603e5b2bff
Land #18569 , Add a module to perform ASREP-roasts
...
This adds a module to gather credential material from accounts
with Requires Pre-Authentication disabled. The module supports two
mechanisms, Brute Forcing using a list of usernames or using a LDAP
query to request the relevant usernames, followed by requesting TGTs.
2023-12-11 19:58:06 -05:00
9f126a4d24
Land #18446 , Make DomainControllerRhost optional
...
This PR makes the DomainControllerRhosts option optional,
even when auth is set to kerberos. This change requires
rapid7/rex-socket#64 which was released in the rex-socket 1.5.5 gem.
2023-12-05 17:47:45 -05:00
f000c39b4a
Update to mark DomainControllerRhost as optional
2023-12-05 16:23:35 -05:00
e6321e46c4
Land #18565 , Add kerberos cache TGT lookup logic
...
This PR adds an enhancement to adjust the cache lookup logic.
If no TGT for the specific host is found, it will try again but
with any host.
2023-11-28 12:00:48 -05:00
2ea1f43f12
Unit test for new kerberos client pre-auth behaviour
2023-11-27 17:10:19 +11:00
c293c273ba
Attempt to decrypt pre-auth kerberos response
2023-11-27 13:09:59 +11:00
3ca13d9358
Changes from code review.
...
Added in the stability/IOC notes, since diamond/sapphire do make requests.
2023-11-27 10:30:54 +11:00
2ead152173
Add specific module to perform ASREP-roasting
2023-11-24 07:43:49 +11:00
8d4ae4bc78
Check the cache for a TGT without a host
...
This fixes allows forged golden tickets to be reused from the cache
2023-11-21 14:19:47 -05:00
1b4099f5a3
Copy across some more properties from the PAC
2023-11-21 13:51:05 +11:00
45a5c62308
Fix diamond tickets
2023-11-20 10:11:38 +11:00
5e9ff17e59
Handle NTHASH tickets, including warning users that it's a terrible idea
2023-11-17 19:24:25 +11:00
fb9bd2cae1
Use empty string for missing values rather than nil
2023-11-17 15:09:30 +11:00
9d873cb7ac
Fix bug in writing UpnDnsInfo structure, and include in sapphire PAC
2023-11-17 13:49:55 +11:00
24490cbe1e
Replicate Logon domain name and extra sids from sapphire ticket
2023-11-17 13:16:40 +11:00
4e6a29d0fb
Implement sapphire tickets
2023-11-15 22:31:11 +11:00
bdb13601ae
Implement diamond tickets
2023-11-15 16:13:01 +11:00
c243125612
Land #18379 , Improve ccache hostname matching
...
The service authenticator was filtering out valid credentials
when the hostname wasnt an exact match when credentials for
a domain should work on a subdomaini. This PR fixes that issue.
2023-11-07 22:08:15 -05:00
6e9facbefb
Merge pull request #18419 from smashery/dcsync_kerberos
...
DCSync using Kerberos Pass-the-Ticket
2023-10-30 09:41:22 -04:00
2a699b89fa
Changes from code review
2023-10-30 12:51:55 +11:00
b0b4da543d
Land #18400 , Kerberos ticket_search fix passing in a workspace
2023-10-23 16:17:24 +02:00
1071341b23
Changes from code review
2023-10-09 10:31:36 +11:00
4d87d4e114
Save Kerberos tickets in the MSF cache upon a successful login
2023-10-03 13:45:41 +11:00
185cba04c3
Support validating partial handshakes
2023-10-03 10:19:26 +11:00
1bd229056e
Support Kerberos auth for DCERPC
2023-09-28 16:26:06 +10:00
c1abf37d0c
Use passed in workspace if available, default to current workspace
2023-09-25 13:30:18 +01:00
6a04f5ed3d
Be less strict on hostname matching for ccache credentials
2023-09-18 14:54:20 +01:00
5c93b3880a
Don't add extra PACs for silver tickets
2023-09-13 15:41:09 +10:00
6b8fe05865
Add new PAC types required by DCs for accepting TGTs as valid
2023-09-12 17:19:10 +10:00
f287f50be7
Land #18187 , Fixes incorrect usage of pack/unpack directives
2023-07-21 11:40:02 +01:00
1af22cfd22
Land #18096 , Add initial proxies datastore support for kerberos workflows
2023-07-21 11:37:04 +01:00
08a2a293a9
Add proxies datastore support to kerberos
2023-07-21 11:19:50 +01:00
8e0a909b18
Fixes incorrect usage of pack/unpack directives
2023-07-19 11:39:00 +01:00
2acc014014
Fix AS-REQ with PKINIT and NTDS_CA_SECURITY_EXT
2023-06-08 15:10:35 -04:00
ab08cd2d1c
Land #17753 , Update get_ticket to support using forged golden tickets
2023-03-30 14:15:48 +01:00
e1ecdac2a5
Land #17724 , Add ticket checksum to kerberos ticket creation
2023-03-29 09:01:39 +01:00
ab57c09dc2
Update get_ticket to support using forged golden tickets
2023-03-09 12:21:29 +00:00
d318a9e0d0
Add advanced option to include Ticket Checksum during forging
2023-03-06 13:21:23 +00:00
48a5f33f35
Add option to include a ticket checksum while forging a ticket
2023-03-06 13:19:59 +00:00
08f07eccb6
Fix initial incorrect parameters in YARD documentation
2023-03-05 20:15:14 -06:00
252012f48d
Land #17675 , Add support for forging inter-realm Kerberos tickets
2023-03-03 14:17:48 +00:00
efd79eb638
Add support for forging inter-realm Kerberos tickets
2023-03-03 13:20:39 +00:00
fc5d938d8c
Add support for full pac and partial ticket checksum support
2023-02-21 13:03:59 +00:00
84f798da32
Allow loading TGS tickets for other service names
...
Fixes #17571
2023-01-31 17:03:25 -05:00
5076518fe4
Land #17559 , add support for Ruby 3.2
2023-01-31 13:45:51 +00:00
fb196cb378
Testing Ruby 3.2 against CI
2023-01-31 13:19:06 +00:00
647cf1d402
Return Time from #extract_logon_time
2023-01-27 10:05:02 -05:00
4254276c26
Land #17531 , Change kerberos option name namespacing convention to ::
2023-01-26 16:29:11 +00:00
1b34e5923f
Land #17551 , Fix issue on nil kerberos username
...
Fix force encoding issue on nil kerberos username
2023-01-26 11:23:05 -05:00
2d30909a2f
Change option name namespacing convention
2023-01-26 16:17:50 +00:00
Jack Heysel