1ed064c1ea
Log when a cached credential is used
2022-07-28 16:03:24 -04:00
942259d44b
Add logging for why credentials are filtered
2022-07-28 16:03:24 -04:00
95d8b7005e
Allow reusing cached and explicit CCACHE files
2022-07-28 16:03:22 -04:00
f279e8d6ca
Split the CVE-2022-30333 unrar module into two different modules with a shared mixin to generate the file
2022-07-27 12:45:47 -07:00
f16e2cfb35
Send TGT to WinRM to allow further access of network resources (kerberos double hop)
2022-07-27 16:19:09 +01:00
f9a951d034
Land #16737 , Remove initial code duplication between mssql clients
2022-07-20 19:44:25 +02:00
1dcfc3406a
Add Rex::Exploitation::CmdStagerFtpHttp to Msf::Exploit::CmdStager
2022-07-16 18:10:28 +10:00
1e903807bb
Land #16730 , Add mssql Kerberos auth support
2022-07-15 15:00:14 -04:00
37f7c15b1e
Update mssql login module to support kerberos authentication
2022-07-15 17:33:54 +01:00
f2ff7bb913
Add mssql kerberos authentication
2022-07-15 17:26:10 +01:00
9579e355c1
Land #16749 , Add winrm kerberos authentication support
2022-07-15 16:24:36 +01:00
39f288bfe3
Rex::Proto::Http: Add evasion options to shuffle GET / POST parameters
2022-07-11 01:37:41 +10:00
d3e7152954
Changes from code review
2022-07-08 11:47:54 +10:00
ade10650a8
Set the NTLM flags for LDAP authentication
...
The sign and seal flags need to be removed for LDAP. Because sign and
seal are not set, key56 and key128 can also be removed.
The rest of the flags are taken from
https://github.com/rapid7/ruby_smb/blob/cc5228730f9bc39215322ab6e07fd8da33602bb9/lib/ruby_smb/ntlm.rb#L31
2022-07-07 13:20:34 -04:00
f9f3be3644
Fix unit tests
2022-07-07 18:04:22 +10:00
b2eb348d94
Added WinRM using Kerberos, including encryption
2022-07-07 13:17:09 +10:00
b8ca08d3ce
Support NTLM and kerberos auth in LDAP
2022-07-06 17:12:27 -04:00
4abef7d373
Remove an unused option and require SmbRhostname
2022-07-06 15:16:50 -04:00
e53bccae85
Set the session key for older SMB dialects too
2022-07-06 15:16:40 -04:00
aea37f7137
Add initial SMB Kerberos authentication support
2022-07-06 16:15:33 +01:00
d31ffa27d3
Add and use a new kerberos CCache model definition
2022-07-01 11:57:30 -04:00
5bc618e642
Remove initial code duplication between mssql clients
2022-07-01 14:26:04 +01:00
e40e835fd8
Land #16706 , Kerberos login enhancements
2022-06-30 14:51:30 +01:00
66009ca5e5
Exploit::CmdStager: Expose CMDSTAGER::URIPATH option for HTTP stagers
2022-06-25 23:49:47 +10:00
997f9b92d9
Changes from code review
2022-06-24 09:33:57 +10:00
96046f9aec
Remove unnecessary freeze calls
...
Co-authored-by: adfoster-r7 <60357436+adfoster-r7@users.noreply.github.com >
2022-06-24 08:36:44 +10:00
2553bae018
Report correct password when clock is wrong or password has expired
2022-06-23 11:33:45 +10:00
3e33e2694d
Include information on whether account is disabled or locked.
...
We can do this more precisely for Windows' implementation of Kerberos
by using the undocumented PA-PW-SALT entry.
2022-06-23 10:46:25 +10:00
8d1d2d5aad
Fix bugs from #16685
2022-06-23 10:20:59 +10:00
a4a0fc3028
Changes from code review.
...
Use kwargs instead of default values for rarer crypto args.
Revert case-sensitivity change; we'll leave krb5 on Linux til later.
More constants
2022-06-22 16:03:36 +10:00
15446fd173
Incorporated new encryption methods into login scanner, including negotiating
2022-06-22 09:36:25 +10:00
19b62a5af6
Support several new encryption types for Kerberos.
...
Supports DES-CBC-MD5, DES3-CBC-SHA1, AES128, AES256
2022-06-22 09:13:33 +10:00
f8901a8b17
Add Kerberos LoginScanner support
2022-06-20 16:38:32 +01:00
b10386ba08
Land #16650 , Add #read_from_file for MSSQL and PostgreSQL, fix the MySQL implementation
2022-06-17 14:58:22 -05:00
d47d1bc259
Remove newlines from base64 output on MySQL also
2022-06-17 00:51:52 +02:00
affc5bc294
Fix Kerberos flags decoding logic
2022-06-09 12:22:20 +01:00
63822f6e37
Land #16651 , [SQLi library] Ensure the encoder is always used in the #test_vulnerable methods
2022-06-08 17:15:22 -05:00
88036a7f1f
Check for nil before using the decoder in test_vulnerable
2022-06-08 22:00:03 +02:00
67ea2bc23c
Land #16630 Fix duplicate ntlm hash storage
...
Net-NTLM (v1 and v2) hashes were being duplicated when
stored in the database due to the unique data in the challenge
dispite being the same. This fixes that issue
2022-06-08 14:07:34 -04:00
1a7cbe5b4f
Update lib/msf/core/exploit/remote/smb/server/hash_capture.rb
2022-06-08 13:45:57 -04:00
a983bbd8ba
Land #16615 , Solicited multicast-address creation bugfix
2022-06-07 14:41:52 -05:00
2b99967d0c
Merge branch 'master' into fix/duplicate-netntlm
2022-06-07 11:42:51 -04:00
5331c343a0
Use the encoder in all the #test_vulnerable methods from the common class
2022-06-06 23:13:26 +02:00
6d9c789f4d
Add method #read_from_file for MSSQL and PostgreSQL, and update the MySQL #read_from_file method
2022-06-06 23:07:25 +02:00
8ccc1ebf91
Land PR #16628 , Log ntlm_session hashes
...
This PR fixes the logging and storing of
NTLM session hashes
2022-06-02 11:20:37 -04:00
6d3ccab1be
Land #16435 , add Microsoft SQL Server sqli support
2022-06-01 10:27:48 -05:00
a47b3fe694
Don't report duplicate Net-NTLM hashes
2022-05-27 14:13:06 -04:00
1e5f86703f
Report the correct JtR type
2022-05-27 10:16:02 -04:00
862c6a94a2
Log ntlm_session hashes too
...
Despite being called ntlm_session, these hashes are capable of being
cracked as the John 'netntlm' format. Additionally the format is
reported as NTLMv1-SSP in similar tools.
2022-05-27 10:07:39 -04:00
c33f284786
change from lambda to line by line logic
2022-05-24 16:24:15 +03:00
Spencer McIntyre