b488403c73
Fix cve_2022_26923_certifried module after the datastore option changes
2025-06-04 11:22:26 +02:00
176dd849e0
Add missing references for AD CS modules
2025-05-30 13:54:35 -04:00
02e3a55570
Catch additional exceptions for failures
2025-03-21 12:02:23 -04:00
40f2eaaab1
Recognise broken SMB sessions and close them
2024-12-16 19:52:19 +11:00
6eea156899
Added moved_from metadata
2024-12-09 08:49:04 +11:00
b5fbc9a8ae
MSFTidy fixes
2024-12-02 12:35:00 +11:00
d396d06e35
Enable adding Users, not just computers (if permissions allow)
...
Also added extra error handling for when password is wrong or expired
2024-11-12 12:33:29 +11:00
ae213813b5
Updates from code review
2024-10-22 14:41:02 +02:00
1c8a4706d7
Fix recursive call to ldap_open
2024-04-26 12:33:43 +01:00
837e503170
Refactor the MsSamr mixin to split it out
2024-04-22 13:45:20 -04:00
3dc638909f
Land #18906 , Add template data files for ESC2 and ESC3
...
Merge branch 'land-18906' into upstream-master
2024-03-29 15:29:52 -05:00
7bce40308a
Update module data to improve discoverability
2024-03-07 13:28:22 -05:00
76166c0d14
Update SAMR computer and ICPR cert to support SMB sessions
2024-03-01 17:53:58 +00:00
40e6917b7f
tests passing
2023-04-04 10:24:09 +01:00
0047ce5d3a
Add rbcd exploitation documentation to docs site
2023-03-03 13:18:29 +00:00
2d30909a2f
Change option name namespacing convention
2023-01-26 16:17:50 +00:00
3d003ff14c
Land #17540 , Handle KDC_ERR_CERTIFICATE_MISMATCH for certifried
2023-01-25 18:39:20 +00:00
5b473e4ede
Handle KDC_ERR_CERTIFICATE_MISMATCH for certifried
2023-01-25 18:22:54 +00:00
21f33296b7
Consolidate PKINIT hash extraction code
2023-01-25 12:16:42 -05:00
a5e2c5b3b7
Unify pkinit_login with get_ticket
2023-01-25 08:36:26 -05:00
785e2caa9f
Refactor #send_request_tgt_pkinit, clarify docs
2023-01-25 08:36:26 -05:00
2072111713
Fix from code review & some improvments
...
- Improve option validation
- Always request an impersonated TGS for `cifs/...` SPN
- SPN option now is used to request an additional TGS for another SPN
- Add exception handling for Kerberos errors
- Only remove the computer account if it has been created
2023-01-18 19:28:06 +01:00
3d22fbcad9
Add exploit module for Certifried exploit
...
- Move all the logic from `modules/auxiliary/admin/dcerpc/icpr_cert.rb`
to `lib/msf/core/exploit/remote/ms_icpr.rb` library
- Move all the logic from `modules/auxiliary/admin/dcerpc/samr_computer.rb`
to `lib/msf/core/exploit/remote/ms_samr.rb` library
- Add `modules/auxiliary/admin/dcerpc/cve_2022_26923_certifried.rb` module
- Update the SMB client to disable SSL by default
- Add documentation
- Kerbero client: pass `options` as argument to `send_request_as`
- `calculate_shared_key` returns an EncryptionKey instead of the raw key
- Update `pkinit_login` module to make it compatible
- Add support to `additional_tickets` when requesting tickets
- Add support to PAC CredentialInfo structures
- Add impersonation to escalate privileges
- Add ACTIONS
- Use elevated TGS to delete the computer account
- Update and add specs
2023-01-13 15:30:50 +01:00
f4a65a220a
Support ON_BEHALF_OF in icpr_cert
...
Add the code necessary to request certificates on behalf of other users.
This is necessary to exploit templates vulnerable to ESC2 and ESC3.
2022-11-17 12:12:35 -05:00
31e2ab683c
Update samr_computer to show the SID when adding
2022-10-31 10:56:17 -04:00
b0fe5e1620
Cleanup the code a bit
2022-08-30 11:12:36 -04:00
69cc144e04
Add module docs
2022-08-30 11:12:36 -04:00
86804ce5b8
Add specific UPN and DNS support; switch to pipes
2022-08-30 11:12:36 -04:00
cd13039aae
Add the initial MS-ICPR module
2022-08-30 11:12:36 -04:00
8253e99c11
Update zerologon error handling to output invalid computer name details
2022-08-03 15:32:38 +01:00
41ba2d263b
Address PR feedback
...
Simplify the application_key usage, update docs and catch another
exception.
2022-06-28 11:53:05 -04:00
825604dda9
Add docs and a configurable password
2022-06-15 08:51:47 -04:00
78f2ea39e9
Use some pretty libral error handling
2022-06-15 08:51:28 -04:00
41567b1eb4
Add the DELETE_COMPUTER action
2022-06-13 17:46:34 -04:00
084fc194ea
Add the LOOKUP_COMPUTER action
2022-06-13 17:20:34 -04:00
74936f69a3
Add the ADD_COMPUTER action
2022-06-13 17:03:51 -04:00
45674fbcc2
Add the initial samr module
2022-06-02 14:12:47 -04:00
02e7a65b93
Just move the auxiliary module into an exploit
2022-05-16 17:44:31 -04:00
36921a00f6
Merge branch 'feat/mod/cve-2021-1675-retry' into feat/mod/cve-2021-1675
2022-05-16 14:59:32 -04:00
d278ad9be1
Add the printnightmare exploit
2022-05-16 14:56:46 -04:00
75d137fce5
Rubocop and add todo to printnightmare
2022-05-16 14:56:46 -04:00
f9a5d8285a
Use the retry mixin for printnightmare
...
This module gets disconnected from the named pipe. Use the new retry
mixin to avoid waiting for a standard delay.
2022-05-16 09:53:57 -04:00
d5ba1afbec
fix URLs not resolving
...
fix URLs not resolving
add csv export to references
fix URLs not resolving
pdf not pd
missed a url change
remove extra recirectedfrom fields
remove extra file
fix ovftool url accidental replacement
2022-02-16 17:22:40 -06:00
b146f098a2
Update to use the moved DCERPC definitions
2022-01-31 09:03:07 -05:00
ae2e4d723b
Add NTDS technique
2022-01-03 21:39:33 +01:00
c1c71d34fe
add nil check for the return value of add_printer_driver_ex, since this will return nil if the response can't be mapped to a win32 status code
2021-09-30 19:28:00 -04:00
3098e2fcdd
Update the module notes regarding instability
2021-07-16 09:03:40 -04:00
ed979992fd
Remove a redundant print status statement
2021-07-13 10:14:16 -04:00
32eab49428
Fix a typo in the module description
2021-07-12 12:20:37 -04:00
e155bb64cd
Improved check method for PrintNightmare
2021-07-09 12:15:39 -04:00
Christophe De La Fuente