6f813f9b7a
Report services using the new style
2026-04-10 11:43:37 -04:00
657310042b
Remove extra OID definitions
2026-04-09 10:37:05 -04:00
b7e7de2fa4
Update the specs so they pass again
2026-04-09 10:37:05 -04:00
57bb3bbce7
Refactor code to use #with_adcs_certificate_request
2026-04-09 10:37:05 -04:00
9cedb4a069
Refactor the method name to namespace it to icpr
2026-04-09 10:37:05 -04:00
8a748d4954
Standardize printed messages a bit more
2026-04-09 10:37:05 -04:00
4d02f92fab
Consolidate the attribute creation
2026-04-09 10:37:05 -04:00
f177b98bfb
Consolidate more into #create_csr
2026-04-09 10:37:05 -04:00
a0e188bbbe
Use #fetch so that nil is honored
2026-04-09 10:37:04 -04:00
6c24a059ae
Merge pull request #21031 from zeroSteiner/fix/issue/20959
...
LDAP Reporting Improvements
2026-04-08 10:39:17 +01:00
94ccd8bd20
Merge pull request #20948 from ArkaprabhaChakraborty/osticket
...
Add initial osticket arbitraray file read auxiliary module
2026-04-07 09:39:01 -07:00
a0852387fc
Merge pull request #20752 from bwatters-r7/feature/certificate-web-enrollment
...
Add Authenticating Web Enrollment module for AD/CS
2026-04-06 15:27:28 -04:00
06edc3d08f
change minor syntax and raise exception for rsa keylength mismatch
2026-04-06 13:12:47 -05:00
d10341befd
Fixes for different paths to create_csr and build_csr
2026-04-02 16:23:34 -05:00
5111f9eb52
Refactor HashCapture
2026-04-02 13:14:06 -07:00
4125b209f8
Refactor reusable relay classes out of SMB directory
...
Apply suggestions from code review
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com >
2026-04-02 13:14:06 -07:00
26a73b060d
Resolve rubocop errors and warnings. Address copilot comments on docs and code quality.
...
Signed-off-by: arkaprabhachakraborty <chakrabortyarkaprabha998@gmail.com >
2026-03-27 00:43:23 +05:30
700d063645
Implement copilot feedback
2026-03-26 14:43:33 -04:00
b743296f48
Reapply "This adjusts module options that need a routable address"
...
This reverts commit 628275ef59
2026-03-26 14:43:31 -04:00
308b7277a1
Apply suggestion from @adfoster-r7
...
Co-authored-by: adfoster-r7 <60357436+adfoster-r7@users.noreply.github.com >
2026-03-26 13:21:42 -04:00
1faa27f7e6
Fix encoding issues in files
2026-03-25 19:01:57 +00:00
bf1a12301b
Merge pull request #20967 from jheysel-r7/fix/lib/smb_relay_ruby_client_support
...
Add support for Ruby SMB Client and `smbclient` to be compatible with Msf::Exploit::Remote::SMB::RelayServer
2026-03-24 18:12:45 +01:00
45884fa090
Removed method parse override
2026-03-23 23:10:29 -07:00
81b34421a9
Responded to comments
2026-03-19 14:15:49 -07:00
e9502ce7ed
Fix for gss token identification
2026-03-18 16:56:07 -07:00
a4a34410c7
Mech type update for ruby_smb
2026-03-18 11:18:28 -07:00
09bb0337d1
Merge pull request #20997 from Nayeraneru/OptTD
...
Introduce OptTimedelta
2026-03-17 18:41:42 -04:00
01d88791d2
Removed unnecessary code and module
2026-03-18 00:14:15 +02:00
143071ab36
Refactor duplicate code
2026-03-16 19:59:46 -07:00
e0a4b969ae
Add support for simplified single target relaying (smbclient)
2026-03-16 19:42:17 -07:00
b3aa45fb09
Land #20719 , adds module for authenticated command injection in FreePBX filestore (CVE-2025-64328)
...
Add authenticated RCE module for FreePBX filestore (CVE-2025-64328)
2026-03-13 11:00:43 +01:00
c882d91155
Merge pull request #21025 from Hemang360/cookie-jar-doc-fix
...
Fix HttpCookie integer conversion and cookie jar docs
2026-03-13 00:08:13 +00:00
16b55848b4
Fix: Remove duplicate Content-Type header from FreePBX requests
...
send_request_cgi already sets Content-Type when vars_post is used.
Setting it manually in headers causes a duplicate header.
2026-03-11 20:09:52 +01:00
2b0f1c3c21
Fix: Omit default port from Referer header in FreePBX mixin
...
FreePBX rejects ajax requests when the Referer includes :80 for HTTP
or :443 for HTTPS. Only include the port when it differs from the
protocol default.
2026-03-11 20:06:08 +01:00
c42e44e349
Optimize FreePBX module: cache auth/version, reduce verbosity, inline single-use functions
2026-03-11 19:43:29 +01:00
c266e687c2
Add authenticated RCE module for FreePBX filestore (CVE-2025-64328)
2026-03-11 19:43:28 +01:00
31665e1b88
Land #20730 , Allow toggling the SACL in LDAP queries
...
# Release Notes
This update modifies the ldap_query module to skip querying the SACL (System Access Control List) on security descriptors by default. This behavior is now controlled by a new option, LDAP::QuerySacl. This change is necessary when using a non-privileged user to query security descriptors via LDAP; otherwise, querying the SACL will cause the entire query to be blocked, resulting in no security descriptors being returned.
2026-03-11 16:36:35 +01:00
e6ee6a7c94
Land #20961 , adds service reporting to Wordpress mixin
...
Update Wordpress Mixin to log services
2026-03-10 09:05:05 +01:00
c6aabc1c75
Land #21001 , adds module for SPIP Saisies plugin (CVE-2025-71243)
...
Add SPIP Saisies plugin RCE module (CVE-2025-71243)
2026-03-09 10:34:52 +01:00
628275ef59
Revert "This adjusts module options that need a routable address"
2026-03-08 17:37:49 +00:00
7ff46b818f
Fix a missing argument in #report_icertpassage_service
2026-03-05 09:37:29 -05:00
7420d21f12
Report the full service chains
2026-03-04 13:34:23 -05:00
0faa0bd36b
Add the #ldap_client_ssl alias
2026-03-04 13:15:33 -05:00
c5b9157c61
Update MsIcpr service reporting too
2026-03-03 09:38:23 -05:00
3addd472a7
Report the LDAP service
2026-03-03 09:38:23 -05:00
821e3c28f1
Replace old patterns with srvhost_addr
2026-03-03 09:37:27 -05:00
3f2a07bdca
Update #make_steal_credentials_payload to just take url
2026-03-03 09:37:27 -05:00
1b528c78f0
Swap usages to #bindhost and #srvhost_addr
2026-03-03 09:37:26 -05:00
83a82ed043
Remove the extra argument
2026-03-03 09:37:26 -05:00
9df6879a95
Update modules to use srvhost method
2026-03-03 09:37:25 -05:00
Spencer McIntyre