adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
73,452 Commits 27 Branches 1,043 Tags
3da170a43c7f288fe9bc88fe325da488733acac3
Commit Graph

1900 Commits

Author SHA1 Message Date
Spencer McIntyre 15aaa90379 Land #18447, CVE-2023-22515 Confluence Auth Bypass 
CVE-2023-22515 - Atlassian Confluence Data Center and Server Authentication Bypass
 2023-10-19 17:35:17 -04:00
Spencer McIntyre ee0e5b9eda Tidy the docs, fix the username 
The username can not contain capital letters, or the operation will
fail.
 2023-10-19 17:19:55 -04:00
Emir Polat c79cc5a36b Final Checks 2023-10-19 17:19:55 -04:00
Emir Polat b3a9579e8a Update modules/auxiliary/admin/http/atlassian_confluence_auth_bypass.rb 
Implement changes proposed by Spencer McIntyre (smcintyre-r7)
 2023-10-19 17:19:30 -04:00
emirpolatt 258ac6421b Fix fail_with response code compare and documentation fixes 2023-10-19 17:19:30 -04:00
emirpolatt 7c977e07ef Remove of the X-Atlassian-Token header from server-info.action 2023-10-19 17:19:30 -04:00
emirpolatt 236a301f27 Check method fixes 
get_confluence_version inside to check method. Also new status messages
 2023-10-19 17:19:08 -04:00
emirpolatt 0cb56c1de5 Some fixes 2023-10-13 02:16:17 -07:00
emirpolatt e48ead5e8c Fingerprint reduction with Rex::Text.rand_text_alpha(8) 2023-10-13 02:11:57 -07:00
emirpolatt 84f5c7321e Reducing fingerprinting via Rex::Text.rand_text_alpha(8) 2023-10-13 02:02:13 -07:00
emirpolatt 9219a3e90a Adding AttackerKB analysis URL 2023-10-13 01:56:14 -07:00
Hynek Petrak b2f847706f Update vmware_vcenter_vmdir_auth_bypass.rb 
Few more instances corrected
 2023-10-12 19:08:51 +02:00
Hynek Petrak 060dc84c18 corrected options confict between module and ldap mixin 2023-10-12 16:52:57 +02:00
emirpolatt 2b05dab554 Fix: Msftidy Warnings 2023-10-11 12:19:40 -07:00
emirpolatt 9ef1d1746a CVE-2023-22515 - Atlassian Confluence Data Center and Server Broken Access Control Leads to Authentication Bypass 2023-10-11 12:09:22 -07:00
errorxyz 7cd447b5d0 Update deprecated report_auth_info method call in modicon_password_recovery 2023-09-24 22:22:36 +05:30
cgranleese-r7 37b506c238 Land #18374, fix related modules references 2023-09-20 10:03:47 +01:00
h00die 13e7f6cc27 fix related modules references 2023-09-15 16:35:55 -04:00
Ashley Donaldson 5c93b3880a Don't add extra PACs for silver tickets 2023-09-13 15:41:09 +10:00
Spencer McIntyre 7d9abc87b1 Fix a stack trace in forge_ticket when SPN is blank 2023-08-14 10:42:32 -04:00
adfoster-r7 7fe6b8f481 Update the exported keytab table entries to sort by db insert id 2023-06-13 09:14:06 +01:00
Spencer McIntyre e3823691a1 Add module for AD CS template CRUD operations 2023-05-22 10:28:58 -04:00
adfoster-r7 aef2b8d314 Land #17804, Fix incorrect module metadata CI and add validation automation 2023-04-13 15:11:46 +01:00
Ryuuuuu e3983eac1f Correct incorrect log format 2023-04-12 13:04:13 +09:00
Ryuuuuu 29c24438a6 Correct incorrect log format when no files found 2023-04-12 13:01:49 +09:00
cgranleese-r7 40e6917b7f tests passing 2023-04-04 10:24:09 +01:00
adfoster-r7 f7cee703ce Land #17835, cisco_dcnm_auth_bypass: Fix TARGETURI URL normalization 2023-04-03 11:47:56 +01:00
bcoles 2711ba4b3a cisco_dcnm_auth_bypass: Fix TARGETURI URL normalization 2023-03-31 23:53:41 +11:00
dwelch-r7 ab08cd2d1c Land #17753, Update get_ticket to support using forged golden tickets 2023-03-30 14:15:48 +01:00
adfoster-r7 e1ecdac2a5 Land #17724, Add ticket checksum to kerberos ticket creation 2023-03-29 09:01:39 +01:00
adfoster-r7 d04c8e1bce Update broken secunia references 2023-03-23 10:43:57 +00:00
adfoster-r7 ab57c09dc2 Update get_ticket to support using forged golden tickets 2023-03-09 12:21:29 +00:00
adfoster-r7 3bc4639235 Add nthashes to keytab export 2023-03-08 18:03:44 +00:00
Dean Welch d318a9e0d0 Add advanced option to include Ticket Checksum during forging 2023-03-06 13:21:23 +00:00
cgranleese-r7 252012f48d Land #17675, Add support for forging inter-realm Kerberos tickets 2023-03-03 14:17:48 +00:00
adfoster-r7 efd79eb638 Add support for forging inter-realm Kerberos tickets 2023-03-03 13:20:39 +00:00
adfoster-r7 0047ce5d3a Add rbcd exploitation documentation to docs site 2023-03-03 13:18:29 +00:00
Grant Willcox f6bfa6a61b Add in SCHANNEL support, and update modules to fix a hang when using to_json instead of get_operation_result. 2023-02-24 13:50:04 -06:00
adfoster-r7 6e9b33dc88 Run rubocop on auxiliary admin http modules 2023-02-08 14:30:08 +00:00
adfoster-r7 433bafdccf Add missing module notes for stability reliability and side effects 2023-02-08 11:45:17 +00:00
Spencer McIntyre 647cf1d402 Return Time from #extract_logon_time 2023-01-27 10:05:02 -05:00
Spencer McIntyre f4976a0f9f Fix the logon_time in the MS14-068 exploit 2023-01-26 16:16:55 -05:00
adfoster-r7 2d30909a2f Change option name namespacing convention 2023-01-26 16:17:50 +00:00
Spencer McIntyre 2da5d8ea43 Catch exceptions in inspect_ticket 2023-01-26 09:21:55 -05:00
adfoster-r7 3d003ff14c Land #17540, Handle KDC_ERR_CERTIFICATE_MISMATCH for certifried 2023-01-25 18:39:20 +00:00
Dean Welch 5b473e4ede Handle KDC_ERR_CERTIFICATE_MISMATCH for certifried 2023-01-25 18:22:54 +00:00
Spencer McIntyre 21f33296b7 Consolidate PKINIT hash extraction code 2023-01-25 12:16:42 -05:00
Spencer McIntyre 44d8304beb Report the PKCS12 error message 2023-01-25 10:02:37 -05:00
Spencer McIntyre dbe9ee3a77 Update documentation 2023-01-25 08:39:52 -05:00
Spencer McIntyre a5e2c5b3b7 Unify pkinit_login with get_ticket 2023-01-25 08:36:26 -05:00