992883b1a6
Remove KRB5CCNAME env on bootup
2023-01-26 12:09:55 +00:00
d5781ed021
Land #17532 , Fix bad DN discovery code and fix bug with querying schema data
2023-01-26 10:43:13 +00:00
2a73ac01e0
Land #17544 , Fix ticket cache client metadata
2023-01-25 21:58:36 +00:00
71aa4bdace
Update ldap_query with find_schema_dn function to find the schema DN which may not be the same as the base DN so we can query security attributes of entries
2023-01-25 15:19:29 -06:00
086e2f1b05
FIx ticket cache client metadata
2023-01-25 20:17:51 +00:00
21f33296b7
Consolidate PKINIT hash extraction code
2023-01-25 12:16:42 -05:00
4f574d141a
Land #17533 , Combine pkinit_login with get_ticket
2023-01-25 15:43:12 +00:00
c7ba117fed
Land #17534 , Update kerberos cipher negotiattion
...
Update kerberos to negotiate rc4 if aes256 is disabled
2023-01-25 10:19:40 -05:00
a5e2c5b3b7
Unify pkinit_login with get_ticket
2023-01-25 08:36:26 -05:00
785e2caa9f
Refactor #send_request_tgt_pkinit, clarify docs
2023-01-25 08:36:26 -05:00
c143124344
Add feature to set the status of ticket/ccache via klist
2023-01-25 13:28:43 +00:00
8d4b1ce3c1
Use the credential etype instead of the encrypted ticket etype
2023-01-25 13:20:50 +00:00
d18beb486d
Update kerberos to negotiate rc4 if aes256 is disabled
2023-01-25 00:27:00 +00:00
e81bed0378
Land #17526 , groups the show options command by their conditions
2023-01-24 13:21:17 +00:00
854fc1400e
Improve show options to include options with conditions
2023-01-24 10:43:14 +00:00
d356b34422
Land #17499 , Show extended error information for ICPR
...
Merge branch 'land-17499' into upstream-kerberos
2023-01-23 12:19:13 -06:00
9a6c298a43
Use shared helper for creating kerberos options
2023-01-23 11:04:01 +00:00
1975c92e92
Remove extra info from verbose mode of LDAP output
2023-01-20 16:51:34 -06:00
a37cec40fc
Show extended error information for ICPR
2023-01-20 16:29:18 -05:00
9be26eb0ff
improve SMTP delivery error handling
2023-01-20 11:26:25 -06:00
aaad9436f2
Fix winrm offered etypes
2023-01-20 10:59:25 +00:00
9bf7617409
Return if there is no certificate to process
2023-01-18 15:05:54 -05:00
ebfcfd4cb9
Land #17066 , Add module for Certifried
...
Add exploit module for Certifried exploit
2023-01-18 14:51:03 -05:00
d810267f8d
Pull in Dean's changes from #17443 to fix LDAP failure references.
2023-01-17 16:31:08 -06:00
202eb85066
Land #17470 , Update kerberos login to support diacritics
2023-01-16 12:22:44 +00:00
5ef1f9f4f4
Update kerberos login to support diacritics
2023-01-16 12:08:54 +00:00
7a2f6fef86
Land #17477 , Merge 6.2.36 master into kerberos feature branch
2023-01-16 11:53:21 +00:00
eddac9321c
Merge 6.2.36 master into kerberos feature branch
2023-01-13 17:31:02 +00:00
3d22fbcad9
Add exploit module for Certifried exploit
...
- Move all the logic from `modules/auxiliary/admin/dcerpc/icpr_cert.rb`
to `lib/msf/core/exploit/remote/ms_icpr.rb` library
- Move all the logic from `modules/auxiliary/admin/dcerpc/samr_computer.rb`
to `lib/msf/core/exploit/remote/ms_samr.rb` library
- Add `modules/auxiliary/admin/dcerpc/cve_2022_26923_certifried.rb` module
- Update the SMB client to disable SSL by default
- Add documentation
- Kerbero client: pass `options` as argument to `send_request_as`
- `calculate_shared_key` returns an EncryptionKey instead of the raw key
- Update `pkinit_login` module to make it compatible
- Add support to `additional_tickets` when requesting tickets
- Add support to PAC CredentialInfo structures
- Add impersonation to escalate privileges
- Add ACTIONS
- Use elevated TGS to delete the computer account
- Update and add specs
2023-01-13 15:30:50 +01:00
75153aded3
Fix missing method error when printing ticket contents from a kirbi file format
2023-01-13 10:19:07 +00:00
2f145769da
Actually, offered_etypes needs to be an array
2023-01-11 17:08:27 -05:00
a4a5162b92
Remove the etype option in favor of offered_etypes
2023-01-11 10:17:52 -05:00
138f3bb4b2
Make the encryption type configurable
2023-01-09 17:20:57 -05:00
b7f6fe584a
Add initial lib changes for configurable etypes
2023-01-09 16:43:42 -05:00
8f302c8697
Complete requested PR changes
...
Clone the cc_principle
2023-01-06 14:48:53 -06:00
d64c4b6e7e
Store the binary format of the ccache
...
update key to be correct
2023-01-06 14:48:53 -06:00
ccfc253eb8
Updates to get ccache in golden ticket
...
Fix incorrect reference
Use proper encoding
2023-01-06 14:48:52 -06:00
8078616f5f
Use the correct constant names for ldap failures
2023-01-06 14:11:26 +00:00
75372dcdd3
Land #17374 , Add klist command
2023-01-06 12:57:20 +00:00
e03fd42a29
Update to fix some warnings in YARD, fix review comments, and also replace @see with proper links for easier navigation
2023-01-05 17:44:24 -06:00
0af0f6ea0a
Merge pull request #17440 from zeroSteiner/fix/smb-aes-256-kerberos
...
Fix SMB key calculation for AES-256 when authenticating with Kerberos
2023-01-05 17:05:28 -06:00
785c5a8f4d
Fix key calculation for Server 2022
...
Metasploit will negotiate the strongest mutually supported encryption
with the target. When the target supports AES-256 as Server 2022 and
Windows 11 do, the key needs to be 32-bytes long and not 16 as it is
when AES-128 is in use. This updates the logic to check if the
encryption algorithm is set to ensure that the key is the correct size.
2023-01-05 15:08:49 -05:00
1ede6661d4
Land #17382 , Update pkinit tgt response to include key
2023-01-05 20:45:20 +01:00
e218210feb
Update ldap_connect documentation to set Object as the return type
2023-01-05 10:51:18 -06:00
c71ba23a10
Fix up incorrectly indented documentation, remove excess lines, and add in correct type return information from debugging sessions
2023-01-04 11:09:23 -06:00
868072e6c8
Land #17317 , Fix various WinRM modules
2023-01-03 19:57:07 +01:00
45c0af48c2
Suggested changes from code review
2023-01-03 11:26:07 +11:00
bfb80db9db
Add in missing YARD documentation for lib/msf/core/exploit/remote/ldap.rb
2022-12-30 16:07:08 -06:00
a8957bce49
Update tgt response to include key
2022-12-30 13:41:54 +00:00
6f9ebe4068
Add klist command
2022-12-16 13:02:39 +00:00
adfoster-r7