b423241e6b
Use Rex Post MySQL Client for lib, specs & modules
2024-02-28 18:19:50 +00:00
fc963bd8bb
Add Proxies support to creating a session with postgres_login
2024-02-16 14:45:17 +00:00
87e78d4f8d
Land #18783 , remove initialize warnings from rspec tests
2024-02-08 14:38:02 +00:00
23e184c9ce
Fix removing initialize warnings
2024-02-02 11:04:44 -06:00
0e9cad6d45
Adds MySQL session type
2024-02-02 14:39:37 +00:00
35778e92b2
client consolidation
...
convert first module from remote to client
move client to rex
remove metasploit mixin
2024-02-01 17:23:55 -06:00
1b12dc3940
Update ssh login pubkey module to correctly identify windows ssh platform
2023-11-17 12:51:01 +00:00
05dd2e1473
Land #18351 , Apache Superset RCE (CVE-2023-37941)
2023-10-12 17:10:10 -04:00
50e4269c05
Land #18338 , Get crackable ASREP hashes
...
This PR fixes the ASREP roasting workflow and resolves
issue #17988 .
2023-10-02 13:26:43 -04:00
76a25c6937
Don't store creds for successful schannel ldap auth
2023-10-02 13:42:25 +01:00
a7f2165029
Send default etypes first, and fall back to RC4 if it doesn't require pre-auth
2023-09-21 21:22:25 +10:00
1609836ea2
Don't store passwords to creds if the password wasn't needed for the auth type
2023-09-20 14:30:06 +01:00
619a46d450
working hashes for apache superset rce
2023-09-14 13:21:01 -04:00
586f27f44a
Fix issue with username generation always adding domain
2023-09-11 16:35:31 +01:00
7a06ad8d5d
Add ldap login scanner specs
2023-09-11 16:33:01 +01:00
f27439760d
Update mock for unit tests
2023-09-04 10:47:06 +10:00
e6d1a20a05
Use ruby-mysql for MySQL login scanner
2023-08-14 21:34:41 +02:00
9932aaaaaa
Add specs for resetting password list when username is specified
2023-07-31 16:22:08 +01:00
eb959e2e40
Land #17060 , GSoC Project: Implement HTTP-Trace enabled login scanners
2023-05-11 15:45:01 +01:00
8e2169ed47
Ensure identify hashes helper is accessible to modules
2023-04-12 13:28:56 +01:00
9c20d0f84b
Implemented HTTP-Trace for login scanners via HttpLoggerSubscriber API
2023-03-15 00:57:33 +05:30
672fb9ce9f
Land #17460 , add support for feature kerberos authentication
2023-01-26 17:47:27 +00:00
4c6c8fcf8b
crack netntlm*
2023-01-08 14:29:21 -05:00
a8957bce49
Update tgt response to include key
2022-12-30 13:41:54 +00:00
7774b7ddcf
Merge remote-tracking branch 'upstream/master' into merge-6.2.25-master-into-kerberos-feature-branch
2022-10-31 23:15:11 +00:00
c0403af25e
Address two more imports, use described_class per review
2022-10-18 08:47:24 -04:00
1e50ba3415
Move to Hashes module, address requested changes
...
Fix rubocop
Move identify to hashes module up one layer, use full reference to identify_hash instead of full include
Fix SMTP require
Remove hashes require statement
Remove hashes require statement
Remove hashes require statement
Remove hashes require statement
Address remaining requested changes, reference constants directly
Add all the missing direct references
Co-Authored-By: Jeffrey Martin <jeffrey_martin@rapid7.com >
2022-10-17 17:28:31 -04:00
8b5223f53b
Modularize Identify, Update referenced use cases
...
Modularize Identity.rb
Include new module style Identify
Update juniper.rb
Fix inadvertent change
Add new module to identify spec
Put the require back
Put back require line for juniper
2022-10-17 17:28:30 -04:00
5d345e6689
Merge branch 'upstream-master' into feature-kerberos-authentication
2022-09-29 16:42:58 +01:00
3a281234df
Add feature flagged datastore rewrite, with support for option fallback lookups
2022-09-16 12:59:02 +01:00
f779f0f482
consolidate the config directory lookups
...
The user configuration directory can be overridden via environment
variables or configuration files.
In the current implementation `Msf::Config.config_directory` should be
utilized for consistent location reporting. `Msf::Config.get_config_root`
is reserved to generation of a default location and should be considered
`private` as it ignores some injected configuration options. Currently
autoloading does not allow application of the `private` keyword to this method,
requiring guidance during development that module writers should access the
full configured `user` value of `Msf::Config.config_directory`.
2022-07-25 15:27:21 -05:00
997f9b92d9
Changes from code review
2022-06-24 09:33:57 +10:00
2cce4ac1c1
Fix unit tests
2022-06-23 16:55:30 +10:00
f8901a8b17
Add Kerberos LoginScanner support
2022-06-20 16:38:32 +01:00
4417a335ff
Land #16379 , Make SSH defaults widely used
...
Refactored a number of modules to use ssh_client_defaults
2022-04-19 22:08:45 -07:00
29aae09b62
Added support to depecreted key exchange algorithms
2022-04-13 18:54:12 +02:00
a959725f7c
implement vnc hash types
2022-03-13 13:27:38 -04:00
f6d3788d25
fix spec for cracker
2022-01-18 04:42:49 -05:00
d01594a570
spec not working quite right
2022-01-17 17:40:35 -05:00
7a7b009161
add more smarts to nolog for jtr
2022-01-17 15:33:41 -05:00
c84b651ca6
Remoce initial rhost http url attempt
2021-05-24 00:31:09 +01:00
6d0aed92bc
Fix broken association handling for msfdb services command
2021-04-13 15:01:09 +01:00
98df005c6c
Fix test
2021-04-01 15:57:28 +01:00
c62001c210
Improve the zabbix session gathering code as per Spencer's recommendation and update the spec checks accordingly
2020-10-30 14:14:14 -05:00
67821e32c4
Password cracking integration
2020-09-29 20:36:39 +02:00
e11840c2a5
land #14031 , F5 processor
2020-09-14 18:38:58 +02:00
26a83d5d5c
rubocop
2020-08-20 14:31:18 -04:00
e7061439ef
Adds rhost url support behind a feature flag
...
Tidy up test
Return a string instead of a URI object
Code review comments
Rubcocop
2020-08-18 12:25:27 +01:00
22e2a17873
cram-md5
2020-04-17 16:51:25 -04:00
6d23059cc0
android hashdump updates
2019-11-09 10:11:45 -05:00
sjanusz-r7