adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
73,452 Commits 27 Branches 1,043 Tags
3da170a43c7f288fe9bc88fe325da488733acac3
Commit Graph

5658 Commits

Author SHA1 Message Date
Spencer McIntyre 0f16376674 Validate architecture compatibility 2022-09-15 16:06:24 -04:00
root 69ee6b72d3 Update how arguments are completed and passed 2022-09-15 16:06:24 -04:00
root e8bfb7ed41 Cleaned up print statements, added banner 2022-09-15 16:06:16 -04:00
Kevin Clark 107a701247 wip: bofloader client extension 2022-09-15 16:05:55 -04:00
dwelch-r7 cdd9a33151 Land #16998, Fix iax2 module crash 2022-09-15 16:55:09 +01:00
adfoster-r7 9519f79524 Fix iax2 module crash 2022-09-09 01:40:04 +01:00
Spencer McIntyre 61a2bde27d Fix and test writing REG_EXPAND_SZ values 2022-09-08 12:18:28 -04:00
Spencer McIntyre eaf149ac21 Add a missing type to #type_to_s 2022-09-07 11:52:12 -04:00
Spencer McIntyre f1a7be6c49 Fix how REG_MULTI_SZ is handled 2022-09-06 16:53:30 -04:00
cgranleese-r7 22187537d9 Land #16861, Fix broken reverse ssh command shell 2022-09-06 11:09:48 +01:00
Jake Baines f3efc84a1f Use start_with instead of starts_with 2022-09-02 06:34:18 -07:00
dwelch-r7 5f85175f56 Add module for golden/silver ticket forging 2022-09-01 16:12:07 +01:00
Christophe De La Fuente 1b5338da06 Land #16701, Rewrite of Cisco ASA Clientless VPN Brute-force 2022-08-25 16:04:48 +02:00
bcoles d7c47ced9a Stdapi::AudioOutput.play_file: raise if file +path+ is not readable 2022-08-22 06:25:23 +10:00
Jake Baines 2242272ef4 Added CSRF token support. Fixed an issue with HTTP Keep-Alive 👀 2022-08-19 10:51:33 -07:00
Spencer McIntyre 596fae611f Fix an issue caused my a missing renew_till field 
When #renew_till is nil, the encoding will fail. This should be encoded
as 0 in this case.
 2022-08-18 11:35:39 -04:00
adfoster-r7 e93a75cd01 Fix broken reverse ssh command shell 2022-08-04 23:58:11 +01:00
adfoster-r7 f65119b353 Support OpenSSL3 and run Ubuntu 22.04 in test matrix 2022-08-03 15:49:53 +01:00
Spencer McIntyre 1ed064c1ea Log when a cached credential is used 2022-07-28 16:03:24 -04:00
Spencer McIntyre 95d8b7005e Allow reusing cached and explicit CCACHE files 2022-07-28 16:03:22 -04:00
Ashley Donaldson f16e2cfb35 Send TGT to WinRM to allow further access of network resources (kerberos double hop) 2022-07-27 16:19:09 +01:00
adfoster-r7 00b85e9bb4 Fix msfrpcd console read failures 2022-07-27 13:11:11 +01:00
bcoles 39f288bfe3 Rex::Proto::Http: Add evasion options to shuffle GET / POST parameters 2022-07-11 01:37:41 +10:00
Ashley Donaldson 39f90d95b1 Create sessions for winrm_login successes. 
Reuses the connection, so that authentication doesn't need to happen again
 2022-07-08 16:57:09 +10:00
Ashley Donaldson d3e7152954 Changes from code review 2022-07-08 11:47:54 +10:00
Ashley Donaldson f9f3be3644 Fix unit tests 2022-07-07 18:04:22 +10:00
Ashley Donaldson b2eb348d94 Added WinRM using Kerberos, including encryption 2022-07-07 13:17:09 +10:00
adfoster-r7 aea37f7137 Add initial SMB Kerberos authentication support 2022-07-06 16:15:33 +01:00
Shelby Pace 40b18b5e7a Update lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/memory.rb 
Co-authored-by: Spencer McIntyre <58950994+smcintyre-r7@users.noreply.github.com>
 2022-07-01 12:56:45 -05:00
space-r7 47f8d3acae rename tlvs, add improvements 2022-07-01 12:56:42 -05:00
Spencer McIntyre d31ffa27d3 Add and use a new kerberos CCache model definition 2022-07-01 11:57:30 -04:00
Spencer McIntyre 8c3d7ff42f Rename Thrift related definitions 
These definitions are only used by one exploit. BinData registers the
class name globally meaning that the Header and Data types were being
defined here which conflicted with those needed for Kerberos.
 2022-07-01 11:56:55 -04:00
space-r7 ecb09864d3 make sure generic permission is actually set 2022-06-30 13:27:51 -05:00
Ashley Donaldson 997f9b92d9 Changes from code review 2022-06-24 09:33:57 +10:00
Ashley Donaldson 2cce4ac1c1 Fix unit tests 2022-06-23 16:55:30 +10:00
Ashley Donaldson bcd30b9be8 Don't error if it's not 12, as this can occur on older systems 2022-06-23 11:52:55 +10:00
Ashley Donaldson 3e33e2694d Include information on whether account is disabled or locked. 
We can do this more precisely for Windows' implementation of Kerberos
by using the undocumented PA-PW-SALT entry.
 2022-06-23 10:46:25 +10:00
adfoster-r7 89187c1fa9 Land #16685, Add missing Kerberos encryption types 2022-06-22 13:13:30 +01:00
dwelch-r7 e672fad870 Land #16689, Update Kerberos to support host addresses in tickets 2022-06-22 12:52:17 +01:00
Ashley Donaldson a4a0fc3028 Changes from code review. 
Use kwargs instead of default values for rarer crypto args.
Revert case-sensitivity change; we'll leave krb5 on Linux til later.
More constants
 2022-06-22 16:03:36 +10:00
Ashley Donaldson 15446fd173 Incorporated new encryption methods into login scanner, including negotiating 2022-06-22 09:36:25 +10:00
Ashley Donaldson 19b62a5af6 Support several new encryption types for Kerberos. 
Supports DES-CBC-MD5, DES3-CBC-SHA1, AES128, AES256
 2022-06-22 09:13:33 +10:00
adfoster-r7 f8901a8b17 Add Kerberos LoginScanner support 2022-06-20 16:38:32 +01:00
adfoster-r7 3f56f9891d Update keberos to support host addresses in tickets 2022-06-18 04:16:36 +01:00
dwelch-r7 ac5a885f16 Land #16660, Fix Kerberos flags decoding logic 2022-06-17 17:38:09 +01:00
adfoster-r7 5dd650fc76 Support decoding pa_data as part of kdc enc response 2022-06-15 20:46:45 +01:00
Christophe De La Fuente f804a58970 Add getsystem technique 6 Named Pipe Impersonation (Efs variant - AKA EfsPotato) 2022-06-14 15:31:15 +02:00
adfoster-r7 affc5bc294 Fix Kerberos flags decoding logic 2022-06-09 12:22:20 +01:00
adfoster-r7 6e9765992c Fix smb named pipe pivot crash 2022-06-06 13:00:42 +01:00
Spencer McIntyre 0c481ed9c9 Patch LDAP for synchronous reads 2022-05-27 10:57:28 -04:00