adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
74,698 Commits 27 Branches 1,043 Tags
84ffa524e592d83e59cd88956e4ccfb2ec7bf96c
Commit Graph

20890 Commits

Author SHA1 Message Date
dledda-r7 9521563e8d fix(rpc): check result is not nil before getting length 2024-08-23 05:25:59 -04:00
Metasploit 1a35492634 Bump version of framework to 6.4.24 2024-08-22 03:38:31 -05:00
dwelch-r7 8d838d4d56 Land #19366, Jenkins Login Scanner improvments 2024-08-21 10:28:22 +01:00
Metasploit e4726e4f52 Bump version of framework to 6.4.23 2024-08-15 03:40:21 -05:00
adeherdt-r7 a3a24418a8 MS-9517 Jenkins Login Scanner 
Jenkins does not implement Authentication challenges.

By default, Jenkins responds with a HTTP 403 FORBIDDEN response, and does not include the `WWW-Authenticate` header.
This causes problems with the underlying http client, as this one expects the challenge to come forward and resend
the request with the auth header.

By changing the code to look for the HTTP 403 response, and setting the default URL to the correct login validation endpoint
Pro will have an easier time to investigate whether Jenkins can be bruteforced or not.

The original code checks for a 401 response only.
Overwriting the behavior for Jenkins allows us to handle this use-case properly and report the correct behavior.
 2024-08-13 11:16:01 +02:00
Metasploit 233f6dc4d2 Bump version of framework to 6.4.22 2024-08-08 03:38:47 -05:00
dledda-r7 bcbbc91621 fix(core): fix migrate to pass the debug_build flag. 
Co-authored-by: dwelch-r7 <dean_welch@rapid7.com>
 2024-08-01 09:27:12 -04:00
Metasploit 52fb857b99 Bump version of framework to 6.4.21 2024-08-01 03:40:03 -05:00
Metasploit 03ef015f61 Bump version of framework to 6.4.20 2024-07-25 03:37:00 -05:00
adfoster-r7 8f472b9c61 Land #19338, Kerberos asrep roasting improvements 2024-07-24 18:12:53 +01:00
adfoster-r7 89cf0223d1 Kerberos asrep roasting improvements 2024-07-24 18:01:11 +01:00
adfoster-r7 6a31ceb9e6 Improve setg SessionLogging support 2024-07-24 17:22:11 +01:00
Simon Janusz 1108afb5cb Land #19336, Fix SSH scanner tests when report summary enabled 2024-07-22 15:42:49 +01:00
adfoster-r7 ba52331421 Fix SSH scanner tests when report summary enabled 2024-07-22 11:22:22 +01:00
Metasploit 219abdd9c6 Bump version of framework to 6.4.19 2024-07-18 03:33:57 -05:00
Jack Heysel cfd71e9c27 Land #19324, Add improvements to rcp_session lib 
Updates rpc compatible modules to handle unknown sessions
 2024-07-15 14:25:57 -07:00
adfoster-r7 604227fb4d Update rpc compatible modules to handle unknown sessions 2024-07-15 10:38:56 +01:00
Metasploit 6283456164 Bump version of framework to 6.4.18 2024-07-11 03:34:02 -05:00
Metasploit e549e0ccf4 Bump version of framework to 6.4.17 2024-07-04 03:37:24 -05:00
adfoster-r7 4909a43bf0 Land #19252, improve error handling for unhandled errors 2024-07-03 19:20:56 +01:00
dledda-r7 1e0db9ec83 Land #10113, Azure CLI steal tokens post module. 2024-07-03 11:32:04 -04:00
Zach Goldman 4316d52b87 trim exception list 2024-07-03 09:48:27 -05:00
Christophe De La Fuente 1264fe40ad Land #19285, Fix sysinfo fails when cwd in the implant is deleted 2024-07-02 18:57:50 +02:00
dledda-r7 aa4529596c fix: minor fix; removing a blank line 2024-07-02 11:09:13 -04:00
adeherdt-r7 c5717d42d6 MS-9457 Support NO_AUTH_REQUIRED 
Support the `NO_AUTH_REQUIRED` condition and terminate the scan to avoid further unneeded attempts.
 2024-07-02 14:09:01 +02:00
adeherdt-r7 52142f280f MS-9454 Redis Scanner: Support versions 
Updating the Redis Login Scanner to properly support all versions of Redis and their implementations to handle the `AUTH` command.
 2024-06-28 15:25:49 +02:00
dledda-r7 f92ebb34ca fix: moved begin/rescue inside the update_session_info; added logging 2024-06-28 03:21:42 -04:00
Metasploit e691f72170 Bump version of framework to 6.4.16 2024-06-27 03:34:27 -05:00
dledda-r7 0659232e8f fix: fixed sysinfo fails when cwd in the implant is deleted 2024-06-26 09:16:22 -04:00
adeherdt-r7 51176e778c MS-9445 Fix Service Reporting 
Preliminary pull request to resolve an issue with a service not being properly detected for Redis.

* Ensure service name is properly passed down when detecting vulnerabilities
* Ensure Redis properly detects no-auth requirements
 2024-06-26 15:11:29 +02:00
adfoster-r7 afa973e05e Fix reids_login scanner when auth is enabled 2024-06-26 13:32:16 +01:00
Spencer McIntyre dc2adc0798 Land #19259, warn on weak meterpreter keys 
Fixing meterpreter to support is_weak_key byte flag from mettle
 2024-06-24 08:58:40 -04:00
dledda-r7 8a432fb292 fix: default is_weak_key is nil; handling of empty key_dec_data 2024-06-21 04:00:02 -04:00
adfoster-r7 2e51b37f1c Land #19267, Escape LDAP query string filters 2024-06-20 10:42:19 +01:00
Metasploit bccad774fd Bump version of framework to 6.4.15 2024-06-20 03:37:28 -05:00
Spencer McIntyre a6fd6defcb Escape LDAP query strings 2024-06-18 17:47:56 -04:00
Jack Heysel c1826cd2f3 Land #18829, Allow multiple HttpServers in module 
Adding multiple HttpServer services in a module is sometimes complex
since they share the same methods. This usually this causes issues where
on_request_uri needs to be overridden to handle requests coming from
each service. This updates the cmdstager and the Java HTTP ClassLoader
mixins, since these are commonly used in the same module. This also
updates the manageengine_servicedesk_plus_saml_rce_cve_2022_47966 module
to make use of these new changes
 2024-06-18 09:51:38 -07:00
dledda-r7 80e942b76d fix: better implementation of negotiate_tlv_encryption 2024-06-17 10:57:17 -04:00
dwelch-r7 17a6d443b5 Land #19260, Update windows acceptance tests 2024-06-17 10:19:25 +01:00
h00die 434455757d tested azure_cli_creds against data files 2024-06-16 20:25:47 -04:00
dledda-r7 1a8746f076 fix: updated warning messages, inverted is_weak_key logic 2024-06-14 10:19:56 -04:00
Spencer McIntyre 111d329609 Fix the powershell_base64 encoder 2024-06-13 15:46:02 -04:00
adfoster-r7 30c9ea2064 Update windows acceptance tests 2024-06-13 18:05:30 +01:00
Christophe De La Fuente 764dc89997 Update Java::HTTP::ClassLoader and CmdStager::HTTP 
- Add specific #on_request_uri, #start_service and #resource_uri methods with distinct names
 2024-06-13 16:39:24 +02:00
dledda-r7 acfaf52611 feat(meterpreter): display a warning when a weak encryption aes_key is used. skip module loading if encryption is weak. 2024-06-13 09:30:17 -04:00
Metasploit f5aea8c11b Bump version of framework to 6.4.14 2024-06-13 03:39:08 -05:00
Jack Heysel b9b638dd83 Land #19196, Cacti import package RCE 
This exploit module leverages an arbitrary file write vulnerability
(CVE-2024-25641) in Cacti versions prior to 1.2.27 to achieve RCE. It
abuses the Import Packages feature to upload a specially crafted package
that embeds a PHP file.
 2024-06-12 15:43:46 -07:00
Christophe De La Fuente 45815a4cb5 Code review 2024-06-12 19:47:02 +02:00
Zach Goldman a511729dce add explicit error handling to base login scanner 2024-06-11 13:01:08 -05:00
Zach Goldman 82ca91b351 remove duplicated rescue 2024-06-07 12:18:07 -05:00