adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
73,452 Commits 27 Branches 1,043 Tags
3da170a43c7f288fe9bc88fe325da488733acac3
Commit Graph

1900 Commits

Author SHA1 Message Date
Spencer McIntyre 785e2caa9f Refactor #send_request_tgt_pkinit, clarify docs 2023-01-25 08:36:26 -05:00
adfoster-r7 9babcf3564 Add conditions to forge ticket 2023-01-24 13:28:10 +00:00
adfoster-r7 4c17b93ca8 Update get ticket module to use aes_key and username convention 2023-01-20 10:47:35 +00:00
Spencer McIntyre ebfcfd4cb9 Land #17066, Add module for Certifried 
Add exploit module for Certifried exploit
 2023-01-18 14:51:03 -05:00
Christophe De La Fuente 2072111713 Fix from code review & some improvments 
- Improve option validation
- Always request an impersonated TGS for `cifs/...` SPN
- SPN option now is used to request an additional TGS for another SPN
- Add exception handling for Kerberos errors
- Only remove the computer account if it has been created
 2023-01-18 19:28:06 +01:00
adfoster-r7 a28666d3c5 Add additional datastore validation to forge ticket 2023-01-18 10:46:32 +00:00
Spencer McIntyre 365b71d60f Land #17471, Update get_ticket cache logic 
Update kerberos get_ticket cache logic
 2023-01-17 18:49:08 -05:00
adfoster-r7 5ed2fe9ad2 Update kerberos get_ticket cache logic 2023-01-17 00:32:18 +00:00
Dean Welch 1470396f95 Refactor key validation for inspect_ticket and add module tests 2023-01-13 17:42:32 +00:00
Christophe De La Fuente 3d22fbcad9 Add exploit module for Certifried exploit 
- Move all the logic from `modules/auxiliary/admin/dcerpc/icpr_cert.rb`
  to `lib/msf/core/exploit/remote/ms_icpr.rb` library
- Move all the logic from `modules/auxiliary/admin/dcerpc/samr_computer.rb`
  to `lib/msf/core/exploit/remote/ms_samr.rb` library
- Add `modules/auxiliary/admin/dcerpc/cve_2022_26923_certifried.rb` module
- Update the SMB client to disable SSL by default
- Add documentation
- Kerbero client: pass `options` as argument to `send_request_as`
- `calculate_shared_key` returns an EncryptionKey instead of the raw key
- Update `pkinit_login` module to make it compatible
- Add support to `additional_tickets` when requesting tickets
- Add support to PAC CredentialInfo structures
- Add impersonation to escalate privileges
- Add ACTIONS
- Use elevated TGS to delete the computer account
- Update and add specs
 2023-01-13 15:30:50 +01:00
Spencer McIntyre 2f145769da Actually, offered_etypes needs to be an array 2023-01-11 17:08:27 -05:00
Spencer McIntyre a4a5162b92 Remove the etype option in favor of offered_etypes 2023-01-11 10:17:52 -05:00
Grant Willcox 9dce44f195 Merge pull request #17390 from dwelch-r7/move-debug-ticket-to-new_module 
Move debug ticket to new module
 2023-01-06 11:35:18 -06:00
Dean Welch a18efb7882 Improve description and error messages 2023-01-05 14:24:08 +00:00
adfoster-r7 a8957bce49 Update tgt response to include key 2022-12-30 13:41:54 +00:00
Spencer McIntyre b2edf1108a Fix a NameError in pkinit_login 2022-12-16 14:54:46 -05:00
Spencer McIntyre fea259f6e7 Switch everything to use the ticket storage 2022-12-15 18:31:14 -05:00
Spencer McIntyre b2a4bea761 Breakout the ticket storage backend drivers 2022-12-15 18:29:00 -05:00
Spencer McIntyre 686b946c5b Use a new TicketStorage class 
The goal is to provide an abstraction for how Kerberos tickets are
persisted to disk.
 2022-12-15 18:28:54 -05:00
Spencer McIntyre 5f52ebeea7 Consolidate the loot_info UID string 2022-12-15 18:26:32 -05:00
Dean Welch cf332a2b20 Move DEBUG_TICKET action from forge ticket to it's own module inspect_ticket 2022-12-15 13:42:30 +00:00
adfoster-r7 2783e92203 Update windows_secrets_dump and Keytab module to export kerberos keys 2022-12-14 13:40:39 +00:00
adfoster-r7 a9ccfe31b7 Merge branch 'upstream-master' into merge-msf-6.2.31-into-kerberos-feature-branch 2022-12-13 19:40:39 +00:00
Spencer McIntyre a80db73bab Land #17325, add impersonation for get_ticket 
Enable the `get_ticket` module to impersonate a user with S4U2self and S4U2proxy
 2022-12-12 09:10:37 -05:00
Dean Welch 1e2ada3cce Add options validation depending on action in forge_ticket.rb 2022-12-06 12:55:42 +00:00
Dean Welch 405271a52f Add pac BinData Model 2022-12-05 14:03:21 +00:00
Christophe De La Fuente c6f8bae1ab Fix from code review and updates the KrbUseCachedCredentials logic 2022-12-02 15:28:08 +01:00
Christophe De La Fuente cc61a26668 Add S4U2Self and S4U2Proxy support to impersonate a user 2022-12-01 20:42:13 +01:00
adfoster-r7 34d1b5b37e Fix crash in kerberos get ticket module 2022-11-29 10:17:21 +00:00
Spencer McIntyre abe0549db6 Land #17226, Module to request TGT/TGS tickets 
Module to request TGT/TGS Kerberos tickets from the KDC
 2022-11-28 11:59:17 -05:00
Christophe De La Fuente 5280580c08 Fixes from code review 2022-11-18 11:02:32 +01:00
Spencer McIntyre f4a65a220a Support ON_BEHALF_OF in icpr_cert 
Add the code necessary to request certificates on behalf of other users.
This is necessary to exploit templates vulnerable to ESC2 and ESC3.
 2022-11-17 12:12:35 -05:00
Spencer McIntyre eff9a16e00 Use the access mask data type 
Also switch from bit16 to uint16 so it's little endian.
 2022-11-14 12:27:38 -05:00
adfoster-r7 65f6aaca82 Land #17077, Add support for AES keys for silver/golden ticket forging 2022-11-09 16:51:11 +00:00
Dean Welch 23ff829e52 Add support for AES keys for silver/golden ticket forging 2022-11-09 13:01:13 +00:00
Christophe De La Fuente 37fd441b0f Land #17117, Authenticate to Kerberos with PKINIT 2022-11-08 18:54:03 +01:00
Dean Welch ee46d18505 Add yard docs and address review comments 2022-11-07 12:10:01 +00:00
Dean Welch a110465fe4 Add module for converting kerberos ticket formats 2022-11-07 12:10:01 +00:00
Christophe De La Fuente eb051ec9a7 Add get_ticket module 2022-11-04 18:46:47 +01:00
adfoster-r7 e647bf8620 Namespace krb5 models 2022-11-02 13:04:52 +00:00
adfoster-r7 1307f01b76 Align with keytab instead of key_tab 2022-11-02 13:04:51 +00:00
adfoster-r7 98d2633859 Add Kerberos ktutil module 2022-11-02 13:04:50 +00:00
adfoster-r7 7774b7ddcf Merge remote-tracking branch 'upstream/master' into merge-6.2.25-master-into-kerberos-feature-branch 2022-10-31 23:15:11 +00:00
Spencer McIntyre 52197f544f Print the added account SID 2022-10-31 10:56:17 -04:00
Spencer McIntyre b00f706c0b Handle missing accounts when resolving SIDs 2022-10-31 10:56:17 -04:00
Spencer McIntyre af9e4f0fa9 Update how sAMAccountName is looked up. 
This tweaks how the objects are looked up by the sAMAccountName field.
The sAMAccountName can contain values not ending in $, so lookup what the
user specified first, and then check with the $ suffix if it's not
found.
 2022-10-31 10:56:17 -04:00
Spencer McIntyre fa7d677d45 Consolidate and improve LDAP error handling 2022-10-31 10:56:17 -04:00
Spencer McIntyre 2269fec099 Initial working RBCD module 2022-10-31 10:56:17 -04:00
Spencer McIntyre 31e2ab683c Update samr_computer to show the SID when adding 2022-10-31 10:56:17 -04:00
Matthew Dunn 1e50ba3415 Move to Hashes module, address requested changes 
Fix rubocop

Move identify to hashes module up one layer, use full reference to identify_hash instead of full include

Fix SMTP require

Remove hashes require statement

Remove hashes require statement

Remove hashes require statement

Remove hashes require statement

Address remaining requested changes, reference constants directly

Add all the missing direct references

Co-Authored-By: Jeffrey Martin <jeffrey_martin@rapid7.com>
 2022-10-17 17:28:31 -04:00