1a35492634
Bump version of framework to 6.4.24
2024-08-22 03:38:31 -05:00
8d838d4d56
Land #19366 , Jenkins Login Scanner improvments
2024-08-21 10:28:22 +01:00
e4726e4f52
Bump version of framework to 6.4.23
2024-08-15 03:40:21 -05:00
a3a24418a8
MS-9517 Jenkins Login Scanner
...
Jenkins does not implement Authentication challenges.
By default, Jenkins responds with a HTTP 403 FORBIDDEN response, and does not include the `WWW-Authenticate` header.
This causes problems with the underlying http client, as this one expects the challenge to come forward and resend
the request with the auth header.
By changing the code to look for the HTTP 403 response, and setting the default URL to the correct login validation endpoint
Pro will have an easier time to investigate whether Jenkins can be bruteforced or not.
The original code checks for a 401 response only.
Overwriting the behavior for Jenkins allows us to handle this use-case properly and report the correct behavior.
2024-08-13 11:16:01 +02:00
233f6dc4d2
Bump version of framework to 6.4.22
2024-08-08 03:38:47 -05:00
52fb857b99
Bump version of framework to 6.4.21
2024-08-01 03:40:03 -05:00
03ef015f61
Bump version of framework to 6.4.20
2024-07-25 03:37:00 -05:00
219abdd9c6
Bump version of framework to 6.4.19
2024-07-18 03:33:57 -05:00
6283456164
Bump version of framework to 6.4.18
2024-07-11 03:34:02 -05:00
e549e0ccf4
Bump version of framework to 6.4.17
2024-07-04 03:37:24 -05:00
4909a43bf0
Land #19252 , improve error handling for unhandled errors
2024-07-03 19:20:56 +01:00
4316d52b87
trim exception list
2024-07-03 09:48:27 -05:00
c5717d42d6
MS-9457 Support NO_AUTH_REQUIRED
...
Support the `NO_AUTH_REQUIRED` condition and terminate the scan to avoid further unneeded attempts.
2024-07-02 14:09:01 +02:00
52142f280f
MS-9454 Redis Scanner: Support versions
...
Updating the Redis Login Scanner to properly support all versions of Redis and their implementations to handle the `AUTH` command.
2024-06-28 15:25:49 +02:00
e691f72170
Bump version of framework to 6.4.16
2024-06-27 03:34:27 -05:00
51176e778c
MS-9445 Fix Service Reporting
...
Preliminary pull request to resolve an issue with a service not being properly detected for Redis.
* Ensure service name is properly passed down when detecting vulnerabilities
* Ensure Redis properly detects no-auth requirements
2024-06-26 15:11:29 +02:00
afa973e05e
Fix reids_login scanner when auth is enabled
2024-06-26 13:32:16 +01:00
bccad774fd
Bump version of framework to 6.4.15
2024-06-20 03:37:28 -05:00
f5aea8c11b
Bump version of framework to 6.4.14
2024-06-13 03:39:08 -05:00
a511729dce
add explicit error handling to base login scanner
2024-06-11 13:01:08 -05:00
a9078b4d68
Bump version of framework to 6.4.13
2024-06-06 03:33:45 -05:00
ebfbd3d305
Bump version of framework to 6.4.12
2024-05-30 03:39:13 -05:00
7eefa4b1ee
Bump version of framework to 6.4.11
2024-05-23 03:34:03 -05:00
e3fdfd6c71
Bump version of framework to 6.4.10
2024-05-16 03:39:08 -05:00
68f7334348
Fix kerberos auth and missing method error when querying with -a
2024-05-15 16:11:40 +01:00
9e4f958af7
keep ldap connection open for use in a session
2024-05-15 15:12:51 +01:00
3cedb20f75
Add initial ldap session support
2024-05-15 15:12:51 +01:00
b1cd5b3476
Land #19132 , Add LDAPS Channel Binding
...
Add channel binding information to Metasploits NTLM and Kerberos
authentication for the LDAP protocol. This enables users to authenticate
to domain controllers where the hardened security configuration setting
is in place
2024-05-13 11:31:10 -07:00
2a8b36d432
Bump version of framework to 6.4.9
2024-05-09 07:11:01 -05:00
69e35005ee
Add TLS channel binding for kerberos
2024-05-08 16:30:24 -04:00
942d47bec5
Add TLS channel binding for NTLM
2024-05-08 16:24:48 -04:00
a999ad49a0
Move the LDAP encryptors to their own files
2024-05-08 10:16:40 -04:00
8c76143a9d
Land #19127 , Ldap signing
2024-05-07 17:28:36 +02:00
69d603e6fc
Switch to an enum option for the signing
2024-05-03 10:27:10 -04:00
d105ae10ff
Fixes some password_spray issues
2024-05-02 15:43:07 +01:00
4c7f1e6520
Bump version of framework to 6.4.8
2024-05-02 03:37:55 -05:00
8a08f6a083
Land #19075 , Modularise the Softing login code
...
Merge branch 'land-19075' into upstream-master
2024-04-29 14:47:44 -05:00
b607c70611
Bump version of framework to 6.4.7
2024-04-25 03:35:58 -05:00
b5f4dfae71
Make encrypting/signing an option
2024-04-24 13:24:05 +10:00
9aead31bb9
Support encrypted LDAP (ldap signing) over Kerberos and NTLM
2024-04-24 12:56:06 +10:00
4bbe2c306c
Land #19079 , Fix PASSWORD_SPRAY being ignored for LDAP (and potentially other modules)
2024-04-22 10:22:51 +01:00
533a631ee4
Fix suggestions given by cgranleese-r7
2024-04-21 11:51:21 +03:00
c6fc5ad2e1
Land #19114 , Better enforce types to prevent nil values from causing stack traces
...
Merge branch 'land-19114' into upstream-master
2024-04-19 16:21:22 -05:00
5675c59690
Fix blank values for LDAP NTLM auth
2024-04-19 16:30:29 -04:00
42a14ef6bf
Bump version of framework to 6.4.6
2024-04-19 11:34:11 -05:00
13a79ab536
Bump version of framework to 6.4.5
2024-04-18 03:37:54 -05:00
b7e0e83d04
Use yields rather than build an array and sort
2024-04-12 08:05:55 +03:00
c239db573a
Revert "PASSWORD_SPRAY handling"
...
This reverts commit 9b1978c0b6
2024-04-12 07:42:55 +03:00
4026141809
Change how #get_auth_token returns
2024-04-12 07:14:34 +08:00
9b1978c0b6
PASSWORD_SPRAY handling
2024-04-11 17:56:12 +03:00
Metasploit