adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
73,452 Commits 27 Branches 1,043 Tags
3da170a43c7f288fe9bc88fe325da488733acac3
Commit Graph

3133 Commits

Author SHA1 Message Date
Spencer McIntyre 60a76da374 Allow deleting tickets by ID 2022-12-15 18:31:18 -05:00
Spencer McIntyre 75fc560d19 Handle cases where the framework module is nil 2022-12-15 18:31:18 -05:00
Spencer McIntyre 830e850160 Add more docs 2022-12-15 18:31:18 -05:00
Spencer McIntyre 663dee982e Expose an abstract stored ticket object 2022-12-15 18:31:18 -05:00
Spencer McIntyre fea259f6e7 Switch everything to use the ticket storage 2022-12-15 18:31:14 -05:00
Spencer McIntyre b2a4bea761 Breakout the ticket storage backend drivers 2022-12-15 18:29:00 -05:00
Spencer McIntyre 686b946c5b Use a new TicketStorage class 
The goal is to provide an abstraction for how Kerberos tickets are
persisted to disk.
 2022-12-15 18:28:54 -05:00
Spencer McIntyre 5f52ebeea7 Consolidate the loot_info UID string 2022-12-15 18:26:32 -05:00
adfoster-r7 a9ccfe31b7 Merge branch 'upstream-master' into merge-msf-6.2.31-into-kerberos-feature-branch 2022-12-13 19:40:39 +00:00
Spencer McIntyre a80db73bab Land #17325, add impersonation for get_ticket 
Enable the `get_ticket` module to impersonate a user with S4U2self and S4U2proxy
 2022-12-12 09:10:37 -05:00
Heyder Andrade cf6d5d3a14 It made the gadgets being used more readable 2022-12-06 17:47:49 +01:00
Dean Welch d239e9b007 Don't autoload krb5Pac 2022-12-06 13:01:47 +00:00
Dean Welch 1e2ada3cce Add options validation depending on action in forge_ticket.rb 2022-12-06 12:55:42 +00:00
Dean Welch 405271a52f Add pac BinData Model 2022-12-05 14:03:21 +00:00
Heyder Andrade 8aca86b816 Apply suggestions from code review 2022-12-04 17:29:05 +01:00
Heyder Andrade 5c3ac339d0 Apply suggestions from code review 
Co-authored-by: adfoster-r7 <60357436+adfoster-r7@users.noreply.github.com>
 2022-12-04 12:13:50 +01:00
bcoles 431804ef15 Fix typos: Replace 'the the' with 'the' 2022-12-04 17:41:24 +11:00
Christophe De La Fuente c6f8bae1ab Fix from code review and updates the KrbUseCachedCredentials logic 2022-12-02 15:28:08 +01:00
Christophe De La Fuente cc61a26668 Add S4U2Self and S4U2Proxy support to impersonate a user 2022-12-01 20:42:13 +01:00
Christophe De La Fuente d3057f15b2 Land #17275, Add Exploit For CVE-2022-41082 (ProxyNotShell) 2022-11-30 18:16:19 +01:00
Ashley Donaldson 5fce80ed1d Added comments to most functions 2022-11-30 11:53:57 +11:00
Ashley Donaldson 97aef31180 Removed vestigial code while we're at it 2022-11-30 11:31:27 +11:00
Ashley Donaldson 1231eefe55 Fixed WQL module while I'm at it 2022-11-30 10:26:19 +11:00
Heyder Andrade 704cee436b Apply suggestions from code review 2022-11-29 15:25:14 +01:00
Heyder Andrade c1236500f1 Apply suggestions from code review 
Co-authored-by: Shelby Pace <40177151+space-r7@users.noreply.github.com>
 2022-11-29 14:12:39 +01:00
adfoster-r7 750192afa4 Add pkinit error codes 2022-11-29 10:36:10 +00:00
Spencer McIntyre cd828a82c8 Fix the DH key construction for OpenSSL3 2022-11-28 14:54:10 -05:00
Spencer McIntyre abe0549db6 Land #17226, Module to request TGT/TGS tickets 
Module to request TGT/TGS Kerberos tickets from the KDC
 2022-11-28 11:59:17 -05:00
Spencer McIntyre f24df8a051 Change an exception class and drop DOMAIN passing 2022-11-28 10:06:14 -05:00
Spencer McIntyre 009c6c5350 Add the MaxBackendRetries datastore option 2022-11-28 09:45:04 -05:00
Spencer McIntyre 3805a79079 Add support for Exchange Data Access Group (DAG) 
This updates the HttpSsrf class to retry requests to the Powershell
backend when they fail because they were routed to a new server. Now
when the transport is initialized, it will store the backend used by the
first successful request.
 2022-11-23 15:37:58 -05:00
Heyder Andrade a05cbdbc30 Impreve error handling 2022-11-20 12:09:05 +01:00
Heyder Andrade 34d191b06c Added Ruby serialized payload generator 2022-11-19 15:20:49 +01:00
Heyder Andrade f1b97de78d Added Gitlab mixin 2022-11-19 15:19:29 +01:00
Spencer McIntyre 29d57dde66 Consolidate into ProxyMaybeShell 2022-11-18 17:01:01 -05:00
Christophe De La Fuente d1a7170020 Land #17021, Gitea Git fetch RCE module - CVE-2022-30781 2022-11-17 12:28:29 +01:00
adfoster-r7 8efc6c5304 Land #17103, Consolidate KdcOptionFlags and TicketFlags 2022-11-09 17:27:17 +00:00
Dean Welch 7c2134d941 Consolidate KdcOptionFlags and TicketFlags 2022-11-09 17:08:26 +00:00
adfoster-r7 65f6aaca82 Land #17077, Add support for AES keys for silver/golden ticket forging 2022-11-09 16:51:11 +00:00
Dean Welch 23ff829e52 Add support for AES keys for silver/golden ticket forging 2022-11-09 13:01:13 +00:00
krastanoel 645a1c25a3 Update method documentation and indentation 2022-11-09 16:27:31 +07:00
krastanoel 13bb31feeb Update module 
- move repository migration to execute_command.
NOTE: the stageless payload is still unsuccessfull but keep this anyway for christophe to review.
 2022-11-09 04:52:18 +07:00
Christophe De La Fuente 37fd441b0f Land #17117, Authenticate to Kerberos with PKINIT 2022-11-08 18:54:03 +01:00
krastanoel a50cca27e6 remove cookie_jar manipulation 2022-11-09 00:48:23 +07:00
krastanoel 52d867bbc7 follow Ruby coding convetions 
- combine gitea_version into get_gitea_version for the check method
- validate empty username
 2022-11-09 00:41:30 +07:00
krastanoel c980f4f9ee add more custom error exception 2022-11-09 00:27:12 +07:00
Spencer McIntyre e70861fc87 Land #17239, Fix broken kerberos login module 2022-11-08 11:21:17 -05:00
adfoster-r7 30fe07801b Fix broken kerberos login module 2022-11-08 15:49:21 +00:00
krastanoel 540984804d Apply suggestions from code review 
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com>
 2022-11-08 14:09:31 +07:00
Spencer McIntyre c1d092b70d Minor tweaks 
Filter out enrollable certs by default and print the warning higher. Add
periods to all messages for consistency. Drop the message from
vprint_good to vprint_status when the query works.
 2022-11-07 10:37:12 -05:00