bccd906bd2
Land #18564 , Fix an uninitialized constant error in capture/http
2023-11-22 19:22:45 +00:00
e9d6bab975
Move the ServerClient code into a dedicated file
2023-11-22 13:34:18 -05:00
98e6bae077
Fix an uninitialized constant error
...
This error was introduced by the loader changes in
acf23e9c61
2023-11-22 11:51:55 -05:00
ef9a165d22
Changes from code review
2023-11-22 16:43:02 +11:00
e6e2106140
Auth bypass, auth, shell upload, working
2023-11-21 22:14:27 -05:00
9b050e29ae
Add suggested changes
2023-11-22 00:53:12 +01:00
fff8d20eb8
Add suggested changes
2023-11-22 00:50:57 +01:00
bba178e87f
crack windows
2023-11-21 17:11:15 -05:00
4bca269e01
doc overhaul
2023-11-21 17:11:15 -05:00
46909f63bc
linux cracker enhancements
2023-11-21 17:11:15 -05:00
06b6e969e4
better aix crack
2023-11-21 17:11:15 -05:00
aa27b140cf
crack aix rewrite
2023-11-21 17:11:15 -05:00
38313e9962
rubocop
2023-11-21 17:11:15 -05:00
34bd661d3f
Fall back to other server if first one fails
2023-11-22 09:06:06 +11:00
8d4ae4bc78
Check the cache for a TGT without a host
...
This fixes allows forged golden tickets to be reused from the cache
2023-11-21 14:19:47 -05:00
2750deedee
Update
2023-11-21 18:28:28 +01:00
218f652429
Update modules/exploits/linux/http/vinchin_backup_recovery_cmd_inject.rb
...
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com >
2023-11-21 17:08:55 +01:00
dd701c1cfa
automatic module_metadata_base.json update
2023-11-21 09:56:54 -06:00
9870d97ece
Land #18538 , Update database connection logic to avoid startup crashes
2023-11-21 15:32:01 +00:00
08123a190c
Land #18552 , Add support for Ruby 3.3.0-preview3
2023-11-21 15:31:11 +00:00
7f8da5a121
Land #18558 , Support x64 in enum_chrome
2023-11-21 15:26:56 +00:00
86281e860d
automatic module_metadata_base.json update
2023-11-21 08:08:09 -06:00
5c09c86349
Land #18448 , corrected options confict between module and ldap mixin
2023-11-21 13:33:21 +00:00
d98a1e9aaa
Land #18548 , Refactor the ghostcat module to use the AJP definitions provided by Rex::Proto
2023-11-21 13:29:11 +00:00
1b4099f5a3
Copy across some more properties from the PAC
2023-11-21 13:51:05 +11:00
f0ab3a7140
Fix typo
2023-11-21 02:13:58 +01:00
58425df0ef
Update vinchin_backup_recovery_cmd_inject exploit and documentation
2023-11-21 02:09:24 +01:00
13ae9fcded
Refactor things in #decrypt_data
...
* Check that the initial memory was actually allocated before writing to
it
* Don't pass 16 to CryptUnprotectData as the ppszDataDescr parameter
because it is not a valid LPWSTR
* Don't leak memory in the event that CryptUnprotectData by ensuring mem
and addr are always free'ed
* Combine free calls into one for speed
* Don't assume the sessions is ARCH_X64 if it is not ARCH_X86 because
that may change some day
2023-11-20 16:40:42 -05:00
9d757990fe
Fix LocalAlloc/LocalFree definitions
...
Railgun should not be using DWORD for pointer sizes because it breaks
things on 64-bit sessions.
Fixes #18544
2023-11-20 16:23:33 -05:00
d59d5e5524
Update modules/exploits/linux/http/vinchin_backup_recovery_cmd_inject.rb
...
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com >
2023-11-20 19:07:04 +01:00
4e1ec6484a
Update modules/exploits/linux/http/vinchin_backup_recovery_cmd_inject.rb
...
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com >
2023-11-20 19:06:51 +01:00
8eb1f61217
Update modules/exploits/linux/http/vinchin_backup_recovery_cmd_inject.rb
...
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com >
2023-11-20 19:06:41 +01:00
223cb245ba
Update modules/exploits/linux/http/vinchin_backup_recovery_cmd_inject.rb
...
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com >
2023-11-20 19:06:05 +01:00
13b19ba537
Update modules/exploits/linux/http/vinchin_backup_recovery_cmd_inject.rb
...
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com >
2023-11-20 19:05:54 +01:00
00cc8dcc09
Update modules/exploits/linux/http/vinchin_backup_recovery_cmd_inject.rb
...
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com >
2023-11-20 19:05:45 +01:00
45a5c62308
Fix diamond tickets
2023-11-20 10:11:38 +11:00
cb83782159
Add support for Ruby 3.3.0-preview3
2023-11-18 01:52:34 +00:00
69e5caa1a0
Refactor the ghostcat module to use the AJP defs
2023-11-17 12:58:05 -05:00
1b12dc3940
Update ssh login pubkey module to correctly identify windows ssh platform
2023-11-17 12:51:01 +00:00
5e9ff17e59
Handle NTHASH tickets, including warning users that it's a terrible idea
2023-11-17 19:24:25 +11:00
fb9bd2cae1
Use empty string for missing values rather than nil
2023-11-17 15:09:30 +11:00
9d873cb7ac
Fix bug in writing UpnDnsInfo structure, and include in sapphire PAC
2023-11-17 13:49:55 +11:00
24490cbe1e
Replicate Logon domain name and extra sids from sapphire ticket
2023-11-17 13:16:40 +11:00
56016cb3e7
Bump version of framework to 6.3.44
2023-11-16 12:06:13 -06:00
42cdda7200
Vinchin
2023-11-16 18:10:42 +01:00
a41fd9deda
Land #18532 , Fix db2 scanner module crashes
2023-11-16 15:21:48 +00:00
24fc989305
Merge branch 'rapid7:master' into master
2023-11-16 16:09:36 +01:00
4e6a29d0fb
Implement sapphire tickets
2023-11-15 22:31:11 +11:00
e011fbeb32
Land #18516 , extract common dispatcher commands into a single resuable mixin
...
Extract reusable core session commands
2023-11-15 11:25:52 +00:00
bdb13601ae
Implement diamond tickets
2023-11-15 16:13:01 +11:00
adfoster-r7