763793ee3d
Bump version of framework to 6.4.36
2024-11-07 03:35:44 -06:00
96f6f66429
Land #19550 , Fix username/password generation in case both PASSWORD_SPRAY and USER_AS_PASS are enabled
2024-11-06 13:56:05 +00:00
ec013f2a73
Bump version of framework to 6.4.35
2024-10-31 09:14:41 -05:00
1af43ca110
Bump version of framework to 6.4.34
2024-10-24 06:48:37 -05:00
4422322cd0
Bump version of framework to 6.4.33
2024-10-17 12:37:56 -05:00
76d3980c44
Bump version of framework to 6.4.32
2024-10-17 04:54:21 -05:00
8c5bead4a0
Added spec to reproduce the username/password generation error in case PASSWORD_SPRAY and USER_AS_PASS are both enabled
...
Added minimal code to fix the issue, extracting the code to generate username:username credentials in the PASSWORD_SPRAY case
2024-10-10 21:15:50 +02:00
93344df7e1
Bump version of framework to 6.4.31
2024-10-10 04:23:08 -05:00
5e2fab24ef
Bump version of framework to 6.4.30
2024-10-03 03:42:02 -05:00
a31261ecf2
Revert "Replace Readline with Reline"
2024-10-02 13:15:12 +01:00
ab7403147f
Bump version of framework to 6.4.29
2024-09-26 17:26:27 -05:00
ab7e02d23f
Merge pull request #19397 from sjanusz-r7/replace-readline-with-reline
...
Replace Readline with Reline
2024-09-20 14:23:40 +01:00
80f050a5f5
Bump version of framework to 6.4.28
2024-09-19 15:52:50 +01:00
720723fa9c
Land #19414 , Add missing constants for the Kerberos login scanner
2024-09-16 11:11:52 +01:00
1a1c21a0b1
Bump version of framework to 6.4.27
2024-09-12 03:35:27 -05:00
8e94a0d805
Land #19352 , add necessary metadata for bruteforce
...
add necessary metadata for bruteforce
2024-09-06 10:18:21 +01:00
e377e746e9
Update lib/metasploit/framework/login_scanner/ldap.rb
2024-09-06 10:10:09 +01:00
6f1acf4610
Bump version of framework to 6.4.26
2024-09-05 03:38:07 -05:00
10dee226c6
Replace Readline with Reline
2024-09-04 16:39:41 +01:00
b9bbfa6567
Bump version of framework to 6.4.25
2024-08-29 03:34:28 -05:00
19e3f29441
Add missing constants for the Kerberos login scanner & set default server_name value in the client
2024-08-23 15:01:18 +02:00
1a35492634
Bump version of framework to 6.4.24
2024-08-22 03:38:31 -05:00
8d838d4d56
Land #19366 , Jenkins Login Scanner improvments
2024-08-21 10:28:22 +01:00
e4726e4f52
Bump version of framework to 6.4.23
2024-08-15 03:40:21 -05:00
a3a24418a8
MS-9517 Jenkins Login Scanner
...
Jenkins does not implement Authentication challenges.
By default, Jenkins responds with a HTTP 403 FORBIDDEN response, and does not include the `WWW-Authenticate` header.
This causes problems with the underlying http client, as this one expects the challenge to come forward and resend
the request with the auth header.
By changing the code to look for the HTTP 403 response, and setting the default URL to the correct login validation endpoint
Pro will have an easier time to investigate whether Jenkins can be bruteforced or not.
The original code checks for a 401 response only.
Overwriting the behavior for Jenkins allows us to handle this use-case properly and report the correct behavior.
2024-08-13 11:16:01 +02:00
233f6dc4d2
Bump version of framework to 6.4.22
2024-08-08 03:38:47 -05:00
29bfc1cca6
add necessary metadata for bruteforce
2024-08-06 10:02:58 -05:00
52fb857b99
Bump version of framework to 6.4.21
2024-08-01 03:40:03 -05:00
03ef015f61
Bump version of framework to 6.4.20
2024-07-25 03:37:00 -05:00
219abdd9c6
Bump version of framework to 6.4.19
2024-07-18 03:33:57 -05:00
6283456164
Bump version of framework to 6.4.18
2024-07-11 03:34:02 -05:00
e549e0ccf4
Bump version of framework to 6.4.17
2024-07-04 03:37:24 -05:00
4909a43bf0
Land #19252 , improve error handling for unhandled errors
2024-07-03 19:20:56 +01:00
4316d52b87
trim exception list
2024-07-03 09:48:27 -05:00
c5717d42d6
MS-9457 Support NO_AUTH_REQUIRED
...
Support the `NO_AUTH_REQUIRED` condition and terminate the scan to avoid further unneeded attempts.
2024-07-02 14:09:01 +02:00
52142f280f
MS-9454 Redis Scanner: Support versions
...
Updating the Redis Login Scanner to properly support all versions of Redis and their implementations to handle the `AUTH` command.
2024-06-28 15:25:49 +02:00
e691f72170
Bump version of framework to 6.4.16
2024-06-27 03:34:27 -05:00
51176e778c
MS-9445 Fix Service Reporting
...
Preliminary pull request to resolve an issue with a service not being properly detected for Redis.
* Ensure service name is properly passed down when detecting vulnerabilities
* Ensure Redis properly detects no-auth requirements
2024-06-26 15:11:29 +02:00
afa973e05e
Fix reids_login scanner when auth is enabled
2024-06-26 13:32:16 +01:00
bccad774fd
Bump version of framework to 6.4.15
2024-06-20 03:37:28 -05:00
f5aea8c11b
Bump version of framework to 6.4.14
2024-06-13 03:39:08 -05:00
a511729dce
add explicit error handling to base login scanner
2024-06-11 13:01:08 -05:00
a9078b4d68
Bump version of framework to 6.4.13
2024-06-06 03:33:45 -05:00
ebfbd3d305
Bump version of framework to 6.4.12
2024-05-30 03:39:13 -05:00
7eefa4b1ee
Bump version of framework to 6.4.11
2024-05-23 03:34:03 -05:00
e3fdfd6c71
Bump version of framework to 6.4.10
2024-05-16 03:39:08 -05:00
68f7334348
Fix kerberos auth and missing method error when querying with -a
2024-05-15 16:11:40 +01:00
9e4f958af7
keep ldap connection open for use in a session
2024-05-15 15:12:51 +01:00
3cedb20f75
Add initial ldap session support
2024-05-15 15:12:51 +01:00
b1cd5b3476
Land #19132 , Add LDAPS Channel Binding
...
Add channel binding information to Metasploits NTLM and Kerberos
authentication for the LDAP protocol. This enables users to authenticate
to domain controllers where the hardened security configuration setting
is in place
2024-05-13 11:31:10 -07:00
Metasploit