15aaa90379
Land #18447 , CVE-2023-22515 Confluence Auth Bypass
...
CVE-2023-22515 - Atlassian Confluence Data Center and Server Authentication Bypass
2023-10-19 17:35:17 -04:00
ee0e5b9eda
Tidy the docs, fix the username
...
The username can not contain capital letters, or the operation will
fail.
2023-10-19 17:19:55 -04:00
258ac6421b
Fix fail_with response code compare and documentation fixes
2023-10-19 17:19:30 -04:00
9ef1d1746a
CVE-2023-22515 - Atlassian Confluence Data Center and Server Broken Access Control Leads to Authentication Bypass
2023-10-11 12:09:22 -07:00
557a15a115
spelling fixes on docs
2023-10-10 14:46:18 -04:00
1af22cfd22
Land #18096 , Add initial proxies datastore support for kerberos workflows
2023-07-21 11:37:04 +01:00
08a2a293a9
Add proxies datastore support to kerberos
2023-07-21 11:19:50 +01:00
ae4faca1ba
Update module docs to discuss KB5014754 changes
2023-06-14 16:18:04 -04:00
0a3247f1a7
Add documentation
2023-05-22 10:29:03 -04:00
ab57c09dc2
Update get_ticket to support using forged golden tickets
2023-03-09 12:21:29 +00:00
0047ce5d3a
Add rbcd exploitation documentation to docs site
2023-03-03 13:18:29 +00:00
6870efc34a
Land #17426 , Update all references to old Wiki to point to new docs site
2023-02-01 23:49:20 +00:00
c68ab9b77f
Add Metasploit prompt color highlighting to docs
2023-01-28 22:43:33 +00:00
6043d0ffba
Update all links from Wiki site to new docs site.
2023-01-27 09:58:53 -06:00
672fb9ce9f
Land #17460 , add support for feature kerberos authentication
2023-01-26 17:47:27 +00:00
2d30909a2f
Change option name namespacing convention
2023-01-26 16:17:50 +00:00
4f574d141a
Land #17533 , Combine pkinit_login with get_ticket
2023-01-25 15:43:12 +00:00
dbe9ee3a77
Update documentation
2023-01-25 08:39:52 -05:00
a5e2c5b3b7
Unify pkinit_login with get_ticket
2023-01-25 08:36:26 -05:00
d18beb486d
Update kerberos to negotiate rc4 if aes256 is disabled
2023-01-25 00:27:00 +00:00
4c17b93ca8
Update get ticket module to use aes_key and username convention
2023-01-20 10:47:35 +00:00
82fe7120d4
Update ADCS to be AD CS so we have appropriate spelling
2023-01-18 17:07:48 -06:00
ebfcfd4cb9
Land #17066 , Add module for Certifried
...
Add exploit module for Certifried exploit
2023-01-18 14:51:03 -05:00
2072111713
Fix from code review & some improvments
...
- Improve option validation
- Always request an impersonated TGS for `cifs/...` SPN
- SPN option now is used to request an additional TGS for another SPN
- Add exception handling for Kerberos errors
- Only remove the computer account if it has been created
2023-01-18 19:28:06 +01:00
c55fcb6ca6
Add additional kerberos documentation
2023-01-18 16:58:34 +00:00
3d22fbcad9
Add exploit module for Certifried exploit
...
- Move all the logic from `modules/auxiliary/admin/dcerpc/icpr_cert.rb`
to `lib/msf/core/exploit/remote/ms_icpr.rb` library
- Move all the logic from `modules/auxiliary/admin/dcerpc/samr_computer.rb`
to `lib/msf/core/exploit/remote/ms_samr.rb` library
- Add `modules/auxiliary/admin/dcerpc/cve_2022_26923_certifried.rb` module
- Update the SMB client to disable SSL by default
- Add documentation
- Kerbero client: pass `options` as argument to `send_request_as`
- `calculate_shared_key` returns an EncryptionKey instead of the raw key
- Update `pkinit_login` module to make it compatible
- Add support to `additional_tickets` when requesting tickets
- Add support to PAC CredentialInfo structures
- Add impersonation to escalate privileges
- Add ACTIONS
- Use elevated TGS to delete the computer account
- Update and add specs
2023-01-13 15:30:50 +01:00
6f7d7bcd1c
Land #17394 , Add ticket converter docs
2023-01-11 02:11:59 +00:00
9dce44f195
Merge pull request #17390 from dwelch-r7/move-debug-ticket-to-new_module
...
Move debug ticket to new module
2023-01-06 11:35:18 -06:00
d69564f3df
Minor update to merge output and example together.
2023-01-06 10:15:16 -06:00
2de3477eb0
Add msfconsole examples
2023-01-05 17:02:23 +00:00
a18efb7882
Improve description and error messages
2023-01-05 14:24:08 +00:00
cb95d92201
Fix keytab docs typo
2023-01-04 15:39:59 +00:00
4e1e85f8ad
Add ticket converter docs
2022-12-16 13:53:05 +00:00
cf332a2b20
Move DEBUG_TICKET action from forge ticket to it's own module inspect_ticket
2022-12-15 13:42:30 +00:00
2783e92203
Update windows_secrets_dump and Keytab module to export kerberos keys
2022-12-14 13:40:39 +00:00
abcf4606a8
Land #17360 , document the kerberos forge_ticket DEBUG_TICKET action
2022-12-14 13:37:34 +00:00
4aaf540364
Add modules docs for TICKET_DEBUG
2022-12-12 13:39:09 +00:00
c6f8bae1ab
Fix from code review and updates the KrbUseCachedCredentials logic
2022-12-02 15:28:08 +01:00
69e08094cd
Update documentation
2022-12-01 21:23:25 +01:00
abe0549db6
Land #17226 , Module to request TGT/TGS tickets
...
Module to request TGT/TGS Kerberos tickets from the KDC
2022-11-28 11:59:17 -05:00
5280580c08
Fixes from code review
2022-11-18 11:02:32 +01:00
b2f6f0c792
Update the module docs for ESC2 and ESC3
2022-11-17 12:12:35 -05:00
f4a65a220a
Support ON_BEHALF_OF in icpr_cert
...
Add the code necessary to request certificates on behalf of other users.
This is necessary to exploit templates vulnerable to ESC2 and ESC3.
2022-11-17 12:12:35 -05:00
65f6aaca82
Land #17077 , Add support for AES keys for silver/golden ticket forging
2022-11-09 16:51:11 +00:00
23ff829e52
Add support for AES keys for silver/golden ticket forging
2022-11-09 13:01:13 +00:00
37fd441b0f
Land #17117 , Authenticate to Kerberos with PKINIT
2022-11-08 18:54:03 +01:00
946eb1e546
Add documentation
2022-11-07 20:19:43 +01:00
1307f01b76
Align with keytab instead of key_tab
2022-11-02 13:04:51 +00:00
7774b7ddcf
Merge remote-tracking branch 'upstream/master' into merge-6.2.25-master-into-kerberos-feature-branch
2022-10-31 23:15:11 +00:00
a8f81fe14c
Add RBCD module docs
2022-10-31 10:56:17 -04:00
Spencer McIntyre