05f2012ccc
Merge pull request #20338 from Chocapikk/xorcom
...
Add auxiliary and exploit modules for Xorcom CompletePBX 5.2.35 CVEs (2025-2292, 30004, 30005)
2025-07-22 08:19:36 -07:00
56f6a65e21
Update lib/msf/core/exploit/remote/http/xorcom_complete_pbx.rb
...
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com >
2025-07-19 04:04:25 +02:00
4a1f9e541e
Update lib/msf/core/exploit/remote/http/xorcom_complete_pbx.rb
...
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com >
2025-07-19 04:04:14 +02:00
4e70dfe70d
Rename mixin
2025-07-16 22:40:27 +02:00
1863eddcd4
chore: add magic encoding comment to Ruby files
2025-07-16 22:32:20 +02:00
1fb6d488a8
Rename file
2025-07-16 22:30:28 +02:00
7ddae3ec3f
refactor(xorcom): rename helper to completepbx? + pass creds to completepbx_login
2025-07-16 21:48:34 +02:00
b06903810c
feat(xorcom): add shared CompletePBX mixin, refactor modules, update docs
2025-07-16 21:25:17 +02:00
566020abbf
Cache the result of whoami
2025-07-08 15:43:41 -04:00
23c02d6873
Note the permissions required for checking permissions
2025-07-08 15:01:54 -04:00
2650956fce
Add special handling for more groups
...
Add handling for the special `Authenticated Users` and `Users` groups.
2025-07-08 15:01:54 -04:00
a93d20ccfe
Add some basic tests
2025-07-08 15:01:54 -04:00
d0d3a2719d
Add some commented code for debugging
...
Squash me
2025-07-08 15:01:54 -04:00
7cacc4cd45
Update the ad_cs_cert_template module too
2025-07-08 15:01:54 -04:00
c2a06e341d
Expand on the matcher logic
2025-07-08 15:01:46 -04:00
23c85a26fe
Add some documentation for the methods
2025-06-24 11:27:52 -04:00
b8ecd50f32
Add and use a generic LDAP entry cache
2025-06-24 11:27:52 -04:00
cf53956128
Add a method to get domain info
2025-06-24 11:27:52 -04:00
7b1af9fc09
Initial implementation of #adds_sd_grants_permissions?
2025-06-24 11:27:52 -04:00
70f7dfebc3
Initial commit of AD DS LDAP mixin
2025-06-24 11:27:52 -04:00
fb02b4ade5
Revert "Bump rails version to 7.2"
2025-06-17 12:20:49 +01:00
b87ef99cd8
Bump rails version to 7.2
2025-06-12 16:41:10 +01:00
f3b650a409
Major refactoring of PHP payloads and related exploits
2025-05-30 09:06:38 -04:00
5aa91bd57c
Rubocop: Resolve Rubocop Style/RedundantRegexpArgument violations
2025-05-24 13:34:32 +10:00
f6faa5598b
Fixes modules to now correctly use a hash with report note
2025-05-22 10:59:50 +01:00
57c69049f7
Merge pull request #20175 from smashery/ruby-kerberoasting
...
Ruby kerberoasting
2025-05-16 10:28:52 -04:00
13d18f2c83
Update lib/msf/core/exploit/remote/http/wordpress/login.rb
...
Co-authored-by: Spencer McIntyre <58950994+smcintyre-r7@users.noreply.github.com >
2025-05-13 17:32:48 -05:00
ce8ceaddbc
Change check for redirect to be less specific
2025-05-13 10:59:16 -05:00
6d3fc7b732
Neatening kerberoasting modifications
2025-05-13 18:26:25 +10:00
abba784190
Fix AES kerberoast hashcat format. Change when hashes are displayed in module.
2025-05-13 18:26:25 +10:00
365db3c52e
Support different hash type JTR formats
2025-05-13 18:26:25 +10:00
1e56168905
Move kerberoasting to Ruby code
2025-05-13 18:26:25 +10:00
be8f4f929c
Fix an issue in the ESC8 module
2025-05-05 13:40:33 -04:00
d95146e315
Use retry to speed things up but also wait longer
2025-05-05 11:06:09 -04:00
6ab275a120
Remove a couple of debug prints
2025-05-05 10:58:41 -04:00
4a746a3963
Relocate find_management_point method
2025-05-01 20:35:41 -07:00
c47c9b95fd
Merge branch 'master' into get_naa_creds_via_relay
2025-05-01 20:33:35 -07:00
3141152393
Merge pull request #20017 from zeroSteiner/feat/mod/ldap/passwords
...
Add LAPSv1 and LAPSv2 LDAP Module
2025-04-30 14:02:30 -07:00
bdca86f39f
Map the GKDI endpoint as a workaround
2025-04-29 14:01:42 -04:00
eba2b6c1bf
Merge pull request #19760 from cdelafuente-r7/feat/pkcs12/certs_command/pkinit
...
Add certs command & use pkinit if kerberos tickets are not available in cache
2025-04-22 11:11:54 -07:00
226853f535
Fix EKU lookup in certificate
2025-04-22 19:08:45 +02:00
c79f7db38b
Adds enhanced support for network capture decryption
2025-04-11 13:34:40 +01:00
ac5ba70bd2
Add the MsGkdi mixin
2025-04-09 13:04:00 -04:00
daed558f9a
Remove a piece of dead code
2025-04-09 13:04:00 -04:00
7e42746eb0
Code review and fixes
...
- Fix Pkcs12 filer to use case insensitive username and realm
- Handle nil values in `StoredPkcs12`
- Use `fallbacks` options in `ldap_login`
- Small fixes
2025-04-08 18:21:39 +02:00
630c2c03bc
Update certs command, pkcs12 matching and specs
...
- use the `status`, certificate's `not_before`/`not_after` and check if the TLS
OID is present to filter pkcs12 before using them with PKInit
- add the `activate`, `deactivate` and `export` capabilities to the
certs command
- add specs
2025-04-02 18:23:14 +02:00
e7535d8fae
Add certs command & use pkinit if kerberos tickets are not available in cache
2025-04-02 18:23:14 +02:00
7f8a762922
Update ms_icpr and creds to reflect the changes in the Pkcs12 data model
...
- a separate field is now used for metadata (`private_metadata`) when
creating a new Pkcs12
- the `creds` command now support adding an encrypted Pkcs12 with a password
2025-04-01 19:12:41 +02:00
865626fbd2
Update Pkcs12-related code to report CA and ADCS Template to the database
...
- Update the `creds` command to add Pkcs12 private credentials with
metadata.
- Update `ms_icpr` module to store metadata.
2025-04-01 19:07:48 +02:00
ca3c4a1362
Merge branch 'master' into get_naa_creds_via_relay
2025-04-01 09:34:35 -07:00
jheysel-r7