adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
72,952 Commits 27 Branches 1,043 Tags
8a1f5de8f1dbdfc1933f5f30b447d4889b1a552e
Commit Graph

3102 Commits

Author SHA1 Message Date
sjanusz-r7 30fc29e0f5 Use PostgreSQL session type for modules 2024-02-09 15:38:06 +00:00
cgranleese-r7 b060809a8d Addresses logoff PR feedback 2024-02-07 12:51:04 +00:00
cgranleese-r7 e80f0ef8cd Removes session logic from mixins and uses client instead of datastore for rhost and rport 2024-02-06 14:11:16 +00:00
cgranleese-r7 0e9cad6d45 Adds MySQL session type 2024-02-02 14:39:37 +00:00
adfoster-r7 48221e594d Land #18704, Leverage the module metadata cache in the module_sets 2024-02-02 14:16:46 +00:00
adfoster-r7 7ac4387d35 Land #18696, Convert MSSQL mixin to class 2024-02-02 14:14:34 +00:00
Zach Goldman 35778e92b2 client consolidation 
convert first module from remote to client

move client to rex

remove metasploit mixin
 2024-02-01 17:23:55 -06:00
bwatters d05b85de50 Land #18680, Shared SMB Service 
Merge branch 'land-18680' into upstream-master
 2024-01-26 14:42:11 -06:00
adfoster-r7 15d0d4f0df Land #18663, Add new PostgreSQL Session Type 2024-01-24 10:46:26 +00:00
Jack Heysel 904e34434e Land #18626, SaltStack Minion Deployer 
This PR adds an exploit module which allows for
a user who has compromised a host acting as a
SaltStack Master to deploy payloads to the Minions
attached to that Master.
 2024-01-23 11:58:38 -05:00
sjanusz-r7 1fe448f2f4 Revert remote/postgres verbosity changes 2024-01-22 14:27:38 +00:00
Dean Welch 391bc4e69e shuffle platform parsing and code quality 2024-01-19 14:30:34 +00:00
sjanusz-r7 fbdb025542 Notify user on failed Postgres connection 2024-01-19 10:29:44 +00:00
sjanusz-r7 a4305f0ca0 Allow PostgreSQL lib to use session client 2024-01-19 10:29:44 +00:00
Christophe De La Fuente b8aa55c322 Land #18633, WordPress Backup Migration Plugin PHP Filter Chain RCE (CVE-2023-6553) 2024-01-17 18:42:52 +01:00
Christophe De La Fuente a8d46b3e7a Land #18627, Ansible: post gather module, payload deployer, and file reader 2024-01-17 15:26:25 +01:00
Christophe De La Fuente 6dec82ec24 Remove exec.nil? statement 2024-01-17 15:06:15 +01:00
h00die 56a9beb39d ansible review 2024-01-15 17:18:49 -05:00
Dean Welch 2cf045d3c4 Leverage the module metadata cache in the module_sets 2024-01-15 14:56:46 +00:00
Jack Heysel 5e25a99700 Responded to comments 2024-01-12 13:08:32 -05:00
h00die b031311892 ansible review 2024-01-10 17:29:15 -05:00
h00die e711c9ea43 ansible review 2024-01-10 17:16:57 -05:00
jheysel-r7 43f4705e60 Apply suggestions from code review 
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2024-01-09 12:37:59 -05:00
Spencer McIntyre 024bdaec6d Add a proper rex-based service for the SMB server 2024-01-08 16:54:22 -05:00
Spencer McIntyre b10e8d566b Initial Rex SMB service to allow sharing 2024-01-05 17:18:08 -05:00
h00die 47a58bda3b saltstack library rubocop and comments 2023-12-24 11:54:22 -05:00
h00die 357bdc8c10 ansible post library 2023-12-24 11:49:27 -05:00
h00die b654275ec4 add saltstack lib 2023-12-23 13:52:52 -05:00
Jack Heysel e3062d45e0 Module working docs updated 2023-12-20 16:41:52 -05:00
Christophe De La Fuente 45d2c7f4e0 Land #18566, CVE-2023-22518: Confluence Auth Bypass Restore From Backup RCE 2023-12-18 18:51:36 +01:00
Jack Heysel 5d5ccd25e1 Removed unnecssary files 2023-12-15 10:46:23 -05:00
jheysel-r7 ef178298b2 Update lib/msf/core/exploit/remote/http/atlassian/confluence/version.rb 
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com>
 2023-12-14 11:55:30 -05:00
cgranleese-r7 5f396245f2 Land #18539, Add Smb session type 2023-12-12 11:45:19 +00:00
Jack Heysel 603e5b2bff Land #18569, Add a module to perform ASREP-roasts 
This adds a module to gather credential material from accounts
with Requires Pre-Authentication disabled. The module supports two
mechanisms, Brute Forcing using a list of usernames or using a LDAP
query to request the relevant usernames, followed by requesting TGTs.
 2023-12-11 19:58:06 -05:00
Jack Heysel 862194d63f Documentation and rubocop changes 2023-12-11 19:01:35 -05:00
Jack Heysel 16dd06bbac Added payload plugin mixin 2023-12-11 18:24:13 -05:00
Jack Heysel 9f126a4d24 Land #18446, Make DomainControllerRhost optional 
This PR makes the DomainControllerRhosts option optional,
even when auth is set to kerberos. This change requires
rapid7/rex-socket#64 which was released in the rex-socket 1.5.5 gem.
 2023-12-05 17:47:45 -05:00
Spencer McIntyre f000c39b4a Update to mark DomainControllerRhost as optional 2023-12-05 16:23:35 -05:00
Dean Welch cd8cc75cf3 Add smb session type 2023-12-04 17:55:11 +00:00
Jack Heysel e6321e46c4 Land #18565, Add kerberos cache TGT lookup logic 
This PR adds an enhancement to adjust the cache lookup logic.
If no TGT for the specific host is found, it will try again but
with any host.
 2023-11-28 12:00:48 -05:00
Spencer McIntyre 708c795890 Land #18560, Forging diamond and sapphire tickets 2023-11-28 11:14:15 -05:00
Ashley Donaldson 2ea1f43f12 Unit test for new kerberos client pre-auth behaviour 2023-11-27 17:10:19 +11:00
Ashley Donaldson c293c273ba Attempt to decrypt pre-auth kerberos response 2023-11-27 13:09:59 +11:00
Ashley Donaldson 3ca13d9358 Changes from code review. 
Added in the stability/IOC notes, since diamond/sapphire do make requests.
 2023-11-27 10:30:54 +11:00
Ashley Donaldson 2ead152173 Add specific module to perform ASREP-roasting 2023-11-24 07:43:49 +11:00
Jack Heysel 397b9971a3 Clean up started 2023-11-22 21:06:55 -05:00
Spencer McIntyre 8d4ae4bc78 Check the cache for a TGT without a host 
This fixes allows forged golden tickets to be reused from the cache
 2023-11-21 14:19:47 -05:00
Ashley Donaldson 1b4099f5a3 Copy across some more properties from the PAC 2023-11-21 13:51:05 +11:00
Ashley Donaldson 45a5c62308 Fix diamond tickets 2023-11-20 10:11:38 +11:00
Ashley Donaldson 5e9ff17e59 Handle NTHASH tickets, including warning users that it's a terrible idea 2023-11-17 19:24:25 +11:00