43f4705e60
Apply suggestions from code review
...
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com >
2024-01-09 12:37:59 -05:00
024bdaec6d
Add a proper rex-based service for the SMB server
2024-01-08 16:54:22 -05:00
b10e8d566b
Initial Rex SMB service to allow sharing
2024-01-05 17:18:08 -05:00
47a58bda3b
saltstack library rubocop and comments
2023-12-24 11:54:22 -05:00
357bdc8c10
ansible post library
2023-12-24 11:49:27 -05:00
b654275ec4
add saltstack lib
2023-12-23 13:52:52 -05:00
e3062d45e0
Module working docs updated
2023-12-20 16:41:52 -05:00
45d2c7f4e0
Land #18566 , CVE-2023-22518: Confluence Auth Bypass Restore From Backup RCE
2023-12-18 18:51:36 +01:00
5d5ccd25e1
Removed unnecssary files
2023-12-15 10:46:23 -05:00
ef178298b2
Update lib/msf/core/exploit/remote/http/atlassian/confluence/version.rb
...
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com >
2023-12-14 11:55:30 -05:00
5f396245f2
Land #18539 , Add Smb session type
2023-12-12 11:45:19 +00:00
603e5b2bff
Land #18569 , Add a module to perform ASREP-roasts
...
This adds a module to gather credential material from accounts
with Requires Pre-Authentication disabled. The module supports two
mechanisms, Brute Forcing using a list of usernames or using a LDAP
query to request the relevant usernames, followed by requesting TGTs.
2023-12-11 19:58:06 -05:00
862194d63f
Documentation and rubocop changes
2023-12-11 19:01:35 -05:00
16dd06bbac
Added payload plugin mixin
2023-12-11 18:24:13 -05:00
9f126a4d24
Land #18446 , Make DomainControllerRhost optional
...
This PR makes the DomainControllerRhosts option optional,
even when auth is set to kerberos. This change requires
rapid7/rex-socket#64 which was released in the rex-socket 1.5.5 gem.
2023-12-05 17:47:45 -05:00
f000c39b4a
Update to mark DomainControllerRhost as optional
2023-12-05 16:23:35 -05:00
cd8cc75cf3
Add smb session type
2023-12-04 17:55:11 +00:00
e6321e46c4
Land #18565 , Add kerberos cache TGT lookup logic
...
This PR adds an enhancement to adjust the cache lookup logic.
If no TGT for the specific host is found, it will try again but
with any host.
2023-11-28 12:00:48 -05:00
708c795890
Land #18560 , Forging diamond and sapphire tickets
2023-11-28 11:14:15 -05:00
2ea1f43f12
Unit test for new kerberos client pre-auth behaviour
2023-11-27 17:10:19 +11:00
c293c273ba
Attempt to decrypt pre-auth kerberos response
2023-11-27 13:09:59 +11:00
3ca13d9358
Changes from code review.
...
Added in the stability/IOC notes, since diamond/sapphire do make requests.
2023-11-27 10:30:54 +11:00
2ead152173
Add specific module to perform ASREP-roasting
2023-11-24 07:43:49 +11:00
397b9971a3
Clean up started
2023-11-22 21:06:55 -05:00
8d4ae4bc78
Check the cache for a TGT without a host
...
This fixes allows forged golden tickets to be reused from the cache
2023-11-21 14:19:47 -05:00
1b4099f5a3
Copy across some more properties from the PAC
2023-11-21 13:51:05 +11:00
45a5c62308
Fix diamond tickets
2023-11-20 10:11:38 +11:00
5e9ff17e59
Handle NTHASH tickets, including warning users that it's a terrible idea
2023-11-17 19:24:25 +11:00
fb9bd2cae1
Use empty string for missing values rather than nil
2023-11-17 15:09:30 +11:00
9d873cb7ac
Fix bug in writing UpnDnsInfo structure, and include in sapphire PAC
2023-11-17 13:49:55 +11:00
24490cbe1e
Replicate Logon domain name and extra sids from sapphire ticket
2023-11-17 13:16:40 +11:00
4e6a29d0fb
Implement sapphire tickets
2023-11-15 22:31:11 +11:00
bdb13601ae
Implement diamond tickets
2023-11-15 16:13:01 +11:00
fc988c2033
Fix db2 scanner module crashes
2023-11-13 21:41:28 +00:00
77a93e452f
Land #18507 , Exploit & Auxiliary modules for CVE-2023-20198 and CVE-2023-20273 (Cisco IOS XE)
...
Merge branch 'land-18507' into upstream-master
2023-11-08 09:05:40 -06:00
c243125612
Land #18379 , Improve ccache hostname matching
...
The service authenticator was filtering out valid credentials
when the hostname wasnt an exact match when credentials for
a domain should work on a subdomaini. This PR fixes that issue.
2023-11-07 22:08:15 -05:00
7024d4ecac
remove redundant unless expression
2023-11-07 09:06:58 +00:00
4dec6640c0
fix typo in cisco_ios_xe.rb
...
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com >
2023-11-07 09:02:12 +00:00
b28668790d
allow user to explicitly specify a CLI mode. Valid modes are 'user', 'privileged', and 'global'.
2023-11-06 11:40:22 +00:00
a55132b36f
strip out "**CLI Line # " from the results and use print_line instead of print_status for cleaner output.
2023-11-03 17:09:08 +00:00
17420289dc
Add two auxiliary modules for the recent Cisco IOS XE exploit chain bugs (CVE-2023-20198 and CVE-2023-20273). This allows for unauthenticated remote CLI or OS command execution.
2023-11-03 15:38:35 +00:00
6e9facbefb
Merge pull request #18419 from smashery/dcsync_kerberos
...
DCSync using Kerberos Pass-the-Ticket
2023-10-30 09:41:22 -04:00
2a699b89fa
Changes from code review
2023-10-30 12:51:55 +11:00
93645c23ac
Land #18403 , Fix FileDropper to properly clone string variables before storing them
2023-10-25 20:55:06 +01:00
235009d0de
Use the new AlterContext definition
2023-10-25 15:02:20 -04:00
b0b4da543d
Land #18400 , Kerberos ticket_search fix passing in a workspace
2023-10-23 16:17:24 +02:00
77a8b0efa2
Land #18421 , Save Kerberos tickets in the MSF cache upon a successful login
2023-10-23 15:25:09 +02:00
0b7a1bfcf7
Use #dup instead of #clone #2
2023-10-17 12:39:23 +02:00
5f438f729d
Use #dup instead of #clone
2023-10-17 12:19:03 +02:00
80d2fa738d
Land #18296 , update more mysql modules to support newer authentication methods
2023-10-12 17:19:02 +01:00
jheysel-r7