adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
73,452 Commits 27 Branches 1,043 Tags
3da170a43c7f288fe9bc88fe325da488733acac3
Commit Graph

114 Commits

Author SHA1 Message Date
adfoster-r7 02c892c3fc Add hierarchical search table support 2023-11-30 16:32:29 +00:00
Ashley Donaldson 10e0206b6e Diamond tickets require AES256 2023-11-28 09:38:06 +11:00
Ashley Donaldson c293c273ba Attempt to decrypt pre-auth kerberos response 2023-11-27 13:09:59 +11:00
Ashley Donaldson 3ca13d9358 Changes from code review. 
Added in the stability/IOC notes, since diamond/sapphire do make requests.
 2023-11-27 10:30:54 +11:00
Ashley Donaldson 45a5c62308 Fix diamond tickets 2023-11-20 10:11:38 +11:00
Ashley Donaldson 5e9ff17e59 Handle NTHASH tickets, including warning users that it's a terrible idea 2023-11-17 19:24:25 +11:00
Ashley Donaldson 4e6a29d0fb Implement sapphire tickets 2023-11-15 22:31:11 +11:00
Ashley Donaldson bdb13601ae Implement diamond tickets 2023-11-15 16:13:01 +11:00
Ashley Donaldson 5c93b3880a Don't add extra PACs for silver tickets 2023-09-13 15:41:09 +10:00
Spencer McIntyre 7d9abc87b1 Fix a stack trace in forge_ticket when SPN is blank 2023-08-14 10:42:32 -04:00
adfoster-r7 7fe6b8f481 Update the exported keytab table entries to sort by db insert id 2023-06-13 09:14:06 +01:00
dwelch-r7 ab08cd2d1c Land #17753, Update get_ticket to support using forged golden tickets 2023-03-30 14:15:48 +01:00
adfoster-r7 e1ecdac2a5 Land #17724, Add ticket checksum to kerberos ticket creation 2023-03-29 09:01:39 +01:00
adfoster-r7 ab57c09dc2 Update get_ticket to support using forged golden tickets 2023-03-09 12:21:29 +00:00
adfoster-r7 3bc4639235 Add nthashes to keytab export 2023-03-08 18:03:44 +00:00
Dean Welch d318a9e0d0 Add advanced option to include Ticket Checksum during forging 2023-03-06 13:21:23 +00:00
adfoster-r7 efd79eb638 Add support for forging inter-realm Kerberos tickets 2023-03-03 13:20:39 +00:00
Spencer McIntyre 647cf1d402 Return Time from #extract_logon_time 2023-01-27 10:05:02 -05:00
Spencer McIntyre f4976a0f9f Fix the logon_time in the MS14-068 exploit 2023-01-26 16:16:55 -05:00
Spencer McIntyre 2da5d8ea43 Catch exceptions in inspect_ticket 2023-01-26 09:21:55 -05:00
Spencer McIntyre 21f33296b7 Consolidate PKINIT hash extraction code 2023-01-25 12:16:42 -05:00
Spencer McIntyre 44d8304beb Report the PKCS12 error message 2023-01-25 10:02:37 -05:00
Spencer McIntyre dbe9ee3a77 Update documentation 2023-01-25 08:39:52 -05:00
Spencer McIntyre a5e2c5b3b7 Unify pkinit_login with get_ticket 2023-01-25 08:36:26 -05:00
adfoster-r7 9babcf3564 Add conditions to forge ticket 2023-01-24 13:28:10 +00:00
adfoster-r7 4c17b93ca8 Update get ticket module to use aes_key and username convention 2023-01-20 10:47:35 +00:00
adfoster-r7 a28666d3c5 Add additional datastore validation to forge ticket 2023-01-18 10:46:32 +00:00
Spencer McIntyre 365b71d60f Land #17471, Update get_ticket cache logic 
Update kerberos get_ticket cache logic
 2023-01-17 18:49:08 -05:00
adfoster-r7 5ed2fe9ad2 Update kerberos get_ticket cache logic 2023-01-17 00:32:18 +00:00
Dean Welch 1470396f95 Refactor key validation for inspect_ticket and add module tests 2023-01-13 17:42:32 +00:00
Spencer McIntyre 2f145769da Actually, offered_etypes needs to be an array 2023-01-11 17:08:27 -05:00
Spencer McIntyre a4a5162b92 Remove the etype option in favor of offered_etypes 2023-01-11 10:17:52 -05:00
Grant Willcox 9dce44f195 Merge pull request #17390 from dwelch-r7/move-debug-ticket-to-new_module 
Move debug ticket to new module
 2023-01-06 11:35:18 -06:00
Dean Welch a18efb7882 Improve description and error messages 2023-01-05 14:24:08 +00:00
adfoster-r7 a8957bce49 Update tgt response to include key 2022-12-30 13:41:54 +00:00
Spencer McIntyre b2edf1108a Fix a NameError in pkinit_login 2022-12-16 14:54:46 -05:00
Spencer McIntyre fea259f6e7 Switch everything to use the ticket storage 2022-12-15 18:31:14 -05:00
Spencer McIntyre b2a4bea761 Breakout the ticket storage backend drivers 2022-12-15 18:29:00 -05:00
Spencer McIntyre 686b946c5b Use a new TicketStorage class 
The goal is to provide an abstraction for how Kerberos tickets are
persisted to disk.
 2022-12-15 18:28:54 -05:00
Spencer McIntyre 5f52ebeea7 Consolidate the loot_info UID string 2022-12-15 18:26:32 -05:00
Dean Welch cf332a2b20 Move DEBUG_TICKET action from forge ticket to it's own module inspect_ticket 2022-12-15 13:42:30 +00:00
adfoster-r7 2783e92203 Update windows_secrets_dump and Keytab module to export kerberos keys 2022-12-14 13:40:39 +00:00
Spencer McIntyre a80db73bab Land #17325, add impersonation for get_ticket 
Enable the `get_ticket` module to impersonate a user with S4U2self and S4U2proxy
 2022-12-12 09:10:37 -05:00
Dean Welch 1e2ada3cce Add options validation depending on action in forge_ticket.rb 2022-12-06 12:55:42 +00:00
Dean Welch 405271a52f Add pac BinData Model 2022-12-05 14:03:21 +00:00
Christophe De La Fuente c6f8bae1ab Fix from code review and updates the KrbUseCachedCredentials logic 2022-12-02 15:28:08 +01:00
Christophe De La Fuente cc61a26668 Add S4U2Self and S4U2Proxy support to impersonate a user 2022-12-01 20:42:13 +01:00
adfoster-r7 34d1b5b37e Fix crash in kerberos get ticket module 2022-11-29 10:17:21 +00:00
Spencer McIntyre abe0549db6 Land #17226, Module to request TGT/TGS tickets 
Module to request TGT/TGS Kerberos tickets from the KDC
 2022-11-28 11:59:17 -05:00
Christophe De La Fuente 5280580c08 Fixes from code review 2022-11-18 11:02:32 +01:00