3ca13d9358
Changes from code review.
...
Added in the stability/IOC notes, since diamond/sapphire do make requests.
2023-11-27 10:30:54 +11:00
2ead152173
Add specific module to perform ASREP-roasting
2023-11-24 07:43:49 +11:00
397b9971a3
Clean up started
2023-11-22 21:06:55 -05:00
8d4ae4bc78
Check the cache for a TGT without a host
...
This fixes allows forged golden tickets to be reused from the cache
2023-11-21 14:19:47 -05:00
1b4099f5a3
Copy across some more properties from the PAC
2023-11-21 13:51:05 +11:00
45a5c62308
Fix diamond tickets
2023-11-20 10:11:38 +11:00
5e9ff17e59
Handle NTHASH tickets, including warning users that it's a terrible idea
2023-11-17 19:24:25 +11:00
fb9bd2cae1
Use empty string for missing values rather than nil
2023-11-17 15:09:30 +11:00
9d873cb7ac
Fix bug in writing UpnDnsInfo structure, and include in sapphire PAC
2023-11-17 13:49:55 +11:00
24490cbe1e
Replicate Logon domain name and extra sids from sapphire ticket
2023-11-17 13:16:40 +11:00
4e6a29d0fb
Implement sapphire tickets
2023-11-15 22:31:11 +11:00
bdb13601ae
Implement diamond tickets
2023-11-15 16:13:01 +11:00
fc988c2033
Fix db2 scanner module crashes
2023-11-13 21:41:28 +00:00
77a93e452f
Land #18507 , Exploit & Auxiliary modules for CVE-2023-20198 and CVE-2023-20273 (Cisco IOS XE)
...
Merge branch 'land-18507' into upstream-master
2023-11-08 09:05:40 -06:00
c243125612
Land #18379 , Improve ccache hostname matching
...
The service authenticator was filtering out valid credentials
when the hostname wasnt an exact match when credentials for
a domain should work on a subdomaini. This PR fixes that issue.
2023-11-07 22:08:15 -05:00
7024d4ecac
remove redundant unless expression
2023-11-07 09:06:58 +00:00
4dec6640c0
fix typo in cisco_ios_xe.rb
...
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com >
2023-11-07 09:02:12 +00:00
b28668790d
allow user to explicitly specify a CLI mode. Valid modes are 'user', 'privileged', and 'global'.
2023-11-06 11:40:22 +00:00
a55132b36f
strip out "**CLI Line # " from the results and use print_line instead of print_status for cleaner output.
2023-11-03 17:09:08 +00:00
17420289dc
Add two auxiliary modules for the recent Cisco IOS XE exploit chain bugs (CVE-2023-20198 and CVE-2023-20273). This allows for unauthenticated remote CLI or OS command execution.
2023-11-03 15:38:35 +00:00
6e9facbefb
Merge pull request #18419 from smashery/dcsync_kerberos
...
DCSync using Kerberos Pass-the-Ticket
2023-10-30 09:41:22 -04:00
2a699b89fa
Changes from code review
2023-10-30 12:51:55 +11:00
93645c23ac
Land #18403 , Fix FileDropper to properly clone string variables before storing them
2023-10-25 20:55:06 +01:00
235009d0de
Use the new AlterContext definition
2023-10-25 15:02:20 -04:00
b0b4da543d
Land #18400 , Kerberos ticket_search fix passing in a workspace
2023-10-23 16:17:24 +02:00
77a8b0efa2
Land #18421 , Save Kerberos tickets in the MSF cache upon a successful login
2023-10-23 15:25:09 +02:00
0b7a1bfcf7
Use #dup instead of #clone #2
2023-10-17 12:39:23 +02:00
5f438f729d
Use #dup instead of #clone
2023-10-17 12:19:03 +02:00
80d2fa738d
Land #18296 , update more mysql modules to support newer authentication methods
2023-10-12 17:19:02 +01:00
86b7ec4518
Address comments from the review
2023-10-12 09:50:19 -04:00
de8e392b7b
Only randomize the URI once
2023-10-12 09:50:19 -04:00
5577413bd9
Add additional classes for payload loading
...
This fixes the java/shell_reverse_tcp payload
2023-10-12 09:27:26 -04:00
f712c67441
Support URIPATH in Java::HTTP::ClassLoader
...
The URIPATH must end with / due to how the package names are requested
from the web server in a nested directory structure. #on_request_uri
also needed to be updated to check for the relative resource.
2023-10-12 09:27:26 -04:00
1b172768b4
Use upstream ruby-mysql in Remote::MYSQL
...
* ... and dependents
2023-10-12 13:08:35 +02:00
1071341b23
Changes from code review
2023-10-09 10:31:36 +11:00
7876912eab
Changes-as-per-comments
2023-10-08 02:49:46 -04:00
4d87d4e114
Save Kerberos tickets in the MSF cache upon a successful login
2023-10-03 13:45:41 +11:00
185cba04c3
Support validating partial handshakes
2023-10-03 10:19:26 +11:00
ea189d6c34
Changes-to-the-helper-lib
2023-10-02 13:35:28 -04:00
5087e0ffe3
Land #18197 , Ldap login scanner module
...
Adds a new login scanner module for LDAP
2023-10-02 10:56:56 -04:00
587c327944
Correctly align sec trailer and stub along a 16-byte boundary
2023-09-28 17:25:22 +10:00
1bd229056e
Support Kerberos auth for DCERPC
2023-09-28 16:26:06 +10:00
1a3b00e593
shifting-appropriate-methods-to-auth-lib
2023-09-27 12:23:29 +00:00
2232877d03
Properly clone the path strings before storing them
2023-09-26 13:26:02 +02:00
c1abf37d0c
Use passed in workspace if available, default to current workspace
2023-09-25 13:30:18 +01:00
d64ed33cdf
code spell for a bunch of modules
2023-09-24 17:42:00 -04:00
6a04f5ed3d
Be less strict on hostname matching for ccache credentials
2023-09-18 14:54:20 +01:00
c1a44c8b7f
Land #18359 , Forge ticket fix
2023-09-18 13:05:25 +01:00
5c93b3880a
Don't add extra PACs for silver tickets
2023-09-13 15:41:09 +10:00
6b8fe05865
Add new PAC types required by DCs for accepting TGTs as valid
2023-09-12 17:19:10 +10:00
Ashley Donaldson