9a6c298a43
Use shared helper for creating kerberos options
2023-01-23 11:04:01 +00:00
27d6a89b99
Use keepalive in SSM aux module
2023-01-21 09:26:06 -05:00
589c2257e3
Implement reporting and pretty output
2023-01-20 23:17:34 -05:00
3e54ae6e69
Resolve crashes noted by @smcintyre-r7, simplify
...
Bail out of console resize operation if ::IO.console doesn't exist
Enforce REGION datastore option and remove the multi-region enum
code by Aaron - users can write resource scripts if they need
automation.
2023-01-20 22:33:51 -05:00
2621775053
Add the Python command adapter for Windows
2023-01-20 15:10:39 -05:00
6fe0933c1e
Add exploit for CVE-2022-44877
2023-01-20 09:04:24 -05:00
ebaf51108c
Land #17490 , Update impacket get user spns
2023-01-20 13:21:19 +00:00
22f45c9a2e
Land #17513 , Update get ticket module to use aes_key and username convention
2023-01-20 12:44:23 +01:00
aaad9436f2
Fix winrm offered etypes
2023-01-20 10:59:25 +00:00
4c17b93ca8
Update get ticket module to use aes_key and username convention
2023-01-20 10:47:35 +00:00
6ac0d9ba27
Trailing whitespace corrected
2023-01-19 22:16:54 -05:00
633c58a0ff
tomcat on rhel priv esc
2023-01-19 15:28:10 -05:00
0e0f62c002
Removed 22621
2023-01-19 14:47:20 -05:00
4da94325f3
Rubocop
2023-01-19 13:52:58 -05:00
1e94adc3ab
Land #17479 , Wordpress paid membership pro unauthenticated sqli (CVE-2023-23488)
2023-01-19 15:36:00 +01:00
63d9445911
Fix for Win Server 2022 and 2019
2023-01-19 00:52:38 -05:00
3a0b694790
better engrish
2023-01-18 20:12:49 -05:00
642e6ee1cb
review
2023-01-18 16:21:11 -05:00
c823295915
cleanup better
2023-01-18 16:19:48 -05:00
d0feedadbf
Refine whatsupgold_credential_dump
...
Added CVE info to the References section.
Modified the registry routines to add sanity around x86 vs. x64 arch.
2023-01-18 15:47:26 -05:00
ebfcfd4cb9
Land #17066 , Add module for Certifried
...
Add exploit module for Certifried exploit
2023-01-18 14:51:03 -05:00
8ed4f59c60
veeam_credential_dump refinement
...
Fixed stupid typo in markdown.
Fixed a bug in the export code that prevented the disposition column
from being exported.
2023-01-18 14:27:28 -05:00
64ddc6bb4c
Land #17484 , Add additional kerberos documentation
2023-01-18 19:40:28 +01:00
2072111713
Fix from code review & some improvments
...
- Improve option validation
- Always request an impersonated TGS for `cifs/...` SPN
- SPN option now is used to request an additional TGS for another SPN
- Add exception handling for Kerberos errors
- Only remove the computer account if it has been created
2023-01-18 19:28:06 +01:00
c55fcb6ca6
Add additional kerberos documentation
2023-01-18 16:58:34 +00:00
a28666d3c5
Add additional datastore validation to forge ticket
2023-01-18 10:46:32 +00:00
365b71d60f
Land #17471 , Update get_ticket cache logic
...
Update kerberos get_ticket cache logic
2023-01-17 18:49:08 -05:00
607dd9f081
Land #17348 , New exploit for CVE-2022-46770 Mirage firewall DoS
...
Merge branch 'land-17348' into upstream-master
2023-01-17 16:52:38 -06:00
158c557d58
Update LICENSE file and location of source file
2023-01-17 17:28:22 -05:00
e28ff3b160
minor fixes
2023-01-17 15:30:36 -05:00
be7ca91a8f
cve-2022-22942
2023-01-17 15:30:36 -05:00
7f62fa33f3
Update impacket get user spns
2023-01-17 19:53:42 +00:00
7e23c34e6c
Apply fixes per code review
2023-01-17 12:44:22 -06:00
541dab9365
simplified messaging
2023-01-17 12:44:20 -06:00
77687bff3f
init module
2023-01-17 12:44:20 -06:00
a10e313e26
Land #17343 , unquoted service path tweaks
2023-01-17 08:59:37 -05:00
5ed2fe9ad2
Update kerberos get_ticket cache logic
2023-01-17 00:32:18 +00:00
0c8e83c34e
Land #17451 , Crack netntlm*
2023-01-16 20:52:53 +01:00
7a2f6fef86
Land #17477 , Merge 6.2.36 master into kerberos feature branch
2023-01-16 11:53:21 +00:00
1888264d4d
wordpress paid membership pro
2023-01-14 08:34:10 -05:00
3ddcf73c2b
Remove the QUICK option altogether
...
Use blocks to check whether each service is exploitable as they are
enumerated. With this change, it is the service and path enumeration
halts once an exploitable one is found that yields a session.
Also all files are registered for cleanup.
2023-01-13 17:06:42 -05:00
f98d1d838b
unquoted service path tweaks to check
2023-01-13 17:06:42 -05:00
90a12cf3b0
unquoted service path tweaks
2023-01-13 17:06:42 -05:00
a6ec7762ea
unquoted service path tweaks
2023-01-13 17:06:42 -05:00
c52eb09cbb
unquoted service path tweaks
2023-01-13 17:06:42 -05:00
1470396f95
Refactor key validation for inspect_ticket and add module tests
2023-01-13 17:42:32 +00:00
eddac9321c
Merge 6.2.36 master into kerberos feature branch
2023-01-13 17:31:02 +00:00
14f992aa88
Address some of @smcityre-r7's comments
...
Explicitly `require 'aws-sdk-ec2'` in the aux module
Fix the hard-coded region to use datastore option
2023-01-13 09:55:51 -05:00
3d22fbcad9
Add exploit module for Certifried exploit
...
- Move all the logic from `modules/auxiliary/admin/dcerpc/icpr_cert.rb`
to `lib/msf/core/exploit/remote/ms_icpr.rb` library
- Move all the logic from `modules/auxiliary/admin/dcerpc/samr_computer.rb`
to `lib/msf/core/exploit/remote/ms_samr.rb` library
- Add `modules/auxiliary/admin/dcerpc/cve_2022_26923_certifried.rb` module
- Update the SMB client to disable SSL by default
- Add documentation
- Kerbero client: pass `options` as argument to `send_request_as`
- `calculate_shared_key` returns an EncryptionKey instead of the raw key
- Update `pkinit_login` module to make it compatible
- Add support to `additional_tickets` when requesting tickets
- Add support to PAC CredentialInfo structures
- Add impersonation to escalate privileges
- Add ACTIONS
- Use elevated TGS to delete the computer account
- Update and add specs
2023-01-13 15:30:50 +01:00
8472efed02
fix typos, add reference, don't use methods to wrap datastore options
2023-01-13 14:53:29 +02:00
adfoster-r7