adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
73,452 Commits 27 Branches 1,043 Tags
3da170a43c7f288fe9bc88fe325da488733acac3
Commit Graph

11360 Commits

Author SHA1 Message Date
Ashley Donaldson 58c30f10aa Send and Receive PKINIT responses 2022-10-07 01:04:10 +11:00
adfoster-r7 c595c5cc8b Land #17108, Update Azure AD Scanner Error Code Check for Disabled Accounts 2022-10-05 18:52:39 +01:00
Matthew Dunn 774f9c6e48 Use the right quotation marks 2022-10-05 13:19:36 -04:00
Matthew Mathur 24e1a026d4 Update locked error message 
Co-authored-by: adfoster-r7 <60357436+adfoster-r7@users.noreply.github.com>
 2022-10-05 13:03:34 -04:00
Matthew Dunn 4a2d485228 Update error conditions to include account disablement 2022-10-04 16:57:59 -04:00
h00die 06aefb630a string true to bool true 2022-10-03 19:50:04 -04:00
Christophe De La Fuente 117d7026e4 Fix from code review 2022-10-03 10:41:15 +02:00
h00die-gr3y 7ae0f552f3 init commit module and documentation 2022-10-02 19:47:47 +00:00
bcoles 5f92d9418d Modules: Fix Stability/SideEffects/Reliability notes for several modules 2022-10-01 17:54:59 +10:00
Jack Heysel 1c6ed2d9b4 Land #17070, Grafana auth bypass enhancement 
Remove unneccessary use of len cookie
 2022-09-30 14:32:44 -04:00
cgranleese-r7 38b05cb802 Updates deprecated method in rlogin module 2022-09-30 14:28:42 +01:00
adfoster-r7 5d345e6689 Merge branch 'upstream-master' into feature-kerberos-authentication 2022-09-29 16:42:58 +01:00
Christophe De La Fuente 8f3c8a49ed Fix non-admin error 
- Remove unecessary `print_error`
- Do not fail when an error occurs in the early processes and action is
  ALL or DOMAIN
- Print error about NoLMHash policy only once
- rubocop fixes
 2022-09-29 12:47:14 +02:00
cgranleese-r7 730746f873 Fixes broken sessions in rservices modules 2022-09-29 09:44:29 +01:00
ahzam b0e3e95439 Minor Refactor: Remove unneccessary len(cookie) 2022-09-29 01:46:07 +05:00
h00die 11a21737bc move print statement 2022-09-23 17:57:40 -04:00
Grant Willcox 2958a43a6a Update to reflect fact that bug is an improper authentication logic bug and to randomize password for auth parameter since it is ignored 2022-09-23 12:19:29 -05:00
Grant Willcox edc37835e5 Add more nil checks in, update some of the check code to catch an edge case, update notes to account for indicators of compromise, and fix some extra issues noticed on second round of review 2022-09-23 09:38:35 -05:00
Grant Willcox 9abe1649ff Sanitize XML data prior to adding it to the XML POST request and also change the ID option to an integer from a string to match expectations 2022-09-23 09:38:35 -05:00
Grant Willcox 3ca34568c2 Clean up some of the documentation and module code and descriptions 2022-09-23 09:38:12 -05:00
h00die-gr3y 37caf6dae5 removed exploit information from info section 2022-09-23 09:38:11 -05:00
h00die-gr3y a4a12d06bc improved error handling 2022-09-23 09:38:10 -05:00
h00die-gr3y 5ed7ff7f52 init commit module and documentation 2022-09-23 09:38:05 -05:00
adfoster-r7 5e2a6c9dba Land #17015, improve http login result checks 2022-09-23 01:28:59 +01:00
Jeffrey Martin 96d291121b use model validator instead of setup check 2022-09-22 14:49:09 -05:00
Jack Heysel 12f3325f3e Land #16732, VIDIdial Multiple SQLi 
This PR adds a module which exploits several
authenticated sqli in VICIdial
 2022-09-22 10:47:42 -04:00
cgranleese-r7 50685161ef Allow user_id to be configurable in ticket forging 2022-09-22 14:18:17 +01:00
h00die 6d608ea41e vicidial sqli module docs update 2022-09-21 16:57:18 -04:00
h00die 0bcdc3fadb idrac login updates 2022-09-20 16:20:24 -04:00
Jeffrey Martin 9b2cda346d guard parsing error and fail early 2022-09-16 12:35:38 -05:00
Jeffrey Martin 581aa2c34a enable user defined accepted repsonse codes 
* login scanner object expects an array of codes and set defaults
* login scanner limits response codes to 2XX and 3XX code
* parsing to convert OptString is handle in the consuming module
 2022-09-16 12:21:14 -05:00
cgranleese-r7 55119aaac7 Land #16940, Rewrite datastore, and add support for option fallback lookups 2022-09-16 14:19:19 +01:00
adfoster-r7 3a281234df Add feature flagged datastore rewrite, with support for option fallback lookups 2022-09-16 12:59:02 +01:00
Jan Rude 2e5349b27f use vars_get 
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com>
 2022-09-16 13:50:44 +02:00
Jan Rude f7c11eb84f use correct CheckCode 
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com>
 2022-09-16 13:49:41 +02:00
Jan Rude ee67186488 compare rex::Version 
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com>
 2022-09-16 13:47:58 +02:00
Jan Rude f260636975 use safe navigation operator 
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com>
 2022-09-16 13:47:04 +02:00
Jan Rude 6fe487c4b8 use one liner 
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com>
 2022-09-16 13:46:02 +02:00
Jan Rude e5e312199a use correct checkcode 
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com>
 2022-09-16 13:45:29 +02:00
jrude 8f6fd55d9f add review suggestions 2022-09-16 13:34:06 +02:00
h00die eac559df1f updates to idrac json handling 2022-09-14 16:39:19 -04:00
Jeffrey Martin bc948d0412 allows redirect on login as success with http 2022-09-14 14:50:10 -05:00
Grant Willcox 0d639b99bb Initial attempt at blind_dump_data improvements 
Add in fully binary search orientated version of blind_dump_data
 2022-09-13 16:12:16 -05:00
Grant Willcox 32df4cdeee Add in ability to determine length of query using binary tree approach 2022-09-13 16:11:01 -05:00
Jack Heysel 6c27c05d10 parent 3892d29cc5 
author Jack Heysel <jack_heysel@rapid7.com> 1658964871 -0400
committer Grant Willcox <gwillcox@rapid7.com> 1663093141 -0500
gpgsig -----BEGIN PGP SIGNATURE-----

 iQIzBAABCgAdFiEEMZiWHhSP9eUn4xpf014FwPK4HoMFAmMgyZUACgkQ014FwPK4
 HoP5RxAAjvQs9/bVQSVJXMNVxa5J3Tefi+BnkJyxUAABsYJR/KpKfHMzGxhdA9ED
 Rc48cKuaGRscorSdNZJPtRMs1JlrvYLbovTomUoOuyZypKInNdkIhjo24WyandBX
 5f4AgmsKFtnfFnxAHQ/jsq25Sa0hgDS/x64q1+aFMupZzm7o9xJrMokqPIu8C1hC
 AhdV1jx3xP7jTpTz2YDOUPM3WNZINFNJHZU5JtdCIfciJX1oCbkEdzUZFiiZg6Ui
 fZEUDAVQrkZfhcTrLYBBTOgalMjmM4gM9q/X0vHTm6XbEuNN69diw7t3Z7Qa2maY
 FU3N8E5mDy2ebpRWF4FOHa3KwEcUwpx17/sIJOfhlFRFazxVDR6DGch4GQg0r5lz
 VVN7GEMPqepyCJcBTaagpeeyw/pM/peysrC04amd5ash/6sQ5whS8xIJW1jeN/nf
 rVTwJs1kzy28t0wLqeHB+j4OZNm+hqZYrZ0A9VcJT5EBArG8Zlgr+xXcFXhONBk8
 GZe/yiMsHPPv+vfSvOo/JVZAbIXpcFRzHjbs1JjFVQq635bWceGWs72xHNEKlssC
 MtaL1h0wzV7BilBL2ohMY0ou/gDTqWao3xYGvqfxgYBy/6IQCcV2SmPYLNel+VEt
 sc7fqO5R+R/HDUWHv1bEfYKebgaX6pqrzgrqaxwGd6vmSHEEslU=
 =BXw+
 -----END PGP SIGNATURE-----

Initial changes

Add in documentation improvements for installation

Update Docker install instructions again and also fix a bug with too strict checking on a cookie

Move module into gather type module, remove the scanner import, and update the documentation accordingly so that the check method can work

Updated docs
 2022-09-13 16:08:57 -05:00
Jan Rude 476f18ff1f add disclosure date 2022-09-12 10:07:02 +02:00
Jan Rude fa2f2e6d5d linting 
This is getting ridiculous...
 2022-09-08 19:51:56 +02:00
Jan Rude d64719927b linting 2022-09-08 19:42:31 +02:00
Jan Rude 25757d45be linting again... 2022-09-08 19:36:17 +02:00
jrude b649e26d84 corrections 2022-09-08 19:09:35 +02:00