d5ba1afbec
fix URLs not resolving
...
fix URLs not resolving
add csv export to references
fix URLs not resolving
pdf not pd
missed a url change
remove extra recirectedfrom fields
remove extra file
fix ovftool url accidental replacement
2022-02-16 17:22:40 -06:00
bd6bfd7d70
Fixed rubocop warnings for the modified module
2021-09-22 15:05:53 +10:00
2349393ef0
Display computer information gleaned from NTLM handshake in RDP.
2021-09-22 12:09:19 +10:00
1a2bf98222
creates standard elog & updates exisiting usages
2020-06-22 12:48:39 +01:00
3a046f01da
Run rubocop -a on subset of files
2020-03-06 10:41:45 +00:00
4f2cab4cf1
Add references
2019-11-11 17:33:10 -06:00
b65882a314
Use new CheckCodes to tidy up the bluekeep scanner
2019-10-08 09:57:53 -05:00
2ce3e4f1c4
Make BlueKeep scanner's output less chatty
2019-09-24 08:49:27 -05:00
fec749d3b2
perform fingerprinting in scanner
2019-09-19 06:05:08 -05:00
de34bc484e
Ensure rdp_disconnect in rdp_scanner
2019-09-19 06:05:08 -05:00
ab631044af
adjust rdp fingerprint code to match self.rdp_sock changes in exploit mixin
2019-09-19 06:05:08 -05:00
f479ed2d73
Small refactors, comments and tidying up
2019-09-19 06:05:08 -05:00
8412ff319a
Fix disconnect PDU message and start work on payloads
2019-09-19 06:05:08 -05:00
1d6e319ac2
Refactor of RDP mixin to make it more configurable
...
Slowly moving away from a huge hard-coded blob of inflexible bytes
towards a more data-driven approach that allows configuration of various
elements of the packets that are generated.
2019-09-19 06:05:08 -05:00
eb9088a588
Refactor RDP mixin to hide socket details
...
When dealing with the RDP mixin it makes more sense to not expose
TCP-level things, instead it's better to talk RDP. This changeset makes
it so that consumers of the RDP mixin talk RDP only. They can access the
socket through the `rdp_socket` member if required, but the changes made
here mean they don't have to. Ultimately, this new member should be
`private` instead of `protected`, but I'm leaving it like this for now
in case it is required down the track.
I've also made the assumption that all RDP connects want TCP_NODELAY
set. This might be wrong, but I don't think it is.
From here, users can call `rdp_connect` and `rdp_disconnect` to manage
connectivity to the RDP endpoint. The `rdp_connect` function does not
register the TCP client socket as the global `sock` member on the TCP
module instance, this is to prevent the mixin from clashing with other
users of the TCP client in a given module.
2019-09-19 06:04:58 -05:00
d676f98d56
Remove already included Msf::Exploit::Remote::Tcp
2019-08-13 10:56:03 -05:00
63dfa2a8bd
Fix the RDP NLA protocol detection
2019-08-11 19:23:29 -07:00
84669f567b
Add the RDP fingerprinting method to rdp_scanner
2019-08-11 16:20:14 -07:00
46b6a5927e
Comment update
2019-08-07 19:25:43 -05:00
4861a139ca
Minor comments
2019-08-07 19:20:36 -05:00
9566334868
merge upstream/master
2019-08-07 19:11:58 -05:00
93e6ff67b4
Addressing feedback
2019-08-07 16:37:59 -05:00
2d5e9cb241
RDP: address feedback from wvu
2019-08-07 14:47:33 -05:00
18da91a348
Add 'Crash' action for enabling the DoS
2019-08-07 11:38:14 -05:00
7d30c92375
RDP: rubocop cleanup
2019-08-07 09:12:53 -05:00
b6956bd3be
RDP: moar migration
2019-08-07 08:50:01 -05:00
0c1868b158
RDP: migrate security nego to lib
2019-08-07 08:27:15 -05:00
7dc87bf8bc
RDP: Refactor protocol code
2019-08-07 07:25:42 -05:00
a63e0ba106
BlueKeep: Add DoS exploit
2019-08-06 20:15:53 -05:00
178339db70
Rescue EOFError in quick check for patch
...
Thank you to @cnotin for noticing this case.
2019-08-01 15:03:36 -05:00
8d2b29024a
Fix typo
2019-07-31 17:44:10 -05:00
ae13736d50
Rescue EOFError in cve_2019_0708_bluekeep get_once
2019-07-31 16:01:20 -05:00
3f0810502e
Explicitly require 'rc4' in the BlueKeep scanner.
...
Appears to still operate as-expected:
msf5 > use auxiliary/scanner/rdp/cve_2019_0708_bluekeep
msf5 auxiliary(scanner/rdp/cve_2019_0708_bluekeep) > set rhosts <target>
rhosts => <target>
msf5 auxiliary(scanner/rdp/cve_2019_0708_bluekeep) > run
[+] <target>:3389 - The target is vulnerable.
[*] <target>:3389 - Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
Fixes MS-4291.
2019-06-19 08:27:04 -05:00
3d8b474632
Clean up module
2019-06-14 21:09:57 -05:00
a2863ff3cf
Add comment to pdu_connect_initial
2019-06-12 10:46:12 -05:00
008f9061f6
Randomize client random, sanity check fields
2019-06-12 07:49:45 -05:00
f4aa86c9b3
rubocop cleanup
2019-06-11 13:29:05 -05:00
cc93b312ac
Add ability to configure username, client, IP, etc
2019-06-11 13:07:59 -05:00
e15840f8db
Add nil check for quick response
2019-06-04 08:36:58 -05:00
6a8e4366ae
Improve XP stabilty, trim dead code
2019-06-04 06:53:36 -05:00
9d17832347
Deal with virtual channel data blob
2019-06-04 05:49:45 -05:00
b176948c3c
Refactor more binary blobs
2019-06-03 16:54:33 -05:00
61b5072e88
Add explicit check for NLA
2019-06-03 09:38:12 -05:00
5871dc0802
Fix nego when RDP Security is forced
2019-06-03 08:50:30 -05:00
23139c5000
Bluekeep: add TLS, refactor
2019-06-02 10:02:09 -05:00
54eb73f8b8
Address @egypt's rdp_scanner review
2019-05-24 17:31:22 -05:00
82debcbada
remove useless debug print
2019-05-24 11:23:25 -06:00
e3be9d2871
Restore syntactic sugar
2019-05-24 11:41:19 -05:00
d158cd131c
Add metadata and style fixes
2019-05-24 11:25:58 -05:00
8067893d16
added FIXME for other info leaks
2019-05-23 13:57:49 -06:00
h00die