722241ed3e
Update lib/msf/core/post/linux/process.rb
...
Co-authored-by: Spencer McIntyre <58950994+smcintyre-r7@users.noreply.github.com >
2022-07-01 12:56:44 -05:00
6ffd9a8cfa
Update lib/msf/core/post/linux/process.rb
...
Co-authored-by: Spencer McIntyre <58950994+smcintyre-r7@users.noreply.github.com >
2022-07-01 12:56:44 -05:00
69342f5431
add docs and mixin
2022-07-01 12:56:43 -05:00
47f8d3acae
rename tlvs, add improvements
2022-07-01 12:56:42 -05:00
2f1949d021
Land #16731 , Use proper permissions when opening a process
2022-07-01 13:40:48 -04:00
d31ffa27d3
Add and use a new kerberos CCache model definition
2022-07-01 11:57:30 -04:00
8c3d7ff42f
Rename Thrift related definitions
...
These definitions are only used by one exploit. BinData registers the
class name globally meaning that the Header and Data types were being
defined here which conflicted with those needed for Kerberos.
2022-07-01 11:56:55 -04:00
b40dd95d4f
Land #16723 , Add FreeSwitch Login auxiliary module
2022-07-01 16:57:34 +02:00
5bc618e642
Remove initial code duplication between mssql clients
2022-07-01 14:26:04 +01:00
4861bbb337
add sanity check, move check method logic to lib, rescue failed socket creation
2022-07-01 05:13:14 -04:00
ecb09864d3
make sure generic permission is actually set
2022-06-30 13:27:51 -05:00
a172fa0da0
Bump version of framework to 6.2.6
2022-06-30 12:05:30 -05:00
e40e835fd8
Land #16706 , Kerberos login enhancements
2022-06-30 14:51:30 +01:00
4f64d098dc
Apply suggestions from code review
...
Use include instead of regex and rescue stream closed error
Co-authored-by: cdelafuente-r7 <56716719+cdelafuente-r7@users.noreply.github.com >
2022-06-30 14:04:39 +07:00
0e3fdd0799
Fix from code review
2022-06-29 19:18:47 +02:00
da63fbbad4
Add FreeSwitch Login auxiliary module
2022-06-28 20:13:24 +07:00
4f650e7c93
Rename parameter
2022-06-28 08:12:56 +10:00
66009ca5e5
Exploit::CmdStager: Expose CMDSTAGER::URIPATH option for HTTP stagers
2022-06-25 23:49:47 +10:00
997f9b92d9
Changes from code review
2022-06-24 09:33:57 +10:00
96046f9aec
Remove unnecessary freeze calls
...
Co-authored-by: adfoster-r7 <60357436+adfoster-r7@users.noreply.github.com >
2022-06-24 08:36:44 +10:00
911092007c
Bump version of framework to 6.2.5
2022-06-23 14:56:43 -05:00
fb3d349969
Land #16676 , Add 6th getsystem technique
2022-06-23 15:14:52 -04:00
ef1b37f6e5
add ensure block to delete temporary test file
2022-06-23 20:51:28 +05:30
75a76a52f4
check for NOEXEC flags before creating db socket file
2022-06-23 16:50:23 +05:30
2cce4ac1c1
Fix unit tests
2022-06-23 16:55:30 +10:00
bcd30b9be8
Don't error if it's not 12, as this can occur on older systems
2022-06-23 11:52:55 +10:00
2553bae018
Report correct password when clock is wrong or password has expired
2022-06-23 11:33:45 +10:00
3e33e2694d
Include information on whether account is disabled or locked.
...
We can do this more precisely for Windows' implementation of Kerberos
by using the undocumented PA-PW-SALT entry.
2022-06-23 10:46:25 +10:00
8d1d2d5aad
Fix bugs from #16685
2022-06-23 10:20:59 +10:00
89187c1fa9
Land #16685 , Add missing Kerberos encryption types
2022-06-22 13:13:30 +01:00
e672fad870
Land #16689 , Update Kerberos to support host addresses in tickets
2022-06-22 12:52:17 +01:00
a4a0fc3028
Changes from code review.
...
Use kwargs instead of default values for rarer crypto args.
Revert case-sensitivity change; we'll leave krb5 on Linux til later.
More constants
2022-06-22 16:03:36 +10:00
15446fd173
Incorporated new encryption methods into login scanner, including negotiating
2022-06-22 09:36:25 +10:00
19b62a5af6
Support several new encryption types for Kerberos.
...
Supports DES-CBC-MD5, DES3-CBC-SHA1, AES128, AES256
2022-06-22 09:13:33 +10:00
7983f878a8
Land #16597 , psh cmd adapter fix for encrypt shell
2022-06-21 09:47:05 -05:00
f8901a8b17
Add Kerberos LoginScanner support
2022-06-20 16:38:32 +01:00
3f56f9891d
Update keberos to support host addresses in tickets
2022-06-18 04:16:36 +01:00
b10386ba08
Land #16650 , Add #read_from_file for MSSQL and PostgreSQL, fix the MySQL implementation
2022-06-17 14:58:22 -05:00
ac5a885f16
Land #16660 , Fix Kerberos flags decoding logic
2022-06-17 17:38:09 +01:00
d47d1bc259
Remove newlines from base64 output on MySQL also
2022-06-17 00:51:52 +02:00
3f433b0c24
Bump version of framework to 6.2.4
2022-06-16 12:09:14 -05:00
be45688dbc
Land #16602 , Fix error when service is already running and update exception documentation in lib/msf/core/post/windows/services.rb
2022-06-16 10:59:35 -05:00
c94f22cebe
Add in fixes from discussion and also update documentation to correctly note what functions can raise
2022-06-15 19:28:31 -05:00
5dd650fc76
Support decoding pa_data as part of kdc enc response
2022-06-15 20:46:45 +01:00
d20fa45f7a
Add in guard clause to check that page isn't nil before trying to use it for processing pages
2022-06-15 11:35:30 -05:00
f804a58970
Add getsystem technique 6 Named Pipe Impersonation (Efs variant - AKA EfsPotato)
2022-06-14 15:31:15 +02:00
9373ab6bd3
HTTP Crawler: don't expect page object for msg
...
The `crawler_process_page` method in HttpCrawler assumes that the
`page` object passed into the method is not nil when formatting the
`msg` string for printing to console.
Address the assumption with a ternary check leaving the `|| "ERR"`
handling for `page.code` itself being nil inside the assignment
when page is not nil.
Testing:
`Error accessing page undefined method '[]' for nil:NilClass` is
no longer being thrown when scanning an odd HTTP service.
2022-06-10 21:44:29 -04:00
ba83b1bdf5
add manageengine adaudit plus and datasecurity plus xnode enum modles and manageengine_xnode lib
2022-06-10 10:32:25 -04:00
f2e1dca061
Bump version of framework to 6.2.3
2022-06-09 12:03:55 -05:00
affc5bc294
Fix Kerberos flags decoding logic
2022-06-09 12:22:20 +01:00
Shelby Pace