 updated documentation with camera specifications 2022-09-23 09:38:37 -05:00
Grant Willcox edc37835e5 Add more nil checks in, update some of the check code to catch an edge case, update notes to account for indicators of compromise, and fix some extra issues noticed on second round of review 2022-09-23 09:38:35 -05:00
Grant Willcox 3ca34568c2 Clean up some of the documentation and module code and descriptions 2022-09-23 09:38:12 -05:00
h00die-gr3y 5ed7ff7f52 init commit module and documentation 2022-09-23 09:38:05 -05:00
cgranleese-r7 50685161ef Allow user_id to be configurable in ticket forging 2022-09-22 14:18:17 +01:00
Spencer McIntyre c5c4cc0ebb Fix a small doc typo left over from the rename 2022-09-15 08:58:16 -04:00
adfoster-r7 3891413f92 Update documentation 2022-09-14 17:20:57 +01:00
adfoster-r7 edef4022cd Add documentation for kerberos ticket forging 2022-09-02 16:36:40 +01:00
dwelch-r7 5f85175f56 Add module for golden/silver ticket forging 2022-09-01 16:12:07 +01:00
Spencer McIntyre 69cc144e04 Add module docs 2022-08-30 11:12:36 -04:00
adfoster-r7 f2ff7bb913 Add mssql kerberos authentication 2022-07-15 17:26:10 +01:00
Jack Heysel 662c8bbd87 Land #16742, add NetScaler decrypt aux module 
This aux module allows users to decrypt secrets
in Citrix NetScaler appliance configuration files
 2022-07-13 14:00:43 -04:00
Jack Heysel 8f3a0e3856 Land #16742, add NetScaler decrypt aux module 
This aux module allows users to decrypt secrets
in Citrix NetScaler appliance configuration files
 2022-07-13 12:11:02 -04:00
npm-cesium137-io 9a6013b153 citrix_netscaler_config_decrypt refinements 
Refactor error handling when composing KEK fragments to be more
streamlined.

Various tweaks and optimizations.

Updates to documentatation.
 2022-07-13 08:36:18 -04:00
npm-cesium137-io 3f52cc80a2 Update documentation/modules/auxiliary/admin/citrix/citrix_netscaler_config_decrypt.md 
Co-authored-by: Spencer McIntyre <58950994+smcintyre-r7@users.noreply.github.com>
 2022-07-13 07:57:06 -04:00
npm-cesium137-io 789397a445 citrix_netscaler_config_decrypt tweaks 
Minor code tweaks and updates to documentation
 2022-07-03 08:21:58 -04:00
Christophe De La Fuente 0d19e47b8d Land #16677, Add module for adding/deleting computers via MS-SAMR 2022-06-30 12:12:26 +02:00
Spencer McIntyre 41ba2d263b Address PR feedback 
Simplify the application_key usage, update docs and catch another
exception.
 2022-06-28 11:53:05 -04:00
npm-cesium137-io 37234985e6 citrix_netscaler_config_decrypt Aux Module 
Added an aux module that can perform offline decryption of NetScaler
config files. The module is able to decrypt secrets using well-known
static keys as well as the new Key Encryption Key (KEK) scheme.

This is the initial commit, and some functionality is lacking: there is
currently no loot storage of secrets, and the module cannot decrypt
-passcrypt entries from legacy configuration files.
 2022-06-15 11:03:28 -04:00
Spencer McIntyre 825604dda9 Add docs and a configurable password 2022-06-15 08:51:47 -04:00
bwatters f6bd8fd020 Land #16571, Vcenter offline mdb extract 
Merge branch 'land-16571' into upstream-master
 2022-06-13 10:32:07 -05:00
Spencer McIntyre 02e7a65b93 Just move the auxiliary module into an exploit 2022-05-16 17:44:31 -04:00
npm-cesium137-io 8b502d074f vcenter_offline_mdb_extract aux module 
Add new aux module vcenter_offline_mdb_extract for extracting IdP
credentials, certificates and keys from a vCenter backup file.

Added module documentation.
 2022-05-13 15:57:59 -04:00
npm-cesium137-io ecec8a5993 Clean up unrelated files. 2022-05-13 15:53:40 -04:00
npm-cesium137-io 3e07b8c99b Refactor MKI vcenter_forge_saml_token.rb 
Extensive refactoring to move away from directly manipulating datastore
options and use local variables instead.

The initial template generation method has been redesigned to use an
external file via Erubi::Engine which is much cleaner vs. jamming a
multiline string into the module.

Response HTML from vCenter is now parsed with Nokogiri HTML vs. pulling
it out with regex.

Registered options have been reworked, following suggestions and
feedback. The use of VHOST in particular eliminates the need to pass
RHOSTS to the template and makes the module behave more closely to "real"
vCenter (i.e., always uses FQDN for the destination).

Added advanced datastore options to control the token lifetime
NOT_BEFORE and NOT_AFTER skew, in seconds. This also uncovered a bug with
the way I was deriving Zulu time which skewed based on the local system
time zone offset from Zulu; this has been fixed.

Corrected a stupid typo in the validate_fqdn method (don't need to check
for capital letters if the test string is always downcase...)

validate_idp_options now uses File.binread and can process certs in keys
in DER or PEM instead of just PEM.

Code optimization, particularly around error handling; other minor
tweaks based on improved understanding of the Framework's capabilities.

Many style changes and modifications based on suggestions and feedback.

Documentation was updated to reflect reality.
 2022-04-23 19:42:24 -04:00
npm-cesium137-io 2e7ae40fcb Revise vcenter_secrets_dump 2022-04-21 09:51:51 -04:00
npm-cesium137-io 925df9dc87 Update markup document 2022-04-21 09:41:09 -04:00
npm-cesium137-io 30aaea9350 Add vcenter_forge_saml_token aux module 2022-04-21 09:25:35 -04:00
h00die 86cad29799 wp masterstudy review 2022-03-06 08:07:20 -05:00
h00die 2195edbb8d masterstudy privesc 2022-02-25 16:36:47 -05:00