This PR makes the DomainControllerRhosts option optional,
even when auth is set to kerberos. This change requires
rapid7/rex-socket#64 which was released in the rex-socket 1.5.5 gem.
- Move all the logic from `modules/auxiliary/admin/dcerpc/icpr_cert.rb`
to `lib/msf/core/exploit/remote/ms_icpr.rb` library
- Move all the logic from `modules/auxiliary/admin/dcerpc/samr_computer.rb`
to `lib/msf/core/exploit/remote/ms_samr.rb` library
- Add `modules/auxiliary/admin/dcerpc/cve_2022_26923_certifried.rb` module
- Update the SMB client to disable SSL by default
- Add documentation
- Kerbero client: pass `options` as argument to `send_request_as`
- `calculate_shared_key` returns an EncryptionKey instead of the raw key
- Update `pkinit_login` module to make it compatible
- Add support to `additional_tickets` when requesting tickets
- Add support to PAC CredentialInfo structures
- Add impersonation to escalate privileges
- Add ACTIONS
- Use elevated TGS to delete the computer account
- Update and add specs
Metasploit will negotiate the strongest mutually supported encryption
with the target. When the target supports AES-256 as Server 2022 and
Windows 11 do, the key needs to be 32-bytes long and not 16 as it is
when AES-128 is in use. This updates the logic to check if the
encryption algorithm is set to ensure that the key is the correct size.
- Add kerberos authenticator to `scanner/smb/smb_login` and the
corresponding login scanner library
- Add new options: `UseCachedCredentials` and `StoreCredentialCache`
- Add `use_cached_credentials` attribute to
Kerberos::ServiceAuthenticator::Base. This enables/disables the use of
cached Kerberos credentials from the database.
- Add `store_credential_cache` attribute to
Kerberos::ServiceAuthenticator::Base. This enables/disables storing
Kerberos TGS MIT Credential Cache to the database.
Fix rubocop
Move identify to hashes module up one layer, use full reference to identify_hash instead of full include
Fix SMTP require
Remove hashes require statement
Remove hashes require statement
Remove hashes require statement
Remove hashes require statement
Address remaining requested changes, reference constants directly
Add all the missing direct references
Co-Authored-By: Jeffrey Martin <jeffrey_martin@rapid7.com>
Despite being called ntlm_session, these hashes are capable of being
cracked as the John 'netntlm' format. Additionally the format is
reported as NTLMv1-SSP in similar tools.
adfoster-r7