9bf7617409
Return if there is no certificate to process
2023-01-18 15:05:54 -05:00
ebfcfd4cb9
Land #17066 , Add module for Certifried
...
Add exploit module for Certifried exploit
2023-01-18 14:51:03 -05:00
d810267f8d
Pull in Dean's changes from #17443 to fix LDAP failure references.
2023-01-17 16:31:08 -06:00
202eb85066
Land #17470 , Update kerberos login to support diacritics
2023-01-16 12:22:44 +00:00
5ef1f9f4f4
Update kerberos login to support diacritics
2023-01-16 12:08:54 +00:00
7a2f6fef86
Land #17477 , Merge 6.2.36 master into kerberos feature branch
2023-01-16 11:53:21 +00:00
eddac9321c
Merge 6.2.36 master into kerberos feature branch
2023-01-13 17:31:02 +00:00
3d22fbcad9
Add exploit module for Certifried exploit
...
- Move all the logic from `modules/auxiliary/admin/dcerpc/icpr_cert.rb`
to `lib/msf/core/exploit/remote/ms_icpr.rb` library
- Move all the logic from `modules/auxiliary/admin/dcerpc/samr_computer.rb`
to `lib/msf/core/exploit/remote/ms_samr.rb` library
- Add `modules/auxiliary/admin/dcerpc/cve_2022_26923_certifried.rb` module
- Update the SMB client to disable SSL by default
- Add documentation
- Kerbero client: pass `options` as argument to `send_request_as`
- `calculate_shared_key` returns an EncryptionKey instead of the raw key
- Update `pkinit_login` module to make it compatible
- Add support to `additional_tickets` when requesting tickets
- Add support to PAC CredentialInfo structures
- Add impersonation to escalate privileges
- Add ACTIONS
- Use elevated TGS to delete the computer account
- Update and add specs
2023-01-13 15:30:50 +01:00
75153aded3
Fix missing method error when printing ticket contents from a kirbi file format
2023-01-13 10:19:07 +00:00
2f145769da
Actually, offered_etypes needs to be an array
2023-01-11 17:08:27 -05:00
a4a5162b92
Remove the etype option in favor of offered_etypes
2023-01-11 10:17:52 -05:00
138f3bb4b2
Make the encryption type configurable
2023-01-09 17:20:57 -05:00
b7f6fe584a
Add initial lib changes for configurable etypes
2023-01-09 16:43:42 -05:00
8f302c8697
Complete requested PR changes
...
Clone the cc_principle
2023-01-06 14:48:53 -06:00
d64c4b6e7e
Store the binary format of the ccache
...
update key to be correct
2023-01-06 14:48:53 -06:00
ccfc253eb8
Updates to get ccache in golden ticket
...
Fix incorrect reference
Use proper encoding
2023-01-06 14:48:52 -06:00
8078616f5f
Use the correct constant names for ldap failures
2023-01-06 14:11:26 +00:00
75372dcdd3
Land #17374 , Add klist command
2023-01-06 12:57:20 +00:00
e03fd42a29
Update to fix some warnings in YARD, fix review comments, and also replace @see with proper links for easier navigation
2023-01-05 17:44:24 -06:00
0af0f6ea0a
Merge pull request #17440 from zeroSteiner/fix/smb-aes-256-kerberos
...
Fix SMB key calculation for AES-256 when authenticating with Kerberos
2023-01-05 17:05:28 -06:00
785c5a8f4d
Fix key calculation for Server 2022
...
Metasploit will negotiate the strongest mutually supported encryption
with the target. When the target supports AES-256 as Server 2022 and
Windows 11 do, the key needs to be 32-bytes long and not 16 as it is
when AES-128 is in use. This updates the logic to check if the
encryption algorithm is set to ensure that the key is the correct size.
2023-01-05 15:08:49 -05:00
1ede6661d4
Land #17382 , Update pkinit tgt response to include key
2023-01-05 20:45:20 +01:00
e218210feb
Update ldap_connect documentation to set Object as the return type
2023-01-05 10:51:18 -06:00
c71ba23a10
Fix up incorrectly indented documentation, remove excess lines, and add in correct type return information from debugging sessions
2023-01-04 11:09:23 -06:00
868072e6c8
Land #17317 , Fix various WinRM modules
2023-01-03 19:57:07 +01:00
45c0af48c2
Suggested changes from code review
2023-01-03 11:26:07 +11:00
bfb80db9db
Add in missing YARD documentation for lib/msf/core/exploit/remote/ldap.rb
2022-12-30 16:07:08 -06:00
a8957bce49
Update tgt response to include key
2022-12-30 13:41:54 +00:00
6f9ebe4068
Add klist command
2022-12-16 13:02:39 +00:00
60a76da374
Allow deleting tickets by ID
2022-12-15 18:31:18 -05:00
75fc560d19
Handle cases where the framework module is nil
2022-12-15 18:31:18 -05:00
830e850160
Add more docs
2022-12-15 18:31:18 -05:00
663dee982e
Expose an abstract stored ticket object
2022-12-15 18:31:18 -05:00
fea259f6e7
Switch everything to use the ticket storage
2022-12-15 18:31:14 -05:00
b2a4bea761
Breakout the ticket storage backend drivers
2022-12-15 18:29:00 -05:00
686b946c5b
Use a new TicketStorage class
...
The goal is to provide an abstraction for how Kerberos tickets are
persisted to disk.
2022-12-15 18:28:54 -05:00
5f52ebeea7
Consolidate the loot_info UID string
2022-12-15 18:26:32 -05:00
a9ccfe31b7
Merge branch 'upstream-master' into merge-msf-6.2.31-into-kerberos-feature-branch
2022-12-13 19:40:39 +00:00
a80db73bab
Land #17325 , add impersonation for get_ticket
...
Enable the `get_ticket` module to impersonate a user with S4U2self and S4U2proxy
2022-12-12 09:10:37 -05:00
cf6d5d3a14
It made the gadgets being used more readable
2022-12-06 17:47:49 +01:00
d239e9b007
Don't autoload krb5Pac
2022-12-06 13:01:47 +00:00
1e2ada3cce
Add options validation depending on action in forge_ticket.rb
2022-12-06 12:55:42 +00:00
405271a52f
Add pac BinData Model
2022-12-05 14:03:21 +00:00
8aca86b816
Apply suggestions from code review
2022-12-04 17:29:05 +01:00
5c3ac339d0
Apply suggestions from code review
...
Co-authored-by: adfoster-r7 <60357436+adfoster-r7@users.noreply.github.com >
2022-12-04 12:13:50 +01:00
431804ef15
Fix typos: Replace 'the the' with 'the'
2022-12-04 17:41:24 +11:00
c6f8bae1ab
Fix from code review and updates the KrbUseCachedCredentials logic
2022-12-02 15:28:08 +01:00
cc61a26668
Add S4U2Self and S4U2Proxy support to impersonate a user
2022-12-01 20:42:13 +01:00
d3057f15b2
Land #17275 , Add Exploit For CVE-2022-41082 (ProxyNotShell)
2022-11-30 18:16:19 +01:00
5fce80ed1d
Added comments to most functions
2022-11-30 11:53:57 +11:00
Spencer McIntyre